Annual cybersecurity reports by major vendors typically contain an overview of the current internet landscape, key security statistics, and emerging threats. This report highlights significant issues such as widespread misconfigurations, vulnerabilities in web servers like Hikvision and Boa, and the increasing adoption of TLS 1.3, reflecting ongoing challenges in internet security. #Hikvision #BoaWebServers
Keypoints
- Most cybersecurity reports are structured into sections covering the overall internet landscape, threat analysis, vulnerabilities, and security best practices, often supplemented with data statistics and trend analysis.
- Key statistics include over 165 million HTTP services, with 85% hosted on named hosts, and notable findings such as 8,000 hosts exposed with sensitive data, including credentials and backups, indicating persistent misconfigurations.
- Web server technologies like Apache HTTPD and Nginx dominate the landscape, yet older or vulnerable servers like Hikvision and Boa remain in use, posing security risks due to known exploits.
- Security trends show a strong move towards encryption, with nearly 95% of HTTP services supporting TLS 1.2 and 1.3, while older versions like TLS 1.0 and 1.1 are still in use but declining.
- Threat actors benefit from exposed monitoring tools like Prometheus, with over 40,000 instances found, often monitoring internal or private network segments, facilitating reconnaissance.
- Overall, such reports reflect the ongoing need for improved configuration, timely patching, and advancements in internet security measures to address evolving threats and vulnerabilities.
Source: Awesome Annual Security Reports - The reports in this collection are limited to content which does not require a paid subscription, membership, or service contract. (https://github.com/jacobdjwilson/awesome-annual-security-reports/)