Inadequate security resources have prompted organizations to make tradeoffs in deciding on attack and vulnerability prioritization, prevention and detection optimization, and logging and alerting activities, SiliconAngle reports.
Organizations had security controls that could thwart only 59% of simulated attacks, and fewer than 50% of more advanced cyberattacks from January to June, according to a Picus Labs report. Moreover, over 80% of organizations continue to be vulnerable to 2019 security flaws, while only 37% and 16% of attacks are being logged and alerted.
The findings also showed an inverse correlation between threat detection and prevention, with healthcare being the worst in averting intrusions but two times more successful in identifying attacks, compared with the average organization.
On the other hand, North America-based organizations, which had the highest threat prevention effectiveness scores, had a nearly twofold increased likelihood of successfully averting intrusions, compared with issuing alerts for detected attacks.
"Many organizations do not realize the degree to which their existing controls are insufficient for detecting attacks, especially sophisticated ones," said researchers.
Such a development comes after the vulnerability was discovered by Proofpoint to be leveraged in intrusions beginning September 28, following the release of its proof-of-concept exploit code and technical information by Project Discovery.
Attackers who successfully activated "CSS Combine" and "Generate UCSS" within Page Optimization settings could leverage the vulnerability not only to exfiltrate sensitive data but also to elevate privileges and facilitate website takeovers for further compromise, according to an analysis from Patchstack.
More widespread of the addressed bugs was a logic issue, tracked as CVE-2024-44204, which could prompt Apple's new VoiceOver feature to read credentials saved within the recently unveiled Passwords app.