2021 Year in Review: Using Notable Vulnerabilities from this Year to Improve your Future Vulnerability Discovery and Remediation Efforts

Webinar Registration

Vulnerabilities in operating systems and applications have been around figuratively forever. Plenty of cyberattacks have occurred that took advantage of zero-day exploits and long-standing known vulnerabilities alike for years. But this year, it feels like threat actors and cybercriminal gangs have stepped up their “let’s attack via a vulnerability” game, with plenty of notable attacks that began with the bad guys taking advantage of these weaknesses.

Some of the most pervasive vulnerabilities utilized in 2021 include:

  • ProxyShell – Comprised of three separate Exchange Server vulnerabilities that enable bypassing access control, establishing privilege elevation, and executing code remotely.
  • ProxyLogon - Allows a hacker to impersonate an authorized administrator, bypassing the usual authentication process, and execute arbitrary server commands.
  • PrintNightmare – A vulnerability affecting nearly every Windows server which included both remote code execution and elevation of privilege.

In many attacks this year, vulnerabilities like these are well-documented and have existed for months. And yet, organizations haven’t taken steps to properly discover, identify, and remediate these obvious points of exposure.

So, how can you minimize the risk vulnerabilities like these present to your organization and address them quickly to ensure the most secure environment as we move into 2022?

In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia takes my seat, and will first cover:

  • A brief history of 2021’s most notable vulnerability-based cyberattacks
  • A look at average timelines between vulnerability discovery, to documentation, to patch availability, to implementation
  • What steps you can take in 2022 to reduce the risk that will be introduced by new vulnerabilities

Nick will then be joined by Bob RudisChief Security Data Scientist at Rapid7, and Rob Webb, CISSP, Senior Security Solutions Engineer at Rapid7. Bob will discuss some specific CVEs, how attackers use them, and how research can be used to identify and highlight vulnerabilities that need addressing. Rob will show how vulnerability assessments can be used as part of a vulnerability management program to discover, visualize, and prioritize found vulnerabilities in your environment, as well as how to create remediation workflows and provide solution-centric guidance to the owners of the impacted assets on which those vulnerabilities live.

This real training for free event will be jam packed with technical detail and real-world application. Register today!

First Name:   
Last Name:   
Work Email:  
Phone:  
Job Title:  
Organization:  
Country:    
State:  
 

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us.

 

 

Additional Resources