NCSC and allies publish advisory on the most commonly exploited vulnerabilities in 2021
- UK and international allies share details of the top 15 vulnerabilities routinely exploited by malicious actors in 2021
- Advisory highlights aggressive targeting of newly disclosed critical software vulnerabilities against a broad set of targets
- NCSC CEO Lindy Cameron says that the advice “places the power in the hands of network defenders to fix the most common cyber weaknesses”
The UK and international partners have published an advisory for public and private sector organisations on the 15 most commonly exploited vulnerabilities in 2021.
The National Cyber Security Centre (NCSC), a part of GCHQ, has jointly published an advisory with agencies in the US, Australia, Canada and New Zealand, showing that malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities across the public and private sector worldwide.
Threat actors often geared their efforts towards targeting internet-facing systems, such as email and virtual private network (VPN) servers.
It also indicates that, to a lesser extent, actors continue to exploit publicly known – and often dated – vulnerabilities, some of which were routinely exploited in 2020 or earlier.
The advisory directs organisations to follow specific mitigation advice to protect against exploitation, which includes applying timely patches, using a centralised patch management system and replacing any software no longer supported by the vendor.
Lindy Cameron, NCSC CEO, said:
The NCSC and our allies are committed to raising awareness of vulnerabilities and presenting actionable solutions to mitigate them.
This advisory places the power in the hands of network defenders to fix the most common cyber weaknesses in the public and private sector ecosystem.
Working with our international partners, we will continue to raise awareness of the threats posed by those who seek to harm us.
Additional guidance for organisations on how to protect themselves in cyberspace can be found on the NCSC website. Our 10 Steps to Cyber Security collection provides a summary of advice for security and technical professionals.
To mitigate vulnerabilities, organisations should review NCSC guidance on an effective vulnerability management process. The NCSC Early Warning Service also provides vulnerability and open port alerts for subscribed organisations.
The advisory is available to read in full on the Cybersecurity and Infrastructure Security Agency’s (CISA) website.
Original Source: ncsc[.]gov[.]uk
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.
