Feds list the top 30 most exploited vulnerabilities. Many are years old
Government officials in the US, UK, and Australia are urging public- and private-sector organizations to secure their networks by ensuring firewalls, VPNs, and other network-perimeter devices are patched against the most widespread exploits.
In a joint advisory published Wednesday, the US FBI and CISA (Cybersecurity and Infrastructure Security Agency), the Australian Cyber Security Center, and the UK’s National Cyber Security Center listed the top 30 or so most exploited vulnerabilities. The vulnerabilities reside in a host of devices or software marketed by the likes of Citrix, Pulse Secure, Microsoft, and Fortinet.
“Cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organizations worldwide,” the advisory stated. “However, entities worldwide can mitigate the vulnerabilities listed in this report by applying the available patches to their systems and implementing a centralized patch management system.”