Monday, March 1, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

WordPress and Apache Struts account for 55% of all weaponized vulnerabilities

March 18, 2020
in Internet Security
WordPress plugin flaw lets you take over entire sites
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image: RiskSense

A study that analyzed all the vulnerability disclosures between 2010 and 2019 found that around 55% of all the security bugs that have been weaponized and exploited in the wild were for two major application frameworks, namely WordPress and Apache Struts.

The Drupal content management system ranked third, followed by Ruby on Rails and Laravel, according to a report published this week by risk analysis firm RiskSense.

You might also like

These four new hacking groups are targeting critical infrastructure, warns security company

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

In terms of programming languages, vulnerabilities in PHP and Java apps were the most weaponized bugs of the last decade.

Keep an eye on Node.js and Django

The least were bugs in JavaScript and Python, but RiskSense anticipates that this will change in the coming years as both languages have now become widely & wildly popular, and their adoption has now skyrocketed.

More specifically, users and security firms should keep an eye on Node.js and Django, the two most popular application frameworks for the JavaScript and Python ecosystems, respectively.

“Node.js had a notably higher number of vulnerabilities than other JavaScript frameworks with 56 vulnerabilities, although only one has been weaponized to date,” RiskSense said.

“Likewise, Django had 66 vulnerabilities with only one weaponized.

“While weaponization remains low, the large number of vulnerabilities in these frameworks leaves them open for the potential for risk,” RiskSense said, anticipating that hackers will turn their gaze to the new rising stars of the programming world and look into weaponizing older bugs in attempts to compromise today’s JavaScript and Python applications.

And in tune with programming trends for the last decade, RiskSense also noted that Perl and Ruby, programming languages that were popular at the start of the 2010s, have now seen fewer and fewer weaponized exploits as the decade ended, and as programmers moved to JavaScript and Python.

Injection vulnerabilities are the most sought after

But RiskSense researchers didn’t only look at what application bugs were getting weaponized. They also looked at the vulnerability types.

Per the research team, while cross-site scripting (XSS) bugs were the most common security bugs disclosed in the 2010s, they were not the most weaponized ones.

That title goes to “injection-based” vulnerabilities, which can be abused to allow hackers to inject and run their own commands in the context of the victim’s app or OS.

“Vulnerabilities tied to SQL injection, code injections, and various command injections remained fairly rare, but had some of the highest weaponization rates, often over 50%,” the RiskSense team said.

“In fact, the top 3 weaknesses by weaponization rate were Command Injection (60% weaponized), OS Command Injection (50% weaponized), and Code Injection (39% weaponized),” researchers added.

Readers interested in learning more about vulnerability weaponization trends for the last decade can find out more in RiskSense’s 22-page report, titled “Cracks in the Foundation: Web and Application Framework Vulnerabilities.”

Credit: Zdnet

Previous Post

Researchers Encouraged to Use Artificial Intelligence to Analyze Coronavirus

Next Post

Facebook, YouTube, and Twitter warn that AI systems could make mistakes

Related Posts

These four new hacking groups are targeting critical infrastructure, warns security company
Internet Security

These four new hacking groups are targeting critical infrastructure, warns security company

February 28, 2021
Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill
Internet Security

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

February 28, 2021
TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit
Internet Security

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

February 28, 2021
Cybercrime groups are selling their hacking skills. Some countries are buying
Internet Security

Cybercrime groups are selling their hacking skills. Some countries are buying

February 28, 2021
Why would you ever trust Amazon’s Alexa after this?
Internet Security

Why would you ever trust Amazon’s Alexa after this?

February 28, 2021
Next Post
Facebook, YouTube, and Twitter warn that AI systems could make mistakes

Facebook, YouTube, and Twitter warn that AI systems could make mistakes

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

The Bayesian vs frequentist approaches: implications for machine learning – Part two
Data Science

The Bayesian vs frequentist approaches: implications for machine learning – Part two

March 1, 2021
Google’s deep learning finds a critical path in AI chips
Machine Learning

Google’s deep learning finds a critical path in AI chips

March 1, 2021
9 Tips to Effectively Manage and Analyze Big Data in eLearning
Data Science

9 Tips to Effectively Manage and Analyze Big Data in eLearning

March 1, 2021
Machine Learning & Big Data Analytics Education Market 2021 Global Industry Size, Reviews, Segments, Revenue, and Forecast to 2027 – NeighborWebSJ
Machine Learning

Machine Learning & Big Data Analytics Education Market 2021 Global Industry Size, Reviews, Segments, Revenue, and Forecast to 2027 – NeighborWebSJ

March 1, 2021
The Future of AI in Insurance
Data Science

The Future of AI in Insurance

March 1, 2021
Machine Learning as a Service (MLaaS) Market Analysis Technological Innovation by Leading Industry Experts and Forecast to 2028 – The Daily Chronicle
Machine Learning

Machine Learning as a Service (MLaaS) Market Global Sales, Revenue, Price and Gross Margin Forecast To 2028 – The Bisouv Network

March 1, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • The Bayesian vs frequentist approaches: implications for machine learning – Part two March 1, 2021
  • Google’s deep learning finds a critical path in AI chips March 1, 2021
  • 9 Tips to Effectively Manage and Analyze Big Data in eLearning March 1, 2021
  • Machine Learning & Big Data Analytics Education Market 2021 Global Industry Size, Reviews, Segments, Revenue, and Forecast to 2027 – NeighborWebSJ March 1, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates