29 July 2021

US, UK and Australia reveal most targeted vulnerabilities in the last two years


US, UK and Australia reveal most targeted vulnerabilities in the last two years

Australian Cyber Security Centre (ACSC), the UK National Cyber Security Centre (NCSC), the US Cybersecurity and Infrastructure Security Agency (CISA), and the US Federal Bureau of Investigation (FBI) have issued a joint advisory listing the top 30 most targeted vulnerabilities throughout 2020 and 2021.

The cybersecurity agencies identified the following issues as the topmost exploited vulnerabilities by threat actors from 2020:

  • CVE-2019-19781 – Citrix Netscaler Directory Traversal

  • CVE-2019-11510 – Pulse Secure Connect VPN Unauthenticated Arbitrary File Disclosure

  • CVE-2018-13379 – Fortinet FortioOS Secure Socket Layer VPN Unauthenticated Directory Traversal

  • CVE-2020-5902 – F5 Big IP Traffic Management User Interface Remote Code Execution

  • CVE-2020-15505 – MobileIron Core & Connector Remote Code Execution

  • CVE-2020-0688 – Microsoft Exchange Memory Corruption/Remote Code Execution

  • CVE-2019-3396 – Atlassian Confluence Server Widget Connector Remote Code Execution

  • CVE-2017-11882 – Microsoft Office Memory Corruption/Remote Code Execution

  • CVE-2019-11580 – Atlassian Crowd and Crowd Data Center Remote Code Execution

  • CVE-2018-7600 – Drupal Core Multiple Remote Code Execution

  • CVE-2019-18935 – Telerik UI for ASP.NET AJAX Insecure Deserialization

  • CVE-2019-0604 – Microsoft SharePoint Remote Code Execution

  • CVE-2020-0787 – Windows Background Intelligent Transfer Service Elevation of Privilege

  • CVE-2020-1472 – Windows Netlogon Elevation of Privilege

Among above mentioned, CVE-2019-19781 was the most exploited flaw in 2020, according to the advisory.

“Identified as emerging targets in early 2020, unremediated instances of CVE-2019-19781 and CVE-2019-11510 continued to be exploited throughout the year by nation-state advanced persistent threat actors (APTs) who leveraged these and other vulnerabilities, such as CVE-2018-13379, in VPN services to compromise an array of organizations, including those involved in COVID-19 vaccine development,” the CISA said.

The second list of vulnerabilities shared by the ACSC, NCSC, CISA, and the FBI includes the flaws most regularly targeted by malicious actors in 2021. Those are:

“One of the most effective best practices to mitigate many vulnerabilities is to update software versions once patches are available and as soon as is practicable. If this is not possible, consider applying temporary workarounds or other mitigations, if provided by the vendor. If an organization is unable to update all software shortly after a patch is released, prioritize implementing patches for CVEs that are already known to be exploited or that would be accessible to the largest number of potential attackers (such as internet-facing systems),” the cybersecurity agency advised.

“Additionally, attackers commonly exploit weak authentication processes, particularly in external-facing devices. Organizations should require multi-factor authentication to remotely access networks from external sources, especially for administrator or privileged accounts.”


Back to the list

Latest Posts

Windows MSHTML bug used in ransomware attacks, Microsoft says

Windows MSHTML bug used in ransomware attacks, Microsoft says

According to the Windows maker, in the wild exploitation of CVE-2021-40444 began on August 18.
17 September 2021
State-backed hackers actively exploiting recently disclosed Zoho RCE bug

State-backed hackers actively exploiting recently disclosed Zoho RCE bug

The targeted entities include academic institutions, defense contractors, as well as critical infrastructure entities.
17 September 2021
Free REvil/Sodinokibi ransomware universal decryptor released

Free REvil/Sodinokibi ransomware universal decryptor released

The tool works for all REvil victims whose files were encrypted in attacks prior to July 13, 2021.
17 September 2021
Featured vulnerabilities
Multiple vulnerabilities in cflinuxfs3
Medium Patched | 17 Sep, 2021
Information disclosure in cflinuxfs3
Medium Patched | 17 Sep, 2021
Information disclosure in Git
Medium Patched | 17 Sep, 2021
Multiple vulnerabilities in GLPI
Medium Patched | 17 Sep, 2021
Multiple vulnerabilities in cflinuxfs3
Medium Patched | 17 Sep, 2021