CISA Warns: Patch Top 30 Exploited Vulnerabilities Now
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a crucial cybersecurity advisory, detailing the top 30 publicly known vulnerabilities exploited by cyber threat actors in 2020 and 2021. Released on July 28, 2021, the advisory was jointly published with the Australian Cyber Security Centre (ACSC), the UK's National Cyber Security Centre (NCSC), and the FBI.
CISA advises organizations to prioritize and apply patches or workarounds for these vulnerabilities promptly. The advisory echoes a previous October 2020 United States National Security Agency (NSA) cybersecurity advisory, emphasizing the importance of addressing these exploited vulnerabilities. Organizations are urged to minimize gaps in personnel availability, maintain vigilance, and conduct regular incident response exercises.
To assist in this process, Qualys has released several remote and authenticated detections for these vulnerabilities. Users can search for them in the VMDR Dashboard. CISA recommends implementing rigorous configuration management, disabling unnecessary ports, protocols, and services, and requiring multi-factor authentication for remote network access, especially for administrator or privileged accounts.
Organizations are advised to prioritize patches for vulnerabilities that are already known to be exploited or accessible to the largest number of potential attackers. By following these recommendations, organizations can significantly enhance their cybersecurity posture and protect against evolving threats.
