www.securin.io
Open in
urlscan Pro
18.172.112.3
Public Scan
Submitted URL: https://cybersecurityworks.com/blog/cyber-risk/could-googles-most-searched-top-10-vulnerabilities-in-2020-be-key-attack-indicat...
Effective URL: https://www.securin.io/articles/could-googles-most-searched-top-10-vulnerabilities-in-2020-be-key-attack-indicators/
Submission: On October 07 via api from IN — Scanned from DE
Effective URL: https://www.securin.io/articles/could-googles-most-searched-top-10-vulnerabilities-in-2020-be-key-attack-indicators/
Submission: On October 07 via api from IN — Scanned from DE
Form analysis 6 forms found in the DOM
<form>
<fieldset>
<legend class="visuallyhidden">Consent Selection</legend>
<div id="CybotCookiebotDialogBodyFieldsetInnerContainer">
<div class="CybotCookiebotDialogBodyLevelButtonWrapper"><label class="CybotCookiebotDialogBodyLevelButtonLabel" for="CybotCookiebotDialogBodyLevelButtonNecessary"><strong
class="CybotCookiebotDialogBodyLevelButtonDescription">Necessary</strong></label>
<div class="CybotCookiebotDialogBodyLevelButtonSliderWrapper CybotCookiebotDialogBodyLevelButtonSliderWrapperDisabled"><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonNecessary"
class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelButtonDisabled" disabled="disabled" checked="checked"> <span class="CybotCookiebotDialogBodyLevelButtonSlider"></span></div>
</div>
<div class="CybotCookiebotDialogBodyLevelButtonWrapper"><label class="CybotCookiebotDialogBodyLevelButtonLabel" for="CybotCookiebotDialogBodyLevelButtonPreferences"><strong
class="CybotCookiebotDialogBodyLevelButtonDescription">Preferences</strong></label>
<div class="CybotCookiebotDialogBodyLevelButtonSliderWrapper"><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonPreferences" class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelConsentCheckbox"
data-target="CybotCookiebotDialogBodyLevelButtonPreferencesInline" checked="checked" tabindex="0"> <span class="CybotCookiebotDialogBodyLevelButtonSlider"></span></div>
</div>
<div class="CybotCookiebotDialogBodyLevelButtonWrapper"><label class="CybotCookiebotDialogBodyLevelButtonLabel" for="CybotCookiebotDialogBodyLevelButtonStatistics"><strong
class="CybotCookiebotDialogBodyLevelButtonDescription">Statistics</strong></label>
<div class="CybotCookiebotDialogBodyLevelButtonSliderWrapper"><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonStatistics" class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelConsentCheckbox"
data-target="CybotCookiebotDialogBodyLevelButtonStatisticsInline" checked="checked" tabindex="0"> <span class="CybotCookiebotDialogBodyLevelButtonSlider"></span></div>
</div>
<div class="CybotCookiebotDialogBodyLevelButtonWrapper"><label class="CybotCookiebotDialogBodyLevelButtonLabel" for="CybotCookiebotDialogBodyLevelButtonMarketing"><strong
class="CybotCookiebotDialogBodyLevelButtonDescription">Marketing</strong></label>
<div class="CybotCookiebotDialogBodyLevelButtonSliderWrapper"><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonMarketing" class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelConsentCheckbox"
data-target="CybotCookiebotDialogBodyLevelButtonMarketingInline" checked="checked" tabindex="0"> <span class="CybotCookiebotDialogBodyLevelButtonSlider"></span></div>
</div>
</div>
</fieldset>
</form><form><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonNecessaryInline" class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelButtonDisabled" disabled="disabled" checked="checked"> <span
class="CybotCookiebotDialogBodyLevelButtonSlider"></span></form><form><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonPreferencesInline" class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelConsentCheckbox" data-target="CybotCookiebotDialogBodyLevelButtonPreferences"
checked="checked" tabindex="0"> <span class="CybotCookiebotDialogBodyLevelButtonSlider"></span></form><form><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonStatisticsInline" class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelConsentCheckbox" data-target="CybotCookiebotDialogBodyLevelButtonStatistics"
checked="checked" tabindex="0"> <span class="CybotCookiebotDialogBodyLevelButtonSlider"></span></form><form><input type="checkbox" id="CybotCookiebotDialogBodyLevelButtonMarketingInline" class="CybotCookiebotDialogBodyLevelButton CybotCookiebotDialogBodyLevelConsentCheckbox" data-target="CybotCookiebotDialogBodyLevelButtonMarketing" checked="checked"
tabindex="0"> <span class="CybotCookiebotDialogBodyLevelButtonSlider"></span></form><form class="CybotCookiebotDialogBodyLevelButtonSliderWrapper"><input type="checkbox" id="CybotCookiebotDialogBodyContentCheckboxPersonalInformation" class="CybotCookiebotDialogBodyLevelButton"> <span
class="CybotCookiebotDialogBodyLevelButtonSlider"></span></form>Text Content
* Consent
* Details
* [#IABV2SETTINGS#]
* About
THIS WEBSITE USES COOKIES
We use cookies to personalise content and ads, to provide social media features
and to analyze our traffic. We also share information about your use of our site
with our social media, advertising and analytics partners who may combine it
with other information that you’ve provided to them or that they’ve collected
from your use of their services.
