The National Security Agency and the Australian Signals Directorate jointly issued a Cybersecurity Information Sheet with guidelines for enterprises on how to defend web servers from web shell exploits.
Just because a vulnerability exists doesn’t automatically mean it will get exploited. It turns out the popularity of the software matters, but so does where the vulnerability information is published.
According to the 10th edition of the Verizon Data Breach Investigations Report, 81 percent of hacking-related breaches leveraged stolen and/or weak passwords. Other trends include a jump in phishing, web application and ransomware attacks.