{"id":18890,"date":"2021-07-28T21:48:08","date_gmt":"2021-07-28T21:48:08","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/?p=18890"},"modified":"2021-07-28T23:36:33","modified_gmt":"2021-07-28T23:36:33","slug":"fbi-cisa-most-exploited-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/threats\/fbi-cisa-most-exploited-vulnerabilities\/","title":{"rendered":"FBI, CISA Reveal Most Exploited Vulnerabilities"},"content":{"rendered":"

The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) joined counterparts in the UK and Australia today to announce the top 30 vulnerabilities exploited since the start of the pandemic.<\/p>\n

The list, a joint effort with the Australian Cyber Security Centre (ACSC) and the UK’s National Cyber Security Centre (NCSC), details vulnerabilities \u2013 primarily Common Vulnerabilities and Exposures (CVEs) \u2013 “routinely exploited by malicious cyber actors in 2020 and those being widely exploited thus far in 2021.”<\/p>\n

Many of the vulnerabilities are known ones for which patches exist, so they can typically be easily fixed. The agencies also recommended a centralized patch management system<\/a> to prevent such oversights going forward.<\/p>\n

Most of the vulnerabilities targeted in 2020 were disclosed during the last two years. “Cyber actor exploitation of more recently disclosed software flaws in 2020 probably stems, in part, from the expansion of remote work options amid the COVID-19 pandemic,” said a CISA statement<\/a>. “The rapid shift and increased use of remote work options, such as virtual private networks (VPNs)<\/a> and cloud-based environments, likely placed additional burden on cyber defenders struggling to maintain and keep pace with routine software patching.”<\/p>\n

The widespread reliance on VPNs during the pandemic has led to calls for greater adoption of zero trust principles<\/a> by governments and others. Zero trust has also been a cornerstone of the Biden Administration’s response to the Colonial Pipeline ransomware attack<\/a>.<\/p>\n

The Administration’s latest effort to protect critical infrastructure was also announced today. The Industrial Control Systems Cybersecurity Initiative<\/a> is a voluntary, collaborative effort between the federal government and the critical infrastructure community to encourage and help with “deployment of technologies and systems that provide threat visibility, indications, detection, and warnings, and that facilitate response capabilities for cybersecurity in essential control system and operational technology networks.”<\/p>\n

Biden Warns Cyber Attacks Could Lead to War<\/h2>\n

The announcements come the day after President Biden warned that cyber incidents could lead to a war.<\/p>\n

“You know, we’ve seen how cyber threats, including ransomware attacks, increasingly are able to cause damage and disruption to the real world,” Biden said in remarks at the National Counterterrorism Center<\/a>.\u00a0 “I can’t guarantee this, and you’re as informed as I am, but I think it’s more likely we’re going to end up \u2014 well, if we end up in a war, a real shooting war with a major power, it’s going to be as a consequence of a cyber breach of great consequence. \u00a0And it’s increasing exponentially \u2014 the capabilities.”<\/p>\n

The Most Exploited Vulnerabilities<\/h2>\n

Here are the 12 most exploited vulnerabilities announced today. The announcement follows MITRE’s recently released list of the 25 most dangerous software weaknesses<\/a>.<\/p>\n

\n\n\n\n\n<\/colgroup>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Vendor<\/strong><\/td>\nCVE<\/strong><\/td>\nType<\/strong><\/td>\n<\/tr>\n
Citrix<\/td>\nCVE-2019-19781<\/td>\narbitrary code execution<\/td>\n<\/tr>\n
Pulse<\/td>\nCVE 2019-11510<\/td>\narbitrary file reading<\/td>\n<\/tr>\n
Fortinet<\/td>\nCVE 2018-13379<\/td>\npath traversal<\/td>\n<\/tr>\n
F5- Big IP<\/td>\nCVE 2020-5902<\/td>\nremote code execution (RCE)<\/td>\n<\/tr>\n
MobileIron<\/td>\nCVE 2020-15505<\/td>\nRCE<\/td>\n<\/tr>\n
Microsoft<\/td>\nCVE-2017-11882<\/td>\nRCE<\/td>\n<\/tr>\n
Atlassian<\/td>\nCVE-2019-11580<\/td>\nRCE<\/td>\n<\/tr>\n
Drupal<\/td>\nCVE-2018-7600<\/td>\nRCE<\/td>\n<\/tr>\n
Telerik<\/td>\nCVE 2019-18935<\/td>\nRCE<\/td>\n<\/tr>\n
Microsoft<\/td>\nCVE-2019-0604<\/td>\nRCE<\/td>\n<\/tr>\n
Microsoft<\/td>\nCVE-2020-0787<\/td>\nelevation of privilege<\/td>\n<\/tr>\n
Netlogon<\/td>\nCVE-2020-1472<\/td>\nelevation of privilege<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n

The agencies also urged organizations to prioritize these additional fixes:<\/p>\n