/ en Fri, 02 May 2025 21:43:32 -0500 Wed, 27 Apr 22 11:46:40 -0500 /tlp-white-reports/2022-04-27-joint-cybersecurity-advisory-aa22-117a-tlpwhite-2021-top-routinely <div class="container row"> <div class="row"> <div class="col-md-8"> <p>The purpose of this Joint Cybersecurity Advisory is to inform private sector partners of the top 15 exploited vulnerabilities and provide steps for mitigation. This product is marked TLP:WHITE. The information in this product may be distributed without restriction, subject to copyright controls.</p> <p>Please see the attached Joint Cybersecurity Advisory: AA22-117A TLP:WHITE, 2021 Top Routinely Exploited Vulnerabilities.</p> <h2>2021 Top Routinely Exploited Vulnerabilities</h2> <h3>Summary</h3> <p>This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (<a href="https://www.cisa.gov/" target="_blank">CISA</a>), National Security Agency (<a href="https://www.nsa.gov/Cybersecurity/" target="_blank">NSA</a>), Federal Bureau of Investigation (<a href="https://www.fbi.gov/investigate/cyber" target="_blank">FBI</a>), Australian Cyber Security Centre (<a href="https://www.cyber.gov.au/" target="_blank">ACSC</a>), Canadian Centre for Cyber Security (<a href="https://www.cyber.gc.ca/en/" target="_blank">CCCS</a>), New Zealand National Cyber Security Centre (<a href="https://www.gcsb.govt.nz/" target="_blank">NZ NCSC</a>), and United Kingdom’s National Cyber Security Centre (<a href="https://www.ncsc.gov.uk/" target="_blank">NCSC-UK</a>). This advisory provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.</p> <p>U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities assess, in 2021, malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities against broad target sets, including public and private sector organizations worldwide. To a lesser extent, malicious cyber actors continued to exploit publicly known, dated software vulnerabilities across a broad spectrum of targets.</p> <p>The cybersecurity authorities encourage organizations to apply the recommendations in the Mitigations section of this CSA. These mitigations include applying timely patches to systems and implementing a centralized patch management system to reduce the risk of compromise by malicious cyber actors.</p> <p><em>See the complete report PDF below.</em></p> </div> <div class="col-md-4"> <div> <p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p> <h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3> <h4>National Advisor for Cybersecurity and Risk, AHA</h4> <h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4> <h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4> <div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div> <div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div> </div> </div> </div> </div> Wed, 27 Apr 2022 11:46:40 -0500 TLP: White Reports