FBI reveals top targeted vulnerabilities of the last two years

A joint security advisory issued today by several cybersecurity agencies from the US, the UK, and Australia reveals the top 30 most targeted security vulnerabilities of the last two years.

CISA, the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the Federal Bureau of Investigation (FBI) also shared mitigation to help private and public sector organizations counter these vulnerabilities.

“Collaboration is a crucial part of CISA’s work and today we partnered with ACSC, NCSC and FBI to highlight cyber vulnerabilities that public and private organization should prioritize for patching to minimize risk of being exploited by malicious actors,” said Eric Goldstein, CISA Executive Assistant Director for Cybersecurity.

CISA, ACSC, the NCSC, and the FBI advise public and private orgs worldwide to patch and update their systems as soon as possible to decrease their attack surface

“Entities worldwide can mitigate the vulnerabilities listed in this report by applying the available patches to their systems and implementing a centralized patch management system,” the joint advisory added.

Those who cannot immediately patch or don’t plan to patch soon should check for signs of compromise and immediately initiate incident response and recovery plans.

The complete list of Common Vulnerabilities and Exposures (CVEs) routinely exploited in attacks during the last two years is available in the joint advisory published earlier today.

The four agencies have also released indicators of compromise, recommended mitigations, detection methods, and links to patches for each of the vulnerabilities listed in the advisory.

“The advisory published today puts the power in every organisation’s hands to fix the most common vulnerabilities, such as unpatched VPN gateway devices,” added Paul Chichester, NCSC’s Director for Operations.

“Working with our international partners, we will continue to raise awareness of the threats posed by those that seek to cause harm.”

Last week, MITRE also shared this year’s top 25 list of most common and dangerous weaknesses plaguing software throughout the previous two years.

One year ago, CISA and the FBI had also published a list of the top 10 most exploited security vulnerabilities between 2016 and 2019.

Refence: https://us-cert.cisa.gov/ncas/alerts/aa21-209a