The FBI, the NSA, and cybersecurity authorities of the 5 Eyes intelligence alliance have launched as we speak a listing of the highest 15 routinely exploited vulnerabilities all through final 12 months.
A joint advisory revealed on Tuesday requires organizations worldwide to instantly patch these security flaws and deploy patch administration methods to attenuate their networks’ publicity to potential assaults.
“In 2023, malicious cyber actors exploited extra zero-day vulnerabilities to compromise enterprise networks in comparison with 2022, permitting them to conduct cyber operations in opposition to higher-priority targets,” the cybersecurity businesses warned.
“In 2023, nearly all of probably the most often exploited vulnerabilities have been initially exploited as a zero-day, which is a rise from 2022, when lower than half of the highest exploited vulnerabilities have been exploited as a zero-day.”
As in addition they revealed, 12 out of the highest 15 vulnerabilities routinely abused within the wild have been addressed final 12 months, lining up with the businesses warning that menace actors centered their assaults on zero-days (security flaws which were disclosed however are but to be patched).
Right here is the entire record of final 12 months’s most exploited vulnerabilities and related hyperlinks to the Nationwide Vulnerability Database entries.
CVE-2023-3519, a code injection vulnerability in NetScaler ADC / Gateway that allows attackers to achieve distant code execution on unpatched servers, took the primary spot after state hackers abused it to breach U.S. crucial infrastructure organizations.
By early August 2023, this security flaw had been leveraged to backdoor no less than 640 Citrix servers worldwide and over 2,000 by mid-August.
At present’s advisory highlights 32 different vulnerabilities usually exploited final 12 months to compromise organizations and gives data on how defenders can lower their publicity to assaults abusing them within the wild.
This June, MITRE additionally unveiled the 25 most harmful software program weaknesses for the earlier two calendar years and, in November 2021, a listing of a very powerful {hardware} weaknesses.
“All of those vulnerabilities are publicly identified, however many are within the high 15 record for the primary time,” stated Jeffrey Dickerson, NSA’s cybersecurity technical director, on Tuesday.
“Community defenders ought to pay cautious consideration to tendencies and take quick motion to make sure vulnerabilities are patched and mitigated. Exploitation will doubtless proceed in 2024 and 2025.”
