In a joint advisory published by the FBI, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and its UK and Australian counterparts provided details on the top 30 vulnerabilities. These were the most used exploits and vulnerabilities used by malicious cyber attackers in 2020 and thus far in 2021.
Microsoft accounted for nine out of 30 cybersecurity vulnerabilities, with all of them being related to either arbitrary/remote code execution or domain impression. According to U.S. Government technical analysis, Citrix’s vulnerability became the most exploited flaw in 2020.
“Cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organizations worldwide. However, entities worldwide can mitigate the vulnerabilities listed in this report by applying the available patches to their systems and implementing a centralized patch management system.”
Cybersecurity vulnerabilities to look out for in 2021
The report also mentioned that cyber attackers continued to target cybersecurity vulnerabilities in perimeter-type devices. Here are some organizations where users should prioritize fixing the following vulnerabilities:
- Microsoft Exchange: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE2021-27065
- Pulse Secure: CVE-2021-22893, CVE-2021-22894, CVE-2021-22899, and CVE-2021-22900
- Accellion: CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104
- VMware: CVE-2021-21985