Here is a list of  top vulnerabilities found since 2015, which I am still working on to compile them together. It will come from different sources and includes those which I believe it is worth taking a note here.

2018

  1. Jan 3,  Spectre and Meltdown vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
  2. Jan 29,  Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability
  3. Mach 20, Facebook’s privacy scandal – The Guardian revealed that the personal data of 50 million Facebook profiles was illegally harvested by Cambridge Analytica.


2017

  • Feb 17, CloudBleed – Google vulnerability researcher Tavis Ormandy discovered a bug in the internet infrastructure company Cloudflare‘s platform caused random leakage of potentially sensitive customer data.
  • March 7, Wikileaks CIA Vault 7 – WikiLeaks published a data trove containing 8,761 documents allegedly stolen from the CIA that contained extensive documentation of alleged spying operations and hacking tools.
  • April, Shadow Brokers (A hacking group, stole NSA data) / EternalBlue (Released by Shadow Brokers, which alleged NSA tool)
  • May 12 , WannaCry – Ransomware :WannaCry searches for and encrypts 176 different file

    types and appends .WCRY to the end of the file name. It asks users to pay a US$300 ransom in

    bitcoins. The ransom note indicates that the payment amount will be doubled after three days. If payment is not made after seven days it claims the encrypted files will be deleted. 

  • June, Petya / NotPetya / Nyetya / Goldeneya – Ransomware , which is more advanced than WannaCry. Hit Ukraninian infrastructure hard.It spreads rapidly across an organization once a computer is infected using the EternalBlue vulnerability in Microsoft Windows
  • Sep 7, Apache Struts : Equifax data breach was confirmed to be a vulnerability in Apache Struts. The security flaw (CVE-2017-5638), which was patched last March, allowed attackers to gain unauthorized access to data via remote code execution.
  • Oct 3, 3 billion Yahoo user accounts were hacked by 2013 security breach, which make yahoo tops the list of largest ever data breaches
  • Oct 16, Krack : Key Reinstallation Attack (KRACK) is a proof of concept that exploits vulnerabilities in the Wi-Fi Protected Access 2 (WPA2) protocol.
  • Nov 28, Major macOS High Sierra Bug Allows Full Admin Access Without Password

Here is another good review for 2017 security threats from youtube video  2017 Security Threats | Year in Review | WEBINAR. I have watched it and made some notes in the following points:

  • Q1. The Botnet Menace , Zeus and Conflicker, Mirai (IoT) and Pushdo (SpamBots)
  • Q2. WannaCry, Locky, H-Worm (Houdini Worm)
  • Q3. SMB, Petya (Ransomware)
  • Q4. AAEH New Hope, Apache Struts Remote Code Execution, Necurs Botnets, H-Worm

2016

2015

2014

References:

By Jon

Leave a Reply