Consent Selection
Necessary
Preferences
Statistics
Marketing
Show Details
* Necessary 38
Necessary cookies help make a website usable by enabling basic functions like
page navigation and access to secure areas of the website. The website cannot
function properly without these cookies.
* Airtable
6
Learn more about this provider
__Host-airtable-sessionContains a specific ID for the current session.
This is necessary for running the website correctly.
Maximum Storage Duration: 1 yearType: HTTP Cookie
__Host-airtable-session.sigContains a specific ID for the current session.
This is necessary for running the website correctly.
Maximum Storage Duration: 1 yearType: HTTP Cookie
AWSALBTGRegisters which server-cluster is serving the visitor. This is
used in context with load balancing, in order to optimize user experience.
Maximum Storage Duration: 7 daysType: HTTP Cookie
AWSALBTGCORSRegisters which server-cluster is serving the visitor. This is
used in context with load balancing, in order to optimize user experience.
Maximum Storage Duration: 7 daysType: HTTP Cookie
brwDetects and logs potential errors on third-party provided functions on
the website.
Maximum Storage Duration: 1 yearType: HTTP Cookie
login-status-pThis cookie is necessary for the login function on the
website.
Maximum Storage Duration: SessionType: HTTP Cookie
* Amazon
1
Learn more about this provider
cookies.jsDetermines whether the visitor has accepted the cookie consent
box. This ensures that the cookie consent box will not be presented again
upon re-entry.
Maximum Storage Duration: SessionType: HTTP Cookie
* Cookiebot
2
Learn more about this provider
1.gifUsed to count the number of sessions to the website, necessary for
optimizing CMP product delivery.
Maximum Storage Duration: SessionType: Pixel Tracker
CookieConsentStores the user's cookie consent state for the current domain
Maximum Storage Duration: 1 yearType: HTTP Cookie
* Google
1
Learn more about this provider
Some of the data collected by this provider is for the purposes of
personalization and measuring advertising effectiveness.
_GRECAPTCHAThis cookie is used to distinguish between humans and bots.
This is beneficial for the website, in order to make valid reports on the
use of their website.
Maximum Storage Duration: 180 daysType: HTTP Cookie
* Hubspot
5
Learn more about this provider
rc::aThis cookie is used to distinguish between humans and bots. This is
beneficial for the website, in order to make valid reports on the use of
their website.
Maximum Storage Duration: PersistentType: HTML Local Storage
rc::bThis cookie is used to distinguish between humans and bots.
Maximum Storage Duration: SessionType: HTML Local Storage
rc::cThis cookie is used to distinguish between humans and bots.
Maximum Storage Duration: SessionType: HTML Local Storage
rc::d-15#This cookie is used to distinguish between humans and bots.
Maximum Storage Duration: PersistentType: HTML Local Storage
rc::fThis cookie is used to distinguish between humans and bots.
Maximum Storage Duration: PersistentType: HTML Local Storage
* JazzHR
3
Learn more about this provider
AWSELBUsed to distribute traffic to the website on several servers in
order to optimise response times.
Maximum Storage Duration: SessionType: HTTP Cookie
AWSELBCORSRegisters which server-cluster is serving the visitor. This is
used in context with load balancing, in order to optimize user experience.
Maximum Storage Duration: 1 dayType: HTTP Cookie
SF_PHPSESSIDNecessary for third-party recruitment app.
Maximum Storage Duration: SessionType: HTTP Cookie
* New Relic
1
Learn more about this provider
JSESSIONIDPreserves users states across page requests.
Maximum Storage Duration: SessionType: HTTP Cookie
* Stripe
3
Learn more about this provider
__stripe_midThis cookie is necessary for making credit card transactions
on the website. The service is provided by Stripe.com which allows online
transactions without storing any credit card information.
Maximum Storage Duration: 1 yearType: HTTP Cookie
__stripe_sidThis cookie is necessary for making credit card transactions
on the website. The service is provided by Stripe.com which allows online
transactions without storing any credit card information.
Maximum Storage Duration: 1 dayType: HTTP Cookie
mDetermines the device used to access the website. This allows the website
to be formatted accordingly.
Maximum Storage Duration: 400 daysType: HTTP Cookie
* Zoho
1
Learn more about this provider
_zcsr_tmpThis cookie is necessary for the login function on the website.
