Here's a list of the flaws Russia, China, Iran and pals exploit most often, say Five Eyes infosec agencies

2021-07-29 06:26

Western cybersecurity agencies have published a list of 30 of the most exploited vulnerabilities abused by hostile foreign states in 2020, urging infosec bods to ensure their networks and deployments are fully patched against them.

Number one on the US, UK, and Australia's jointly published [PDF] list was the well-known Citrix arbitrary code execution vuln in Application Delivery Controller, aka Netscaler load-balancer.

"In 2021, malicious cyber actors continued to target vulnerabilities in perimeter-type devices. Among those highly exploited in 2021 are vulnerabilities in Microsoft, Pulse, Accellion, VMware, and Fortinet," said the US's CISA and FBI, Britain's NCSC, and Australia's ACSC, three of the Five Eyes alliance.

Second, third, and fourth on the agencies' list were, you guessed it, the Pulse Secure VPN, Fortinet, and F5 Big IP vulns.

Enemies of the West gleefully bashed the button over the Microsoft Exchange vulns exploited by China's Ministry of State Security.

The full advisory, including detailed notes on each of the highlighted vulns, can be read on the Australian Cyber Security Centre's website.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/07/29/top_vulns_list/

#china #exploit #infosec #iran #russia

News URL

Related news