A joint advisory from U.S. and allied cybersecurity agencies issued Thursday highlights the top routinely exploited vulnerabilities — a list that includes old and well-known bugs that many organizations still have not patched.
The annual release comes as the Biden administration is pushing secure-by-design coding and engineering practices in an effort to address the many hundreds of vulnerabilities that are exploited by criminal hackers. Thursday’s list is also a stark and sobering reminder that unpatched vulnerabilities are often simply the easiest way for criminal hackers to gain access to a target.
“Today, adversaries commonly exploit categories of vulnerabilities that can and must be addressed by technology providers as part of their commitment to Secure by Design,” said Eric Goldstein, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency. “Until that day, malicious actors will continue to find it far too easy to exploit organizations around the world. With our partners, we urge all organizations to review our joint advisory, for every enterprise to prioritize mitigation of these vulnerabilities, and for every technology provider to take accountability for the security outcomes of their customers by reducing the prevalence of these vulnerabilities by design.”
The joint alert includes CISA, the National Security Agency, FBI, as well as the cybersecurity agencies from five eye allies Australia, Canada, New Zealand and the U.K.
Advertisement
Illustrating the fact that many organization continue to either ignore reports of vulnerabilities or fail to patch all their systems, one of the most dangerous vulnerabilities affecting Fortinet SSL VPNs also made the list in 2020 and 2021. The advisory makes clear that the continued exploitation of this bug means that organizations simply do not patch “in a timely ma ..
Support the originator by clicking the read the rest link below.