Maximum Storage Duration: SessionType: HTTP Cookie
* hsforms.com
vimeo.com
zoominfo.com
9
__cf_bm [x5]This cookie is used to distinguish between humans and bots.
This is beneficial for the website, in order to make valid reports on the
use of their website.
Maximum Storage Duration: 1 dayType: HTTP Cookie
_cfuvid [x4]This cookie is a part of the services provided by Cloudflare -
Including load-balancing, deliverance of website content and serving DNS
connection for website operators.
Maximum Storage Duration: SessionType: HTTP Cookie
* m.stripe.com
3
Learn more about this provider
_abThis cookie is necessary for making credit card transactions on the
website. The service is provided by Stripe.com which allows online
transactions without storing any credit card information.
Maximum Storage Duration: SessionType: HTML Local Storage
_mfThis cookie is necessary for making credit card transactions on the
website. The service is provided by Stripe.com which allows online
transactions without storing any credit card information.
Maximum Storage Duration: SessionType: HTML Local Storage
idPending
Maximum Storage Duration: SessionType: HTML Local Storage
* pagesense-collect.zoho.in
1
zfccnEnsures visitor browsing-security by preventing cross-site request
forgery. This cookie is essential for the security of the website and
visitor.
Maximum Storage Duration: SessionType: HTTP Cookie
* www.securin.io
2
elementorUsed in context with the website's WordPress theme. The cookie
allows the website owner to implement or change the website's content in
real-time.
Maximum Storage Duration: PersistentType: HTML Local Storage
wpEmojiSettingsSupportsThis cookie is part of a bundle of cookies which
serve the purpose of content delivery and presentation. The cookies keep
the correct state of font, blog/picture sliders, color themes and other
website settings.
Maximum Storage Duration: SessionType: HTML Local Storage
* Preferences 3
Preference cookies enable a website to remember information that changes the
way the website behaves or looks, like your preferred language or the region
that you are in.
* Airtable
1
Learn more about this provider
internal/page_viewStores data entered with a form so that when you return
to the website you don't have to fill in the data again.
Maximum Storage Duration: SessionType: Pixel Tracker
* Amazon
1
Learn more about this provider
reduxPersistIndexMaintains website settings across multiple visits.
Maximum Storage Duration: 7 daysType: HTTP Cookie
* m.stripe.com
1
Learn more about this provider
1This cookie is used in conjunction with the payment window - The cookie
is necessary for making secure transactions on the website.
Maximum Storage Duration: SessionType: HTML Local Storage
* Statistics 21
Statistic cookies help website owners to understand how visitors interact
with websites by collecting and reporting information anonymously.
* Amazon
1
Learn more about this provider
reduxPersist%3AlocalStorageUsed to implement audio-content from Spotify on
the website. Can also be used to register user interaction and preferences
in context with audio-content - This can serve statistics and marketing
purposes.
Maximum Storage Duration: 7 daysType: HTTP Cookie
* Google
5
Learn more about this provider
Some of the data collected by this provider is for the purposes of
personalization and measuring advertising effectiveness.
collectUsed to send data to Google Analytics about the visitor's device
and behavior. Tracks the visitor across devices and marketing channels.
Maximum Storage Duration: SessionType: Pixel Tracker
_gaRegisters a unique ID that is used to generate statistical data on how
the visitor uses the website.
Maximum Storage Duration: 2 yearsType: HTTP Cookie
_ga_#Used by Google Analytics to collect data on the number of times a
user has visited the website as well as dates for the first and most
recent visit.
Maximum Storage Duration: 2 yearsType: HTTP Cookie
_gatUsed by Google Analytics to throttle request rate
Maximum Storage Duration: 1 dayType: HTTP Cookie
_gidRegisters a unique ID that is used to generate statistical data on how
the visitor uses the website.
Maximum Storage Duration: 1 dayType: HTTP Cookie
* Hubspot
4
Learn more about this provider
__hsscIdentifies if the cookie data needs to be updated in the visitor's
browser.
Maximum Storage Duration: 1 dayType: HTTP Cookie
__hssrcUsed to recognise the visitor's browser upon reentry on the
website.
Maximum Storage Duration: SessionType: HTTP Cookie
__hstcSets a unique ID for the session. This allows the website to obtain
data on visitor behaviour for statistical purposes.
Maximum Storage Duration: 180 daysType: HTTP Cookie
hubspotutkSets a unique ID for the session. This allows the website to
obtain data on visitor behaviour for statistical purposes.
Maximum Storage Duration: 180 daysType: HTTP Cookie
* Twitter Inc.
1
Learn more about this provider
personalization_idThis cookie is set by Twitter - The cookie allows the
visitor to share content from the website onto their Twitter profile.
Maximum Storage Duration: 400 daysType: HTTP Cookie
* Vimeo
1
Learn more about this provider
vuidCollects data on the user's visits to the website, such as which pages
have been read.
