advisory web version purple
  • UK and international allies share details of the top 15 vulnerabilities routinely exploited by malicious actors in 2021
  • Advisory highlights aggressive targeting of newly disclosed critical software vulnerabilities against a broad set of targets
  • NCSC CEO Lindy Cameron says that the advice “places the power in the hands of network defenders to fix the most common cyber weaknesses”

The UK and international partners have published an advisory for public and private sector organisations on the 15 most commonly exploited vulnerabilities in 2021.

The National Cyber Security Centre (NCSC), a part of GCHQ, has jointly published an advisory with agencies in the US, Australia, Canada and New Zealand, showing that malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities across the public and private sector worldwide.

Threat actors often geared their efforts towards targeting internet-facing systems, such as email and virtual private network (VPN) servers.

It also indicates that, to a lesser extent, actors continue to exploit publicly known – and often dated – vulnerabilities, some of which were routinely exploited in 2020 or earlier.

The advisory directs organisations to follow specific mitigation advice to protect against exploitation, which includes applying timely patches, using a centralised patch management system and replacing any software no longer supported by the vendor.

Lindy Cameron, NCSC CEO, said:

The NCSC and our allies are committed to raising awareness of vulnerabilities and presenting actionable solutions to mitigate them.

This advisory places the power in the hands of network defenders to fix the most common cyber weaknesses in the public and private sector ecosystem.

Working with our international partners, we will continue to raise awareness of the threats posed by those who seek to harm us.

Additional guidance for organisations on how to protect themselves in cyberspace can be found on the NCSC website. Our 10 Steps to Cyber Security collection provides a summary of advice for security and technical professionals.

To mitigate vulnerabilities, organisations should review NCSC guidance on an effective vulnerability management process. The NCSC Early Warning Service also provides vulnerability and open port alerts for subscribed organisations.

The advisory is available to read in full on the Cybersecurity and Infrastructure Security Agency’s (CISA) website.

Read the advisory

Original Source: ncsc[.]gov[.]uk

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon using the button below

Digital Patreon Wordmark FieryCoralv2

To keep up to date follow us on the below channels.

Click Above for Telegram
Click Above for Discord
Click Above for Reddit