Old information security holes are still targets of hackers

The Department of Information Security (Ministry of Information and Communications) said that from August 19 to August 25, at least 993 vulnerabilities were announced and updated by international organizations. Of these, at least 114 vulnerabilities allow code injection and execution.

The Department also specifically noted to agencies and organizations about 10 information security vulnerabilities that have a serious impact or are being exploited by attack groups in the real environment, and 3 vulnerabilities that are affecting products of FreeBSD, Ivanti and Microsoft.

In July 2024, the National Cyber Security Monitoring Center - NCSC recorded nearly 36,500 weaknesses and security vulnerabilities in servers and information systems of agencies and organizations. In addition, more than 1,600 vulnerabilities in 5,000 open systems on the Internet were discovered. At the same time, 12 newly announced vulnerabilities have a serious impact and can be exploited to attack systems in our country.

According to Viettel Cyber Security, the number of vulnerabilities discovered worldwide in the first half of 2024 increased by 42% compared to the same period in 2023, of which the number of high-impact and severe vulnerabilities accounted for 51%.

In addition to exploiting new information security vulnerabilities, attack groups still take advantage of previously discovered vulnerabilities to penetrate the information systems of units.

In fact, the Department of Information Security as well as units in the field of network information security have regularly issued warnings and reminders about the risk of cyber attacks from vulnerabilities. However, many units have not really paid attention to promptly checking and patching vulnerabilities, minimizing the risk of system attacks.

In 2024, one of the six core orientations on network information security recommended by the Information Security Department is to prioritize addressing potential risks that exist in information systems.

Units need to monitor and update patches for vulnerabilities related to technology products in use; at the same time, proactively update information about network security risks at the national cyberspace portal khonggianmang.vn.