Just after the Joomla project released their latest update of Joomla CMS to fix two critical security flaws, attackers had already started looking for unpatched systems and then launched mass scans shortly thereafter. Tim Erlin, Senior Director of IT Security and Risk Strategy for Tripwire commented below.
Tim Erlin, Senior Director of IT Security and Risk Strategy at Tripwire:
“Attackers and criminals have the ability to scan large sections of the Internet for a specific vulnerability with relative ease these days. The threat of these mass scans should factor into how organizations address newly published vulnerabilities. Systems that are accessible from the Internet are of particular concern. While it’s tempting to mobilize around newly published vulnerabilities like these as the highest priority, the majority of serious breaches still start with known, published vulnerabilities for which a patch exists and misconfigurations. Organizations should avoid being distracted by headlines and rely on their risk prioritization strategies for determining what to fix first.”