"U.S. and International Cybersecurity Partners Warn Organizations of Routinely Exploited Vulnerabilities"
The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international cybersecurity partners have published an advisory on the Common Vulnerabilities and Exposures (CVEs), to include associated Common Weakness Enumeration (CWE), that were routinely and frequently exploited by malicious actors in 2022. The joint Cybersecurity Advisory, titled "2022 Top Routinely Exploited Vulnerabilities," provides technical background information on the 12 most exploited vulnerabilities and an overview of an additional 30 vulnerabilities frequently used to compromise organizations, as well as specific information that organizations can use to identify and mitigate their exposure. This advisory describes the CWEs associated with these vulnerabilities for the first time, reflecting the underlying root causes that lead to the exploitable vulnerability. To reduce the prevalence of common classes of vulnerabilities, this advisory suggests technology vendors implement specific secure-by-design principles and ensure that all published CVEs contain the correct CWE identifying the vulnerability's root cause. This article continues to discuss the new joint advisory urging organizations to implement secure-by-design practices and prioritize patching known exploited vulnerabilities.