[ad_1]
In partnership with the NSA and the FBI, cybersecurity authorities around the world today released a list of the top 15 vulnerabilities routinely exploited by threat actors during 2021.
Cybersecurity authorities urged organizations in a joint advisory to quickly patch these security flaws and implement patch management systems to reduce their attack surface.
Globally, malicious actors have been observed concentrating their attacks on Internet-facing systems, including email and virtual private network (VPN) servers, using exploits targeting newly disclosed vulnerabilities.
“Cybersecurity authorities in the US, Australia, Canada, New Zealand, and the UK assess, in 2021, that malicious cyber actors aggressively attacked newly disclosed critical software vulnerabilities against broad sets of targets, including public and private sector organizations around the world,” the notice reads.
This could be because malicious actors and security researchers released proof-of-concept (POC) exploits within two weeks of the initial disclosure of most major bugs exploited during 2021.
However, the attackers focused some of their attacks on older vulnerabilities patched years earlier, showing that some organizations do not update their systems even when a patch is available.
The list of the 15 most exploited security flaws is available below, with links to the National Vulnerability Database entries and associated malware.
Mitigation and additional exploitation information
Cybersecurity agencies in the US, Australia, Canada, New Zealand, and the UK also identified and disclosed an additional 21 security vulnerabilities commonly exploited by cybercriminals during 2021, including those affecting the Accellion File Transfer Appliance (FTA), Windows Print Spooler and Pulse Secure. Pulse Secure connection.
The joint advisory includes mitigation measures that should help reduce the risk associated with the major abused flaws detailed above.
CISA and the FBI also published a list of the 10 most exploited security flaws between 2016 and 2019 and a list of flaws routinely exploited in 2020 in collaboration with the Australian Cyber ​​Security Center (ACSC) and the National Security Center. UK Cyber ​​Security. Security Center (NCSC).
In November 2021, MITER also shared a list of the most dangerous programming, design, and architecture security flaws affecting hardware in 2021 and the 25 most common and dangerous weaknesses affecting software over the previous two years.
“We know that malicious cybercriminals go back to what works, which means they attack these same critical software vulnerabilities and will continue to do so until companies and organizations fix them,” said Jen Easterly, director of CISA.
“CISA and our partners are issuing this advisory to highlight the risk that the most commonly exploited vulnerabilities pose to public and private sector networks.
“We urge all organizations to assess their vulnerability management practices and take steps to mitigate the risk of known exploited vulnerabilities.”
[ad_2]
