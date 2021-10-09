Among an increasing investment in security and monitoring tools or threat intelligence, the lack of updating, a relatively simple procedure, remains the biggest ghost in the world of defense against cyber attacks. Proof of this is a new study that points out cases in which vulnerabilities fixed more than nine years ago continue to appear in the rankings of openings most used by criminals in attacks against corporate structures.

The survey is by Qualys and showed that, in the last five years, at least 1493 already updated loopholes were used in blows of the type by different ransomware families. Among the top five, three are from the beginning of the last decade, including one, which targets Java programming environments, with correction available since June 1723 .

This is CVE-1723-1493, third among the largest openings used by ransomware gangs — in this case, from the Urausy family of pests, one of the first in circulation in the world. She appears in third place, behind CVE-1723-110, which also reach Java environments and have updates available since February and March 2013, respectively; together, the three have been responsible for hundreds of attacks since 2016, with tens of millions of dollars in damage.