CISA, FBI, NSA, and International Partners Urge Organizations to Mitigate Top Routinely Exploited Vulnerabilities in New Cyber Advisory

By Aimee Andres | April 27, 2022

 

CISA, FBI, NSA, and International Partners Urge Organizations to Mitigate Top Routinely Exploited Vulnerabilities in New Cyber Advisory

 

The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with cybersecurity authorities of Australia[1], Canada[2], New Zealand[3], United Kingdom[4], the Federal Bureau of Investigation (FBI) and National Security Agency (NSA), announced a joint Cybersecurity Advisory that provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.

The impact of cybersecurity intrusions that leverage vulnerabilities in information technology and operational technology products threaten the public sector, the private sector, and ultimately the American people’s security and privacy.

This advisory provides recommended mitigations, which include applying timely patching to systems and implementing a centralized patch management system to reduce risk of compromise. Also, the cybersecurity authorities recommend prioritizing and strengthening vulnerability and configuration management, identity and access management, and positive controls and architecture. Executives, leaders, and network defenders are urged to implement recommendations to prepare for and mitigate the varied cyber exploits listed in the Cybersecurity Advisory here.

In addition to reviewing this new advisory, CISA encourages critical infrastructure executives and senior leaders to review our “Shields Up” webpage at cisa.gov/shields-up. Organizations should share information on incidents and unusual activity to CISA 24/7 Operations Center at report@cisa.gov or (888) 282-0870 and/or to the FBI via their local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.

 

Steve Lyddon
Protective Security Advisor, Region 5, Illinois
Cybersecurity & Infrastructure Security Agency
U.S. Department of Homeland Security
217-299-3954/ steven.lyddon@cisa.dhs.gov

Posted in CISA/DHS News