| Link(s): | NCSC and allies reveal most common cyber vulnerabilities… – NCSC.GOV.UK 2022 Top Routinely Exploited Vulnerabilities | CISA |
Context
In a new joint advisory, the National Cyber Security Centre – a part of GCHQ – and agencies in the US, Australia, Canada and New Zealand have revealed a list of the top 12 vulnerabilities that were routinely exploited last year.
Key points to note
More than half of the top vulnerabilities listed for 2022 also appeared on the previous year’s list, highlighting how malicious cyber actors continued targeting previously disclosed flaws in internet-facing systems, despite security updates being available to fix them. Attackers generally see the most success exploiting known vulnerabilities within the first two years of public disclosure and likely target their exploits to maximise impact, emphasising the benefit of organisations applying security updates promptly.
In addition to the top 12 list, the advisory also provides technical details about 30 other routinely exploited vulnerabilities, alongside mitigation advice to help organisations and software developers reduce the risk of compromise. UK organisations are also encouraged to sign up for the NCSC’s Early Warning service to receive alerts about potential issues, including vulnerabilities, affecting their networks.
Next actions
None – for information and awareness.