Maximum Storage Duration: 2 yearsType: HTTP Cookie
* Zoho
7
Learn more about this provider
zps-ft-detailsCollects data on the user’s navigation and behavior on the
website. This is used to compile statistical reports and heatmaps for the
website owner.
Maximum Storage Duration: PersistentType: HTML Local Storage
zps-ft-pghitType-detailsCollects data on the user’s navigation and
behavior on the website. This is used to compile statistical reports and
heatmaps for the website owner.
Maximum Storage Duration: PersistentType: HTML Local Storage
pslog.gifCollects statistics on the visitor's visits to the website, such
as the number of visits, average time spent on the website and what pages
have been read.
Maximum Storage Duration: SessionType: Pixel Tracker
zabHMBucketCollects data on the user’s navigation and behavior on the
website. This is used to compile statistical reports and heatmaps for the
website owner.
Maximum Storage Duration: 1 yearType: HTTP Cookie
zft-sdcCollects data on the user’s navigation and behavior on the website.
This is used to compile statistical reports and heatmaps for the website
owner.
Maximum Storage Duration: 1 dayType: HTTP Cookie
zsc#Registers data on visitors' website-behaviour. This is used for
internal analysis and website optimization.
Maximum Storage Duration: 1 dayType: HTTP Cookie
zabUserIdCollects data on the user’s navigation and behavior on the
website. This is used to compile statistical reports and heatmaps for the
website owner.
Maximum Storage Duration: 1 yearType: HTTP Cookie
* www.securin.io
2
ziwsSessionCollects statistics on the user's visits to the website, such
as the number of visits, average time spent on the website and what pages
have been read.
Maximum Storage Duration: SessionType: HTML Local Storage
ziwsSessionIdCollects statistics on the user's visits to the website, such
as the number of visits, average time spent on the website and what pages
have been read.
Maximum Storage Duration: SessionType: HTML Local Storage
* Marketing 7
Marketing cookies are used to track visitors across websites. The intention
is to display ads that are relevant and engaging for the individual user and
thereby more valuable for publishers and third party advertisers.
* Airtable
1
Learn more about this provider
i/adsctThe cookie is used by Twitter.com in order to determine the number
of visitors accessing the website through Twitter advertisement content.
Maximum Storage Duration: SessionType: Pixel Tracker
* Hubspot
1
Learn more about this provider
__ptq.gifSends data to the marketing platform Hubspot about the visitor's
device and behaviour. Tracks the visitor across devices and marketing
channels.
Maximum Storage Duration: SessionType: Pixel Tracker
* JazzHR
1
Learn more about this provider
external_referrer_urlRegisters how the user has reached the website to
enable pay-out of referral commission fees to partners.
Maximum Storage Duration: 1 dayType: HTTP Cookie
* Spotify
2
Learn more about this provider
anchor-website#keyvaluepairsUsed to implement audio-content from Spotify
on the website. Can also be used to register user interaction and
preferences in context with audio-content - This can serve statistics and
marketing purposes.
Maximum Storage Duration: PersistentType: IndexedDB
anchor-website#local-forage-detect-blob-supportUsed to implement
audio-content from Spotify on the website. Can also be used to register
user interaction and preferences in context with audio-content - This can
serve statistics and marketing purposes.
Maximum Storage Duration: PersistentType: IndexedDB
* Zoho
2
Learn more about this provider
psimg.gifRegisters a unique ID that identifies the user's device during
return visits. Used for conversion tracking and to measure the efficacy of
online ads.
Maximum Storage Duration: SessionType: Pixel Tracker
zps-tgr-dtsDetermines whether the user is assigned to a specific
content-experiment to optimize website content and advertisement efforts.
Maximum Storage Duration: 1 yearType: HTTP Cookie
* Unclassified 11
Unclassified cookies are cookies that we are in the process of classifying,
together with the providers of individual cookies.
