The FBI, the NSA, and cybersecurity authorities of the 5 Eyes intelligence alliance have launched right now a listing of the highest 15 routinely exploited vulnerabilities all through final 12 months.
A joint advisory printed on Tuesday requires organizations worldwide to instantly patch these safety flaws and deploy patch administration techniques to reduce their networks’ publicity to potential assaults.
“In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets,” the cybersecurity businesses warned.
“In 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a zero-day, which is an increase from 2022, when less than half of the top exploited vulnerabilities were exploited as a zero-day.”
As in addition they revealed, 12 out of the highest 15 vulnerabilities routinely abused within the wild had been addressed final 12 months, lining up with the businesses warning that risk actors centered their assaults on zero-days (safety flaws which have been disclosed however are but to be patched).
Right here is the whole listing of final 12 months’s most exploited vulnerabilities and related hyperlinks to the Nationwide Vulnerability Database entries.
CVE-2023-3519, a code injection vulnerability in NetScaler ADC / Gateway that permits attackers to achieve distant code execution on unpatched servers, took the primary spot after state hackers abused it to breach U.S. crucial infrastructure organizations.
By early August 2023, this safety flaw had been leveraged to backdoor not less than 640 Citrix servers worldwide and over 2,000 by mid-August.
At present’s advisory highlights 32 different vulnerabilities typically exploited final 12 months to compromise organizations and offers data on how defenders can lower their publicity to assaults abusing them within the wild.
This June, MITRE additionally unveiled the 25 most harmful software program weaknesses for the earlier two calendar years and, in November 2021, a listing of the most vital {hardware} weaknesses.
“All of these vulnerabilities are publicly known, but many are in the top 15 list for the first time,” stated Jeffrey Dickerson, NSA’s cybersecurity technical director, on Tuesday.
“Network defenders should pay careful attention to trends and take immediate action to ensure vulnerabilities are patched and mitigated. Exploitation will likely continue in 2024 and 2025.”
