Vulnerabilities in transport layer security, and exposure to a 10 year old botnet, are the most common findings from penetration testing engagements. According to data from investigations between June 2019 to June 2020 from 206 engagements by Rapid7, internal network configuration and patch management continue to provide “easy” soft targets to penetration testers, who can often use off-the-shelf commodity attacks to escalate privileges and move laterally about the network without being detected.

Read full article on Infosecurity