* Airtable
1
Learn more about this provider
brwConsentPending
Maximum Storage Duration: 1 dayType: HTTP Cookie
* Amazon
2
Learn more about this provider
reduxPersist%3AtutorialPending
Maximum Storage Duration: 7 daysType: HTTP Cookie
sp_tPending
Maximum Storage Duration: SessionType: HTTP Cookie
* JazzHR
1
Learn more about this provider
internal_navigation_countPending
Maximum Storage Duration: 1 dayType: HTTP Cookie
* Spotify
4
Learn more about this provider
com.spotify.single.item.cache:anchor-public-websitePending
Maximum Storage Duration: PersistentType: HTML Local Storage
ES|s4p-hosted|INSTALLATION_IDPending
Maximum Storage Duration: PersistentType: HTML Local Storage
ES|s4p-hosted|STORAGE_IDPending
Maximum Storage Duration: PersistentType: HTML Local Storage
optimizely-vuidPending
Maximum Storage Duration: PersistentType: HTML Local Storage
* Zoho
1
Learn more about this provider
zalb_#Pending
Maximum Storage Duration: SessionType: HTTP Cookie
* js.zi-scripts.com
1
_zitokPending
Maximum Storage Duration: 1 yearType: HTTP Cookie
* www.securin.io
1
unifiedScriptVerifiedPending
Maximum Storage Duration: SessionType: HTML Local Storage
Cross-domain consent[#BULK_CONSENT_DOMAINS_COUNT#] [#BULK_CONSENT_TITLE#]
List of domains your consent applies to: [#BULK_CONSENT_DOMAINS#]
Cookie declaration last updated on 11.09.24 by Cookiebot
[#IABV2_TITLE#]
[#IABV2_BODY_INTRO#]
[#IABV2_BODY_LEGITIMATE_INTEREST_INTRO#]
[#IABV2_BODY_PREFERENCE_INTRO#]
[#IABV2_LABEL_PURPOSES#]
[#IABV2_BODY_PURPOSES_INTRO#]
[#IABV2_BODY_PURPOSES#]
[#IABV2_LABEL_FEATURES#]
[#IABV2_BODY_FEATURES_INTRO#]
[#IABV2_BODY_FEATURES#]
[#IABV2_LABEL_PARTNERS#]
[#IABV2_BODY_PARTNERS_INTRO#]
[#IABV2_BODY_PARTNERS#]
Cookies are small text files that can be used by websites to make a user's
experience more efficient.
The law states that we can store cookies on your device if they are strictly
necessary for the operation of this site. For all other types of cookies we need
your permission.
This site uses different types of cookies. Some cookies are placed by third
party services that appear on our pages.
You can at any time change or withdraw your consent from the Cookie Declaration
on our website.
Learn more about who we are, how you can contact us and how we process personal
data in our Privacy Policy.
Please state your consent ID and date when you contact us regarding your
consent.
Do not sell or share my personal information
Deny Allow Selection Customize
Allow All
Powered by Cookiebot by Usercentrics
* Products
* Attack Surface Management
* Vulnerability Intelligence
ATTACK SURFACE MANAGEMENT
Our ASM platform discovers, analyzes, prioritizes, & offers remediation plans
for exposures in your known & unknown assets.
SIGN-UP FOR ASM
VULNERABILITY INTELLIGENCE
Our VI platform delivers threat intelligence & context on the latest cyber
threats providing you with actionable insights for remediation.
REQUEST A DEMO
* Services
* Vulnerability Management
* Penetration Testing
VULNERABILITY MANAGEMENT
Our vulnerability management continually detects, prioritizes, & plans
remediation to protect your entire IT landscape.
PENETRATION TESTING
Our penetration testing simulates a real-world attack on your digital assets
to determine the strength of your security & defenses.
* Use Cases
* Attack Surface Management
* Continuous Attack Surface Reduction
* Discovery of Known & Unknown Assets
* Assets with Known Ransomware and Exploitable Vulnerabilities
* Non-Production Systems Exposed to the Public
* Monitor Subsidiaries & Acquisitions
* Vulnerability Intelligence
* Early Warning Risk Alerts
* Vulnerability Prioritization
* Tech Stack Alerting
* Actionable Threat Intelligence
* Penetration Testing
* Network & Infrastructure Penetration Testing
* Meet your Compliance Requirements
* Test Your Security Resilience
* Protect Intellectual Property
* Vulnerability Management
* Manage Vulnerabilities & Exposures
* Network & Application Vulnerability Management
* Threat & Vulnerability Advisories
* Vulnerability Validation & False Positive Elimination
Continuous Attack Surface Reduction
Discovery of Known & Unknown Assets
Assets with Known Ransomware & Exploitable Vulnerabilities
Non-Production Systems Exposed to the Public
Monitor Subsidiaries & Acquisitions
Manage Vulnerabilities & Exposures
Network & Application Vulnerability Management
Threat & Vulnerability Advisories
Vulnerability Validation & False Positive Elimination
Early Warning Risk Alerts
Vulnerability Prioritization
Tech Stack Alerting
Actionable Threat Intelligence
Network & Infrastructure Penetration Testing
Meet your Compliance Requirements
Test Your Security Resilience
Protect Intellectual Property
* Partners
* Partner Program
* Become a Partner
* Register a Deal
PARTNERS
As a partner led organization, we are committed to working with our partners
to deliver world-class early warning security intelligence solutions that
eliminate the adversary advantage & deliver superior security outcomes for
your clients.
