The Cybersecurity & Infrastructure Security Agency (CISA) along side the Australian Cyber Security Center (ACSC), the United Kingdom’s National Cyber Security Center (NCSC), and the Federal Bureau of Investigation (FBI) have named their TOP 30 vulnerabilities (so far) for 2021.
You can find the whole list over at CISA.gov but we’ve reposted the top 12 threats below. They are:
| Vendor | CVE | Type |
|
Citrix |
CVE-2019-19781 |
arbitrary code execution |
|
Pulse |
CVE 2019-11510 |
arbitrary file reading |
|
Fortinet |
CVE 2018-13379 |
path traversal |
|
F5- Big IP |
CVE 2020-5902 |
remote code execution (RCE) |
|
MobileIron |
CVE 2020-15505 |
RCE |
|
Microsoft |
CVE-2017-11882 |
RCE |
|
Atlassian |
CVE-2019-11580 |
RCE |
|
Drupal |
CVE-2018-7600 |
RCE |
|
Telerik |
CVE 2019-18935 |
RCE |
|
Microsoft |
CVE-2019-0604 |
RCE |
|
Microsoft |
CVE-2020-0787 |
elevation of privilege |
|
Netlogon |
CVE-2020-1472 |
elevation of privilege |
There’s a LOT of information in regards to the vulnerabilities. The authors of the post go very, very in depth. It’s worth the read if you’ve got a chance.
There are mitigation recommendations and indicators of compromise included as well. Again, you can read the full article at the link above but we’ve included the pertinent information here.
Mitigations and Indicators of Compromise
One of the most effective best practices to mitigate many vulnerabilities is to update software versions once patches are available and as soon as is practicable. If this is not possible, consider applying temporary workarounds or other mitigations, if provided by the vendor. If an organization is unable to update all software shortly after a patch is released, prioritize implementing patches for CVEs that are already known to be exploited or that would be accessible to the largest number of potential attackers (such as internet-facing systems). This advisory highlights vulnerabilities that should be considered as part of the prioritization process. To further assist remediation, automatic software updates should be enabled whenever possible.
Focusing scarce cyber defense resources on patching those vulnerabilities that cyber actors most often use offers the potential of bolstering network security while impeding our adversaries’ operations. For example, nation-state APTs in 2020 extensively relied on a single RCE vulnerability discovered in the Atlassian Crow, a centralized identity management and application (CVE-2019-11580) in its reported operations. A concerted focus on patching this vulnerability could have a relative broad impact by forcing the actors to find alternatives, which may not have the same broad applicability to their target set.
Additionally, attackers commonly exploit weak authentication processes, particularly in external-facing devices. Organizations should require multi-factor authentication to remotely access networks from external sources, especially for administrator or privileged accounts.
Again, worth the read if you get the chance.
Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.
