"FBI, CISA Reveal Most Exploited Vulnerabilities"

The FBI and the US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA), together with the Australian Cyber Security Center (ACSC) and the UK's National Cyber Security Center (NCSC), recently announced the top 30 vulnerabilities that have been exploited since the beginning of the COVID-19 pandemic. The list includes vulnerabilities, primarily Common Vulnerabilities and Exposures (CVEs), that were routinely exploited by malicious cyber actors in 2020 and those that have been exploited so far in 2021. There are patches for many of the vulnerabilities, so they can easily be fixed. The agencies recommend the implementation of a patch management system to prevent oversights. According to CISA, the rapid shift and increased use of remote work options, such as Virtual Private Networks (VPNs) and cloud-based environments, during the pandemic likely placed more burden on cyber defenders trying to maintain and keep up with routine software patching. The most exploited types of vulnerabilities include arbitrary code execution, arbitrary file reading, path traversal, remote code execution, and elevation of privilege. This article continues to discuss the joint effort that revealed the most exploited vulnerabilities, the struggle faced by cyber defenders to maintain routine software patching during the pandemic, efforts to protect critical infrastructure from cyberattacks, and the possibility of cyber incidents leading to war. 

eSecurity Planet reports "FBI, CISA Reveal Most Exploited Vulnerabilities"