Log4j has dominated recent discussions around cybersecurity vulnerabilities, but the emergence of the Java logging library security flaw has allowed several other major exploits being abused by cyber criminals to fly under the radar, potentially putting many organisations at risk from ransomware and other cyberattacks.
The focus on Log4j, described at the time as one of the most serious cybersecurity vulnerabilities to ever emerge, was understandably the key issue for enterprise cybersecurity teams in the final weeks of 2021.
But cybersecurity researchers at Digital Shadows have detailed several other vulnerabilities that appeared last year – or that are even older and continue to be left unpatched and exploited – which may have been missed and continue to provide opportunities for cyber criminals.
SEE: A winning strategy for cybersecurity (ZDNet special report)
Failure to patch these vulnerabilities could have potentially dangerous consequences for businesses as malicious hackers exploit them to launch ransomware attacks, malware campaigns and other cyber-criminal activity.
In total, researchers identified 260 vulnerabilities being actively exploited for attacks in the final quarter of 2021 – and a third of them, a total of 87 vulnerabilities, being used in association with ransomware campaigns.
One set of vulnerabilities that is