The Cybersecurity & Infrastructure Security Agency (CISA) along side the Australian Cyber Security Center (ACSC), the United Kingdom’s National Cyber Security Center (NCSC), and the Federal Bureau of Investigation (FBI) have named their TOP 30 vulnerabilities (so far) for 2021.

You can find the whole list over at CISA.gov but we’ve reposted the top 12 threats below. They are:

Vendor	CVE	Type
Citrix	CVE-2019-19781	arbitrary code execution
Pulse	CVE 2019-11510	arbitrary file reading
Fortinet	CVE 2018-13379	path traversal
F5- Big IP	CVE 2020-5902	remote code execution (RCE)
MobileIron	CVE 2020-15505	RCE
Microsoft	CVE-2017-11882	RCE
Atlassian	CVE-2019-11580	RCE
Drupal	CVE-2018-7600	RCE
Telerik	CVE 2019-18935	RCE
Microsoft	CVE-2019-0604	RCE
Microsoft	CVE-2020-0787	elevation of privilege
Netlogon	CVE-2020-1472	elevation of privilege

There’s a LOT of information in regards to the vulnerabilities. The authors of the post go very, very in depth. It’s worth the read if you’ve got a chance.

There are mitigation recommendations and indicators of compromise included as well. Again, you can read the full article at the link above but we’ve included the pertinent information here.

Mitigations and Indicators of Compromise

One of the most effective best practices to mitigate many vulnerabilities is to update software versions once patches are available and as soon as is practicable. If this is not possible, consider applying temporary workarounds or other mitigations, if provided by the vendor. If an organization is unable to update all software shortly after a patch is released, prioritize implementing patches for CVEs that are already known to be exploited or that would be accessible to the largest number of potential attackers (such as internet-facing systems). This advisory highlights vulnerabilities that should be considered as part of the prioritization process. To further assist remediation, automatic software updates should be enabled whenever possible.

Focusing scarce cyber defense resources on patching those vulnerabilities that cyber actors most often use offers the potential of bolstering network security while impeding our adversaries’ operations. For example, nation-state APTs in 2020 extensively relied on a single RCE vulnerability discovered in the Atlassian Crow, a centralized identity management and application (CVE-2019-11580) in its reported operations. A concerted focus on patching this vulnerability could have a relative broad impact by forcing the actors to find alternatives, which may not have the same broad applicability to their target set.

Additionally, attackers commonly exploit weak authentication processes, particularly in external-facing devices. Organizations should require multi-factor authentication to remotely access networks from external sources, especially for administrator or privileged accounts.

Again, worth the read if you get the chance.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Carl Keyser

As Inbound Marketing Manager at Integris, Carl Keyser brings expertise in digital marketing and SEO to create insightful blog content that educates and informs readers about technology trends and best practices.