Skip to main content
  1. Home
  2. Computing
  3. News

Hackers now exploit new vulnerabilities in just 15 minutes

By

Hackers are now ​​moving faster than ever when it comes to scanning vulnerability announcements from software vendors.

Threat actors are actively scanning for vulnerable endpoints within a period of just 15 minutes once a new Common Vulnerabilities and Exposures (CVE) document is published, according to Palo Alto’s 2022 Unit 42 Incident Response Report.

A depiction of a hacker breaking into a system via the use of code.
Getty Images

As reported by Bleeping Computer, the report stresses how hackers are always scanning software vendor bulletin boards, which is where vulnerability announcements are disclosed in the form of CVEs.

Recommended Videos

From here, these threat actors can potentially exploit these details in order to infiltrate a corporate network. It also gives them an opportunity to distribute malicious code remotely.

Related

“The 2022 Attack Surface Management Threat Report found that attackers typically start scanning for vulnerabilities within 15 minutes of a CVE being announced,” the blog post from Palo Alto’s Unit 42 states.

With hackers becoming more dangerous than ever in recent years, it can take them mere minutes to find a weak point in their target’s system. This is naturally made much easier if they’re aided by a report detailing what exactly can be exploited.

Simply put, system administrators will basically have to expedite their process in addressing the security defects and patch them before the hackers manage to find a way in.

Bleeping Computer highlights how scanning doesn’t require a threat actor to have much experience in the activity to be effective. In fact, anyone with a rudimentary understanding of scanning CVEs can perform a search on the web for any publicly disclosed vulnerable endpoints.

They can then offer such information on dark web markets for a fee, which is when hackers who actually know what they’re doing can buy them.

A large monitor displaying a security hacking breach warning.
Stock Depot / Getty Images

Case in point: Unit 42’s report mentioned CVE-2022-1388, a critical unauthenticated remote command execution vulnerability that was affecting F5 BIG-IP products. After the defect was announced on May 4, 2022, a staggering 2,552 scanning and exploitation attempts were detected within just 10 hours of the initial disclosure.

During the first half of 2022, 55% of exploited vulnerabilities in Unit 42 cases are attributed to ProxyShell, followed by Log4Shell (14%), SonicWall CVEs (7%), and ProxyLogon (5%).

Activity involving hackers, malware, and threat actors in general has evolved at an aggressive rate in recent months. For example, individuals and groups have found a way to plant malicious code onto motherboards that is extremely difficult to remove. Even the Microsoft Calculator app isn’t safe from exploitation.

This worrying state of affairs in the cyber security space has prompted Microsoft to launch a new initiative with its Security Experts program.

Editors’ Recommendations

Topics
Zak Islam
Zak Islam
Former Digital Trends Contributor
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Bing Chat’s ads are sending users to dangerous malware sites
Bing Chat shown on a laptop.

Since it launched, Microsoft’s Bing Chat has been generating headlines left, right, and center -- and not all of them have been positive. Now, there’s a new headache for the artificial intelligence (AI) chatbot, as it’s been found it has a tendency to send you to malware websites that can infect your PC.

The discovery was made by antivirus firm Malwarebytes, which discussed the incident in a blog post. According to the company, Bing Chat is displaying malware advertisements that send users to malicious websites instead of filtering them out.

Read more
Update your Apple devices now to fix these dangerous exploits
A person using a laptop with a set of code seen on the display.

If you’re an Apple user -- whether you have a Mac, an iPhone, an iPad, or an Apple Watch -- you need to update your devices as soon as possible. That’s because Apple has discovered three actively exploited vulnerabilities that could cause your devices serious harm, and the patches are already out to fix them.

One of the bugs was found in Apple’s Security framework and would allow a malicious app to completely bypass a device’s signature validation. Another bug concerns the WebKit browser engine and could grant a threat actor the ability to run arbitrary code when a victim views a certain web page.

Read more
This massive exploit lets hackers breach apps like Chrome, 1Password, and Telegram
A dark mystery hand typing on a laptop computer at night.

A massive security bug has just been discovered that affects WebP images used in untold numbers of websites and apps, and it could potentially let hackers break into your computer and extract data from it. In fact, Google has already seen it being actively exploited in the wild. Because of that, it’s essential that you patch your computer as soon as possible.

The discovery has been detailed by researcher Alex Ivanovs, who wrote about the bug in a blog post. Right now, it seems to affect almost all of the best web browsers, including Chrome, Firefox, Edge, and Brave. WebP images are used all over the web, meaning huge numbers of sites and apps could be affected.

Read more