The Cybersecurity and Infrastructure Security Agency issued an advisory April 27 warning organizations to apply timely patches and implement a centralized patch management system to reduce their risk of compromise from the most common cyber vulnerabilities exploited by malicious cyber criminals in 2021 and 2020.
Here are six things to know:
- In 2021, malicious cyber criminals targeted internet-facing systems, such as email servers and virtual private networks.
- The advisory included 15 of the most exploited vulnerabilities.
- Top of the list was the maximum severity Log4Shell vulnerability in the Apache Log4j open source logging framework.
- The other top vulnerability listed was CVE-2021-44228, which can be remotely exploited by hackers, allowing the execution of arbitrary code, which would give the attacker full control of a vulnerable system.
- CISA advised that patching these vulnerabilities will ensure they cannot be exploited.
- CISA also included a list of mitigations that make it harder for threat actors to exploit these and other vulnerabilities.
The advisory was created by an alliance of intelligence agencies from Australia, Canada, New Zealand, the United Kingdom and the U.S.