Secuna warns that enterprise technology and financial services are vulnerable to cyberattacks
SECUNA, the Philippines’ first and only cybersecurity testing platform, said it detected and fixed 494 vulnerabilities in 21 private local companies in 2021. This represents 45.57% of the total number of cybersecurity flaws fixed by the company since its launch. creation.
According to Secuna’s report, 58.89% of the identified vulnerabilities came from the enterprise technology sector in which 30 were classified as critical, 56 were high and 152 were medium severity. Financial services companies saw the second largest portion of medium risk vulnerabilities covering 20% of total cyber weaknesses discovered. Of the disclosed vulnerabilities, 15.78% of medium, high, or critical risk vulnerabilities affect the healthcare sector, while 5.33% of high and medium risk vulnerabilities affect other organizations.
The top three “critical” vulnerabilities exposed by Secuna’s certified cybersecurity testers are remote code execution flaws, SQL injection flaws, and exposed .git repositories. The Remote Code Execution (RCE) vulnerability can be exploited to remotely control the target server, recover the entire source code, access the database, and even delete the entire server file system.
Secuna explained that SQL injection vulnerabilities found by its penetration testers can be exploited by malicious users to gain full database access and cause massive data breaches depending on their privileges. Meanwhile, the exposed.git repositories allow hackers to grab the target application’s source code along with sensitive keys, passphrases, and tokens, among other things.
The platform’s vulnerability assessment and penetration testing services also uncovered security vulnerabilities, including zero-day security flaws, cross-site scripting (XSS) flaws, direct reference vulnerabilities in object (IDOR) and missing security and privacy best practices, which if neglected. could lead to terrifying cyber consequences.