The security agencies of the US, Australia, Canada, the UK and New Zealand have published a definitive record of the most exploited vulnerabilities of 2021, topped by Log4Shell.
Apart from the notorious Log4j vulnerability, the record incorporates the notable ProxyLogon and ProxyShell flaws and other Microsoft bugs ZeroLogon, and a different Microsoft Exchange Server flaw (CVE-2020-0688).
Other individuals on the best 15 list are bugs in Atlassian (CVE-2021-26084), VMware vSphere CVE-2021-21972 Pulse Secure (CVE-2019-11510) and Fortinet FortiOS (CVE-2018-13379).
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
“The NCSC and our allies are committed to increasing recognition of vulnerabilities and presenting actionable methods to mitigate them,” claimed Countrywide Cyber Security Centre (NCSC) CEO Lindy Cameron.
“This advisory places the ability in the palms of network defenders to deal with the most popular cyber weaknesses in the public and private sector ecosystem.”
In addition to the top 15 list, the security organizations provided an added checklist of bugs to patch, which includes noteworthy methods these kinds of as the Accellion File Transfer Appliance (FTA) which was focused en masse by a cybercrime group with links to FIN11 and Clop ransomware.
Other susceptible products and solutions include Windows Print Spooler and VPN offerings Pulse Join Protected and SonicWall SSLVPN SMA100.
Andreas Berger, lead products engineer for software security at Dynatrace, argued that applications are ever more riddled with flaws since they’re crafted on cloud-native architectures with open up resource factors, earning bugs more durable to weed out.
“Even with a strong layered method to cybersecurity, many organizations nonetheless lack solutions that can see within containerized purposes, or comprehend the context wanted to distinguish potential vulnerability from critical exposure,” he ongoing.
“As a result, it is really tough for security teams to prioritize their workload properly, so even the most nicely-documented vulnerabilities, like the Log4j library flaw, can go unchecked for months, or even yrs. It’s in particular pertinent to see Log4Shell at the leading of the record of the most routinely exploited vulnerabilities in 2021, as it was only found out in the final month of the yr – underscoring just how poor it was.”
To decrease risk exposure, organizations need to have to incorporate complete-stack observability to eliminate blind places with AI and automation to expose the precise lead to, variety and severity of vulnerabilities, Berger concluded.
Some areas of this report are sourced from:
www.infosecurity-magazine.com
Microsoft Azure Vulnerability Exposes PostgreSQL Databases to Other Customers