Text only | Text with Images

Networking-Forums.com

Professional Discussions => Security => Topic started by: icecream-guy on April 27, 2022, 12:51:29 PM

Title: 2021 Top Routinely Exploited Vulnerabilities
Post by: icecream-guy on April 27, 2022, 12:51:29 PM
https://www.cisa.gov/uscert/ncas/alerts/aa22-117a


Summary
This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC), and United Kingdom's National Cyber Security Centre (NCSC-UK). This advisory provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.

U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities assess, in 2021, malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities against broad target sets, including public and private sector organizations worldwide. To a lesser extent, malicious cyber actors continued to exploit publicly known, dated software vulnerabilities across a broad spectrum of targets.

The cybersecurity authorities encourage organizations to apply the recommendations in the Mitigations section of this CSA. These mitigations include applying timely patches to systems and implementing a centralized patch management system to reduce the risk of compromise by malicious cyber actors.
Title: Re: 2021 Top Routinely Exploited Vulnerabilities
Post by: deanwebb on April 28, 2022, 08:50:00 AM
Saw that... basically, y'all best be patching and moving to zero-trust models.
Title: Re: 2021 Top Routinely Exploited Vulnerabilities
Post by: icecream-guy on April 29, 2022, 08:55:11 AM
Quote from: deanwebb on April 28, 2022, 08:50:00 AM
Saw that... basically, y'all best be patching and moving to zero-trust models.

Yeah, we had a meeting with Cyolo yesterday.
Title: Re: 2021 Top Routinely Exploited Vulnerabilities
Post by: deanwebb on April 29, 2022, 04:04:44 PM
Quote from: icecream-guy on April 29, 2022, 08:55:11 AM
Quote from: deanwebb on April 28, 2022, 08:50:00 AM
Saw that... basically, y'all best be patching and moving to zero-trust models.

Yeah, we had a meeting with Cyolo yesterday.

Cyolo is a fun product. I've got it built out in my lab and it can do all kinds of cool things. When our Palo VPN was down for a while, Cyolo gave us access to inside resources. Best thing was that it wasn't all-you-can-eat access, but just the things you needed. True, you could still pivot out if one of those resources was SSH to a core switch, but you don't grant that app to just anyone.
Text only | Text with Images