Partner Program
Become a Partner
Register a Deal
* Resources
* Reports
* Zero Days
* Articles
* Patch Watch
* Webinars & Podcasts
* Media Coverage
RESOURCES
Reports
Zero Days
Articles
Patch Watch
Webinars & Podcasts
Glossary
Media Coverage
* About
* Overview
* Careers USA
WHO WE ARE
Overview
CAREERS
USA OPPORTUNITIES
X
Login to Securin
* Products
* Attack Surface Management
* Vulnerability Intelligence
ATTACK SURFACE MANAGEMENT
Our ASM platform discovers, analyzes, prioritizes, & offers remediation plans
for exposures in your known & unknown assets.
SIGN-UP FOR ASM
VULNERABILITY INTELLIGENCE
Our VI platform delivers threat intelligence & context on the latest cyber
threats providing you with actionable insights for remediation.
REQUEST A DEMO
* Services
* Vulnerability Management
* Penetration Testing
VULNERABILITY MANAGEMENT
Our vulnerability management continually detects, prioritizes, & plans
remediation to protect your entire IT landscape.
PENETRATION TESTING
Our penetration testing simulates a real-world attack on your digital assets
to determine the strength of your security & defenses.
* Use Cases
* Attack Surface Management
* Continuous Attack Surface Reduction
* Discovery of Known & Unknown Assets
* Assets with Known Ransomware and Exploitable Vulnerabilities
* Non-Production Systems Exposed to the Public
* Monitor Subsidiaries & Acquisitions
* Vulnerability Intelligence
* Early Warning Risk Alerts
* Vulnerability Prioritization
* Tech Stack Alerting
* Actionable Threat Intelligence
* Penetration Testing
* Network & Infrastructure Penetration Testing
* Meet your Compliance Requirements
* Test Your Security Resilience
* Protect Intellectual Property
* Vulnerability Management
* Manage Vulnerabilities & Exposures
* Network & Application Vulnerability Management
* Threat & Vulnerability Advisories
* Vulnerability Validation & False Positive Elimination
Continuous Attack Surface Reduction
Discovery of Known & Unknown Assets
Assets with Known Ransomware & Exploitable Vulnerabilities
Non-Production Systems Exposed to the Public
Monitor Subsidiaries & Acquisitions
Manage Vulnerabilities & Exposures
Network & Application Vulnerability Management
Threat & Vulnerability Advisories
Vulnerability Validation & False Positive Elimination
Early Warning Risk Alerts
Vulnerability Prioritization
Tech Stack Alerting
Actionable Threat Intelligence
Network & Infrastructure Penetration Testing
Meet your Compliance Requirements
Test Your Security Resilience
Protect Intellectual Property
* Partners
* Partner Program
* Become a Partner
* Register a Deal
PARTNERS
As a partner led organization, we are committed to working with our partners
to deliver world-class early warning security intelligence solutions that
eliminate the adversary advantage & deliver superior security outcomes for
your clients.
Partner Program
Become a Partner
Register a Deal
* Resources
* Reports
* Zero Days
* Articles
* Patch Watch
* Webinars & Podcasts
* Media Coverage
RESOURCES
Reports
Zero Days
Articles
Patch Watch
Webinars & Podcasts
Glossary
Media Coverage
* About
* Overview
* Careers USA
WHO WE ARE
Overview
CAREERS
USA OPPORTUNITIES
X
Login to Securin
* Products
* Attack Surface Management
* Vulnerability Intelligence
ATTACK SURFACE MANAGEMENT
Our ASM platform discovers, analyzes, prioritizes, & offers remediation plans
for exposures in your known & unknown assets.
SIGN-UP FOR ASM
VULNERABILITY INTELLIGENCE
Our VI platform delivers threat intelligence & context on the latest cyber
threats providing you with actionable insights for remediation.
REQUEST A DEMO
* Services
* Vulnerability Management
* Penetration Testing
VULNERABILITY MANAGEMENT
Our vulnerability management continually detects, prioritizes, & plans
remediation to protect your entire IT landscape.
PENETRATION TESTING
Our penetration testing simulates a real-world attack on your digital assets
to determine the strength of your security & defenses.
* Use Cases
* Attack Surface Management
* Continuous Attack Surface Reduction
* Discovery of Known & Unknown Assets
* Assets with Known Ransomware and Exploitable Vulnerabilities
* Non-Production Systems Exposed to the Public
* Monitor Subsidiaries & Acquisitions
* Vulnerability Intelligence
* Early Warning Risk Alerts
* Vulnerability Prioritization
* Tech Stack Alerting
* Actionable Threat Intelligence
* Penetration Testing
* Network & Infrastructure Penetration Testing
* Meet your Compliance Requirements
* Test Your Security Resilience
* Protect Intellectual Property
* Vulnerability Management
* Manage Vulnerabilities & Exposures
* Network & Application Vulnerability Management
* Threat & Vulnerability Advisories
* Vulnerability Validation & False Positive Elimination
Continuous Attack Surface Reduction
Discovery of Known & Unknown Assets
Assets with Known Ransomware & Exploitable Vulnerabilities
Non-Production Systems Exposed to the Public
Monitor Subsidiaries & Acquisitions
Manage Vulnerabilities & Exposures
Network & Application Vulnerability Management
Threat & Vulnerability Advisories
Vulnerability Validation & False Positive Elimination
Early Warning Risk Alerts
Vulnerability Prioritization
Tech Stack Alerting
Actionable Threat Intelligence
Network & Infrastructure Penetration Testing
Meet your Compliance Requirements
Test Your Security Resilience
Protect Intellectual Property
* Partners
* Partner Program
* Become a Partner
* Register a Deal
PARTNERS
As a partner led organization, we are committed to working with our partners
to deliver world-class early warning security intelligence solutions that
eliminate the adversary advantage & deliver superior security outcomes for
your clients.
