CyCognito Report Exposes Rising Software Supply Chain Threats
CyCognito Report Exposes Rising Software Supply Chain Threats
To create this report, CyCognito's research team aggregated and analyzed over 39 million anonymized and normalized data points from its global customer base of small, medium, and large Fortune 500 companies. Key findings:Findings reveal escalating risks in the software supply chain, highlighting vulnerabilities in web servers, cryptographic protocols, and web interfaces that handle PII
調查發現,軟件供應鏈存在不斷升級的風險,突出顯示處理個人身份信息(PII)的網絡服務器、加密協議和網頁界面的漏洞
PALO ALTO, Calif., Sept. 18, 2024 /PRNewswire/ -- CyCognito today announced the release of its second annual "State of External Exposure Management 2024," providing critical insights into the threats targeting external assets and the software supply chain.
2024年9月18日加州帕洛阿爾託(PALO ALTO,Calif.)/美通社/——CyCognito今日宣佈發佈其第二屆"2024年外部暴露管理狀況"報告,提供對針對外部資產和軟件供應鏈的威脅的關鍵見解
Gartner reports that 60 percent of organizations work with over 1,000 third parties, many of which supply misconfigured or vulnerable hardware and software, putting customers at risk. High-profile vulnerabilities like MOVEit Transfer, Apache Log4J, and Polyfill underscore these risks—a concern further emphasized by CyCognito's report revealing that many vulnerabilities increasingly stem from third-party software.
Gartner報告稱,60% 的組織與超過1,000個第三方合作,其中許多提供配置不正確或易受攻擊的硬件和軟件,使客戶面臨風險。MOVEit Transfer、阿帕奇石油Log4J和Polyfill等備受矚目的漏洞突顯了這些風險—CyCognito的報告進一步強調了第三方軟件日益帶來的許多漏洞問題
To create this report, CyCognito's research team aggregated and analyzed over 39 million anonymized and normalized data points from its global customer base of small, medium, and large Fortune 500 companies. Key findings:
爲了編制此報告,CyCognito的研究團隊彙總並分析了來自其全球客戶群體(涵蓋中小型和大型財富500強公司)的超過3900萬條匿名化和規範化數據點。主要發現:
- Web Servers Dominate Severe Issues: Web server environments, including platforms like Apache, NGINX, Microsoft IIS, and Google Web Server, were the host of one in three (34%) of all severe issues across surveyed assets. They accounted for more severe issues than 54 other environments combined (out of 60 total environments surveyed).
- Impact of TLS and HTTPS Protocol Vulnerabilities: 15% of all severe issues on the attack surface affect platforms using TLS or HTTPS protocols. TLS issues are significant for all network-delivered data, but web apps especially so; web apps lacking encryption are currently ranked #2 of the OWASP Top 10.
- Insufficient WAF Protection for PII-Handling Web Interfaces: Only half of surveyed web interfaces that handle personally identifiable information (PII) were protected by a WAF.
- Web Interfaces Lacking HTTPS and WAF Leave PII Exposed: Despite HTTPS celebrating its 30th birthday this year, almost one in three (31%) of surveyed web interfaces failed to implement it. More than 60% of these interfaces that expose PII also lack a WAF.
- 網頁服務器主導嚴重問題:包括阿帕奇石油、NGINX、Microsoft IIS和Google Web Server等平台在內的網絡服務器環境,佔所有受調查資產中三分之一(34%)的嚴重問題。它們導致的嚴重問題比其他54個環境的嚴重問題總和還要多(60個調查總環境中)
- TLS和HTTPS協議漏洞的影響:攻擊面上所有嚴重問題中,有15% 影響使用TLS或HTTPS協議的平台。TLS問題對於所有通過網絡傳輸的數據都至關重要,但特別適用於Web應用程序;缺乏加密的Web應用目前在OWASP十大中排名第二
- 處理個人身份信息(PII)的網絡界面缺乏足夠的Web應用防火牆(WAF)保護:只有半數的受調查網絡界面中處理PII的網頁受到WAF的保護
- 缺乏HTTPS和WAF的網絡界面暴露了個人身份信息(PII):儘管HTTPS今年慶祝其30歲生日,但近三分之一(31%)的受調查網絡界面未實施HTTPS。其中超過60%暴露PII的界面也缺乏WAF
To download the full report, please visit this link.
要下載完整報告,請訪問此鏈接。
About CyCognito
關於CyCognito
CyCognito is an exposure management platform that reduces risk by discovering, testing and prioritizing security issues. The platform scans billions of websites, cloud applications and APIs and uses advanced AI to identify the most critical risks and guide remediation. Emerging companies, government agencies and Fortune 500 organizations rely on CyCognito to secure and protect from growing threats. For more information, visit
CyCognito是一個曝光管理平台,通過發現、測試和優先處理安全問題來減少風險。該平台可以掃描數十億個網站、雲應用和API,並利用先進的人工智能技術識別出最關鍵的風險並指導處理。新興公司、政府機構和財富500強企業都依靠CyCognito來確保安全並防範不斷增長的威脅。欲了解更多信息,請訪問
SOURCE CyCognito
來源:CyCognito
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
想要您公司的新聞在PRNEWSWIRE.COM上特色呈現嗎?
譯文內容由第三人軟體翻譯。