The FBI, the NSA, and cybersecurity authorities of the 5 Eyes intelligence alliance have launched at the moment an inventory of the highest 15 routinely exploited vulnerabilities all through final 12 months.
A joint advisory printed on Tuesday requires organizations worldwide to right away patch these safety flaws and deploy patch administration methods to attenuate their networks’ publicity to potential assaults.
“In 2023, malicious cyber actors exploited extra zero-day vulnerabilities to compromise enterprise networks in comparison with 2022, permitting them to conduct cyber operations in opposition to higher-priority targets,” the cybersecurity businesses warned.
“In 2023, the vast majority of essentially the most often exploited vulnerabilities have been initially exploited as a zero-day, which is a rise from 2022, when lower than half of the highest exploited vulnerabilities have been exploited as a zero-day.”
As additionally they revealed, 12 out of the highest 15 vulnerabilities routinely abused within the wild have been addressed final 12 months, lining up with the businesses warning that risk actors targeted their assaults on zero-days (safety flaws which were disclosed however are but to be patched).
Right here is the entire listing of final 12 months’s most exploited vulnerabilities and related hyperlinks to the Nationwide Vulnerability Database entries.
CVE-2023-3519, a code injection vulnerability in NetScaler ADC / Gateway that permits attackers to achieve distant code execution on unpatched servers, took the primary spot after state hackers abused it to breach U.S. crucial infrastructure organizations.
By early August 2023, this safety flaw had been leveraged to backdoor no less than 640 Citrix servers worldwide and over 2,000 by mid-August.
At this time’s advisory highlights 32 different vulnerabilities usually exploited final 12 months to compromise organizations and supplies info on how defenders can lower their publicity to assaults abusing them within the wild.
This June, MITRE additionally unveiled the 25 most harmful software program weaknesses for the earlier two calendar years and, in November 2021, an inventory of an important {hardware} weaknesses.
“All of those vulnerabilities are publicly identified, however many are within the high 15 listing for the primary time,” mentioned Jeffrey Dickerson, NSA’s cybersecurity technical director, on Tuesday.
“Community defenders ought to pay cautious consideration to developments and take speedy motion to make sure vulnerabilities are patched and mitigated. Exploitation will seemingly proceed in 2024 and 2025.”