2021 Year in Review: Using Notable Vulnerabilities from this Year to Improve your Future Vulnerability Discovery and Remediation Efforts

Webinar Registration

Vulnerabilities in operating systems and applications have been around figuratively forever. Plenty of cyberattacks have occurred that took advantage of zero-day exploits and long-standing known vulnerabilities alike for years. But this year, it feels like threat actors and cybercriminal gangs have stepped up their “let’s attack via a vulnerability” game, with plenty of notable attacks that began with the bad guys taking advantage of these weaknesses.

Some of the most pervasive vulnerabilities utilized in 2021 include:

ProxyShell – Comprised of three separate Exchange Server vulnerabilities that enable bypassing access control, establishing privilege elevation, and executing code remotely.
ProxyLogon - Allows a hacker to impersonate an authorized administrator, bypassing the usual authentication process, and execute arbitrary server commands.
PrintNightmare – A vulnerability affecting nearly every Windows server which included both remote code execution and elevation of privilege.

In many attacks this year, vulnerabilities like these are well-documented and have existed for months. And yet, organizations haven’t taken steps to properly discover, identify, and remediate these obvious points of exposure.

So, how can you minimize the risk vulnerabilities like these present to your organization and address them quickly to ensure the most secure environment as we move into 2022?

In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia takes my seat, and will first cover:

A brief history of 2021’s most notable vulnerability-based cyberattacks
A look at average timelines between vulnerability discovery, to documentation, to patch availability, to implementation
What steps you can take in 2022 to reduce the risk that will be introduced by new vulnerabilities

Nick will then be joined by Bob Rudis - Chief Security Data Scientist at Rapid7, and Rob Webb, CISSP, Senior Security Solutions Engineer at Rapid7. Bob will discuss some specific CVEs, how attackers use them, and how research can be used to identify and highlight vulnerabilities that need addressing. Rob will show how vulnerability assessments can be used as part of a vulnerability management program to discover, visualize, and prioritize found vulnerabilities in your environment, as well as how to create remediation workflows and provide solution-centric guidance to the owners of the impacted assets on which those vulnerabilities live.

This real training for free event will be jam packed with technical detail and real-world application. Register today!

First Name:	Required
Last Name:	Required
Work Email:	Required Invalid email address
Phone:	Required
Job Title:	Required
Organization:	Required
Country:	Required
State:	Required
	Your information will be shared with the sponsor. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor. Tweet

Upcoming Webinars

Anatomy of a Cloud Hack: The Cloudflare/Okta Compromise – A Story of Tokens, Lateral Movement, Persistence and the Salvation of Zero Trust and Hard MFA Tokens

Additional Resources

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.