Partner Program
Become a Partner
Register a Deal
* Resources
* Reports
* Zero Days
* Articles
* Patch Watch
* Webinars & Podcasts
* Media Coverage
RESOURCES
Reports
Zero Days
Articles
Patch Watch
Webinars & Podcasts
Glossary
Media Coverage
* About
* Overview
* Careers USA
WHO WE ARE
Overview
CAREERS
USA OPPORTUNITIES
X
Login to Securin
* Products
* Attack Surface Management
* Vulnerability Intelligence
ATTACK SURFACE MANAGEMENT
Our ASM platform discovers, analyzes, prioritizes, & offers remediation plans
for exposures in your known & unknown assets.
SIGN-UP FOR ASM
VULNERABILITY INTELLIGENCE
Our VI platform delivers threat intelligence & context on the latest cyber
threats providing you with actionable insights for remediation.
REQUEST A DEMO
* Services
* Vulnerability Management
* Penetration Testing
VULNERABILITY MANAGEMENT
Our vulnerability management continually detects, prioritizes, & plans
remediation to protect your entire IT landscape.
PENETRATION TESTING
Our penetration testing simulates a real-world attack on your digital assets
to determine the strength of your security & defenses.
* Use Cases
* Attack Surface Management
* Continuous Attack Surface Reduction
* Discovery of Known & Unknown Assets
* Assets with Known Ransomware and Exploitable Vulnerabilities
* Non-Production Systems Exposed to the Public
* Monitor Subsidiaries & Acquisitions
* Vulnerability Intelligence
* Early Warning Risk Alerts
* Vulnerability Prioritization
* Tech Stack Alerting
* Actionable Threat Intelligence
* Penetration Testing
* Network & Infrastructure Penetration Testing
* Meet your Compliance Requirements
* Test Your Security Resilience
* Protect Intellectual Property
* Vulnerability Management
* Manage Vulnerabilities & Exposures
* Network & Application Vulnerability Management
* Threat & Vulnerability Advisories
* Vulnerability Validation & False Positive Elimination
Continuous Attack Surface Reduction
Discovery of Known & Unknown Assets
Assets with Known Ransomware & Exploitable Vulnerabilities
Non-Production Systems Exposed to the Public
Monitor Subsidiaries & Acquisitions
Manage Vulnerabilities & Exposures
Network & Application Vulnerability Management
Threat & Vulnerability Advisories
Vulnerability Validation & False Positive Elimination
Early Warning Risk Alerts
Vulnerability Prioritization
Tech Stack Alerting
Actionable Threat Intelligence
Network & Infrastructure Penetration Testing
Meet your Compliance Requirements
Test Your Security Resilience
Protect Intellectual Property
* Partners
* Partner Program
* Become a Partner
* Register a Deal
PARTNERS
As a partner led organization, we are committed to working with our partners
to deliver world-class early warning security intelligence solutions that
eliminate the adversary advantage & deliver superior security outcomes for
your clients.
Partner Program
Become a Partner
Register a Deal
* Resources
* Reports
* Zero Days
* Articles
* Patch Watch
* Webinars & Podcasts
* Media Coverage
RESOURCES
Reports
Zero Days
Articles
Patch Watch
Webinars & Podcasts
Glossary
Media Coverage
* About
* Overview
* Careers USA
WHO WE ARE
Overview
CAREERS
USA OPPORTUNITIES
X
Login to Securin
COULD GOOGLE’S MOST SEARCHED TOP 10 VULNERABILITIES IN 2020 BE KEY ATTACK
INDICATORS?
* APT Groups, APT41, Dark Halo, Google trends, Microsoft Exchange Server,
ransomware, Zoho, Zoho Manage Engine Desktop Central
* Jan 21, 2021
> We analyzed ten vulnerabilities (discovered in 2020) that had a high search
> volume on google and here is what we found –
>
> * CVE-2020-10189 – a RCE vulnerability in Zoho’s Manage Engine Desktop
> Central is being exploited by APT41.
