Security News > 2021 > August > Top 30 Critical Security Vulnerabilities Most Exploited by Hackers
Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, once again demonstrating how threat actors are able to swiftly weaponize publicly disclosed flaws to their advantage.
"Cyber actors continue to exploit publicly known-and often dated-software vulnerabilities against broad target sets, including public and private sector organizations worldwide," the U.S. Cybersecurity and Infrastructure Security Agency, the Australian Cyber Security Centre, the United Kingdom's National Cyber Security Centre, and the U.S. Federal Bureau of Investigation noted.
The top 30 vulnerabilities span a wide range of software, including remote work, virtual private networks, and cloud-based technologies, that cover a broad spectrum of products from Microsoft, VMware, Pulse Secure, Fortinet, Accellion, Citrix, F5 Big IP, Atlassian, and Drupal.
The list of vulnerabilities that have come under active attack thus far in 2021 are listed below -.
The development also comes a week after MITRE published a list of top 25 "Most dangerous" software errors that could lead to serious vulnerabilities that could be exploited by an adversary to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition.
"The advisory puts the power in every organisation's hands to fix the most common vulnerabilities, such as unpatched VPN gateway devices," NCSC Director for Operations, Paul Chichester, said, while urging the need to prioritize patching to minimize the risk of being exploited by malicious actors.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/4bqby1RlKSQ/top-30-critical-security.html
Related news
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short (source)
- Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- North Korean hackers create Flutter apps to bypass macOS security (source)