The top 30 most targeted security flaws during the last two years identified by cybersecurity agencies from the US, the UK, and Australia were revealed in the joint security advisory published yesterday.
In the advisory, the US’ CISA, the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the Federal Bureau of Investigation (FBI) shared their expertise in addressing cyber threats, a list of Common Vulnerabilities and Exposures (CVEs), indicators of compromise, recommended mitigations, and detection methods.
“Collaboration is a crucial part of CISA’s work and today we partnered with ACSC, NCSC and FBI to highlight cyber vulnerabilities that public and private organizations should prioritize for patching to minimize the risk of being exploited by malicious actors,” said Eric Goldstein, CISA Executive Assistant Director for Cybersecurity.
The US Government said vulnerabilities were more difficult for companies to mitigate, primarily due to the spread of remote work during the pandemic.
“The rapid shift and increased use of remote work options, such as virtual private networks (VPNs) and cloud-based environments, likely placed an additional burden on cyber defenders struggling to maintain and keep pace with routine software patching,” CISA explained.
With the rise of remote working, many security issues were identified in 2020 that could allow attackers to access sensitive information from home or work.
“In 2021, malicious cyber actors continued to target vulnerabilities in perimeter-type devices. Among those highly exploited in 2021 are vulnerabilities in Microsoft, Pulse, Accellion, VMware, and Fortinet,” CISA added.
The advisory warns that attackers exploit previously known security bugs that affect companies from various industries. Here’s a partial list:
- Citrix CVE-2019-19781 arbitrary code execution
- Pulse CVE 2019-11510 arbitrary file reading
- Fortinet CVE 2018-13379 path traversal
- F5- Big IP CVE 2020-5902 remote code execution (RCE)
- MobileIron CVE 2020-15505 RCE
- Microsoft CVE-2017-11882 RCE
- Atlassian CVE-2019-11580 RCE
- Drupal CVE-2018-7600 RCE
- Telerik CVE 2019-18935 RCE
- Microsoft CVE-2019-0604 RCE
- Microsoft CVE-2020-0787 elevation of privilege
- Netlogon CVE-2020-1472 elevation of privilege
CISA, ACSC, the NCSC, and the FBI advise organizations to update their systems immediately to decrease their attack surface.
“Entities worldwide can mitigate the vulnerabilities listed in this report by applying the available patches to their systems and implementing a centralized patch management system,” the joint advisory added.
Those who can’t immediately patch should check for signs of compromised behavior and immediately initiate their recovery plans.