>
> * CVE-2020-0688 – a RCE vulnerability in Microsoft Exchange Server was
> exploited in March by APT group Dark Halo. They used this weakness to
> bypass multi-factor authentication defenses against unauthorized email
> access, making it easy for them to log in to SolarWinds’ trojanized
> update.
2020 was a productive year for threat actors. The world’s workforce is working
remotely while dealing with the pandemic and threat actors were busy weaponizing
critical vulnerabilities that had a global impact. Many organizations fell prey
to ransomware and sophisticated cyber attacks that allowed remote and privileged
access to sensitive information.
CSW analysts examined the recent vulnerabilities (discovered in 2020) with high
search volume in Google and found ten weaknesses (Click here to view the table).
We sought to find out why these vulnerabilities were searched and here are our
insights –
THE AVERAGE WEAPONIZATION RATE
While the average weaponization rate in 2020 is more than 45 days, four CVE’s
CVE-2020-10189, CVE-2020-9484, CVE-2020-1147 and CVE-2020-0688 got weaponized
under 20 days of their discovery!
While we are happy to share this insight it also begs the question as to how
organizations can defend themselves without a sophisticated RBVM that would
provide them this kind of dynamic trending analytics.
TWO VULNERABILITIES EXPLOITED BY APT GROUPS & RANSOMWARES
We also found that a vulnerability (CVE-2020-10189) in Zoho’s Cloud Desktop
Central is being exploited by APT-41 – a Chinese APT group known for using Maze
ransomware as their arsenal. Hackers have been selling access to networks that
use this Remote Monitoring Management application for $100,000 in the dark web.
CVE-2020-0688 – a Microsoft Exchange Server vulnerability is being used by two
ransomwares (Egregor, and Thanos). *Discovered in February 2020, an exploit
became available for this vulnerability in March and within the same month it
started trending.
Note: *Based on the trending charts from our RBVM platform (RiskSense) that
draws data from hacker forums and advanced vulnerability analytics.
This vulnerability was used by APT Group Dark Halo to bypass multi-factor
authentication defenses against unauthorized email access making it easy for
them to login to SolarWinds trojanized update. Dark Halo is suspected to have
attacked SolarWinds three times between late 2019 and July 2020.
COMMON WEAKNESSES THAT CAUSED THESE VULNERABILITIES
The products that are weakened by these vulnerabilities are Microsoft Exchange
Server, Windows (10, 8, 7) & Windows server (2019, 2016, 2008, 2012), Oracle’s
Fusion Middleware, Weblogic Server, Zoho’s Manage Engine Desktop Central,
Apache’s Tomcat and CISCO’s Ios xr.
When we analyzed the CWE (common weakness enumeration) we found the following –
CWE-835 (Infinite Loop), CWE-269 (Improper Privilege Management), CWE-20
(Improper Input Validation), CWE-134 (Use of Externally-Controlled Format
String), and CWE-502 (Deserialization of Untrusted Data). Out of three
vulnerabilities categorized under CWE-502 two are being used by APT groups and
ransomware.
This calls to question the secure coding practices that developers need to
adopt. They should avoid these weaknesses even while they write the code to
avoid shipping products that are vulnerable to serious cyber attacks.
ANALYSIS OF TOP 3 VULNERABILITY SCANNERS
The good news is that popular scanners such as Tenable, Nexpose, and Qualys can
detect these vulnerabilities. However, Nexpose doesn’t detect these two
vulnerabilities – CVE-2020-2555 and CVE-2020-3118.
GOOGLE’S 2020 TOP 10 VULNERABILITIES
THE WAY FORWARD
The pace at which threat actors seem to weaponize and exploit newly minted
vulnerabilities is downright alarming. With seven out of ten vulnerabilities
having RCE/PE capability prioritizing these weaknesses for patching becomes a
priority.
These trends are a strong indication for organizations to start looking at their
attack surface and find ways to defend them from threat actors.
Year after year, we are looking at products with more vulnerabilities that
threat actors are more than happy to use. One of the many solutions that could
help organizations is accurate dynamic data that provides information about
vulnerabilities and their threat context. We need trend watchers based on
machine learning that can compute this dynamic data and provide organizations
with predictive trends about vulnerabilities that could be exploited — even
before it manifests. Working in tandem with this, a Shift Left solution that
would help developers test and correct the weaknesses in their products before
it goes to market.
SHARE THIS POST ON
Securin helps leaders continuously improve their security posture. We work as an
extension of your team to better protect your organization.
* Privacy Policy | Customer Agreements
CONTACT
* 2440 Louisiana Blvd NE #560, Albuquerque, NM 87110
* 505-302-1113
* info@securin.io
SECURITY SOLUTIONS
* Attack Surface Management
* Vulnerability Intelligence
* Vulnerability Management
* Penetration Testing
RESOURCE CENTER
* Zero Days
* Articles
* Patch Watch
*
*
*
*
*
© Copyright 2024 Securin All Rights Reserved
7563