Security News > 2023 > August > Five Eyes nations detail dirty dozen most exploited vulnerabilities

Infosec in brief If you're wondering what patches to prioritize, ponder no longer: An international group of cybersecurity agencies has published a list of the 12 most commonly exploited vulnerabilities of 2022 - a list many will recognize.

The coalition of officials from the US, Australia, Canada, New Zealand and United Kingdom's various intelligence and cyber security bodies - known as the Five Eyes - is urging organizations to get serious about dealing with old vulnerabilities that are being overlooked.

"In 2022, malicious cyber actors exploited older software vulnerabilities more frequently than recently disclosed vulnerabilities and targeted unpatched, internet-facing systems," The US Cybersecurity and Infrastructure Security Agency warned in its release of the list.

Leading the dastardly dozen is a vulnerability in Fortinet SSL VPNs. Yes, we know this is an ongoing problem, but this particular vulnerability has been around since 2018 and involves a path traversal bug that can be used to hijack system files.

Critical vulnerabilities of the week: Check your Ether balance!

Mozilla released security updates for Firefox, Firefox ESR and Thunderbird this week that address several vulnerabilities attackers could exploit to take control of affected systems; CISA warned that, despite the fact it only rates a 7.2 CVSS score, a path traversal vulnerability in some versions of Ivanti EPMM is under active exploitation, so be sure to patch asap; CVSS 9.8 - CVE-2023-28343: APSystems Altenergy Power Control Software contains an OS command injection vulnerability that could allow RCE. The spyware is coming from inside the house, FBI discovers.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/08/07/in_brief_security/