Skip to main content

Report shows the threat of supply chain vulnerabilities from third-party products

Web Hosting & Remote IT Support
  • CyCognito report shows the risks posed by supply chain vulnerabilities
  • Third-party products are putting businesses at risk with undetected vulnerabilities
  • Web servers, cryptographic protocols, and web interfaces suffer the most

Critical vulnerabilities often go unnoticed in many digital systems, exposing businesses to significant security risks, new research has claimed.

With organizations increasingly reliant on third-party software and complex supply chains, cyber threats are no longer confined to internal assets alone, as many of the most dangerous vulnerabilities come from external sources.

The 2024 State of External Exposure Management Report from CyCognito provides an analysis of the risks organizations face today, particularly around web servers, cryptographic protocols, and PII-handling web interfaces.

Supply chain risk remains a growing concern

Third-party vendors play a crucial role in the operations of many companies, providing essential hardware and software. However, their involvement may introduce significant risks, particularly concerning misconfigurations and vulnerabilities in the entire supply chain.

Many of the most severe vulnerabilities like MOVEit Transfer flaw, Apache Log4J, and Polyfill were revealed to have links to third-party software.

Web servers are consistently among the most vulnerable assets in an organization’s IT infrastructure. CyCognito’s findings reveal web server environments account for one in three (34%) of all severe issues across surveyed assets. Platforms such as Apache, NGINX, Microsoft IIS, and Google Web Server are at the center of these concerns, hosting more severe issues than 54 other environments combined.

Beyond web servers, vulnerabilities in cryptographic protocols like TLS (Transport Layer Security) and HTTPS are also driving concern. The report indicates that 15% of all severe issues on the attack surface affect platforms using TLS or HTTPS protocols. Web applications that lack proper encryption are especially at risk, ranking #2 on the OWASP Top 10 list of security risks.

CyCognito's report also hightlighted the insufficiency of Web Application Firewall (WAF) protections, especially for web interfaces handling personally identifiable information (PII).

The report shows only half of surveyed web interfaces that process PII were protected by a WAF, leaving sensitive information vulnerable to attacks. Even more concerning is the fact that 60% of the interfaces that expose PII also lack WAF protection.

Unfortunately, outdated approaches to vulnerability management often leaves assets exposed, amplifying the risks. Organizations must adopt a more proactive and comprehensive approach to managing external exposures.

You might also like



via Hosting & Support
Labels:

Comments

Post a Comment

Web Hosting
Remote IT Support
Sites & Socials
Computing Handbook - $9.95

Popular posts from this blog

Microsoft, Google, and Meta have borrowed EV tech for the next big thing in data centers: 1MW watercooled racks

Web Hosting & Remote IT Support Liquid cooling isn't optional anymore, it's the only way to survive AI's thermal onslaught The jump to 400VDC borrows heavily from electric vehicle supply chains and design logic Google’s TPU supercomputers now run at gigawatt scale with 99.999% uptime As demand for artificial intelligence workloads intensifies, the physical infrastructure of data centers is undergoing rapid and radical transformation. The likes of Google, Microsoft, and Meta are now drawing on technologies initially developed for electric vehicles (EVs), particularly 400VDC systems, to address the dual challenges of high-density power delivery and thermal management. The emerging vision is of data center racks capable of delivering up to 1 megawatt of power, paired with liquid cooling systems engineered to manage the resulting heat. Borrowing EV technology for data center evolution The shift to 400VDC power distribution marks a decisive break from legacy sy...
Post a Comment
Read more

When might Captain America: Brave New World be available to stream on Disney Plus?

Web Hosting & Remote IT Support Captain America: Brave New World has landed in theaters worldwide and I bet you're already wondering when it might debut on Disney Plus . Indeed, Marvel's latest movie has just taken flight in cinemas as of today (February 14), but, if you're not planning to watch it on the biggest screen possible, you'll want to know when it could come to Disney's primary streaming service. Right now, I can't tell you when it'll be released on one of the world's best streaming services . However, I can use some of its predecessors' Disney Plus launch dates to predict its arrival. Before you continue scrolling, though, read my Captain America: Brave New World review to see if it's worth watching, plus my Captain America: Brave New World hub and Captain America 4 cast and character guide for details on its cast, story, trailers, and more. When do we think Captain America 4 will debut on Disney Plus? You won...
Post a Comment
Read more