CISA Warns: 2021's Most Exploited Vulnerabilities Still Pose Threats
Cybersecurity authorities worldwide have sounded the alarm on the most exploited vulnerabilities in 2021. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has published a comprehensive security report detailing these threats and providing mitigation guidance.
CISA's 2021 Top Routinely Exploited Vulnerabilities Report highlights the continued exploitation of older vulnerabilities. Three from the 2020 list, CVE-2020-1472, CVE-2018-13379, and CVE-2019-11510, remained popular among malicious actors. Newly disclosed vulnerabilities also faced immediate attacks. Log4Shell (CVE-2021-44228) was widely exploited, allowing attackers to run arbitrary Java code on vulnerable systems.
Microsoft Exchange email servers were targeted through ProxyShell (CVE-2021-34523, CVE-2021-34473, CVE-2021-31207) and ProxyLogon (CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, CVE-2021-27065) vulnerabilities. Confluence Server and Data Center also faced an Object Graph Navigation Library injection vulnerability (CVE-2021-26084).
CISA's report underscores the importance of prompt vulnerability patching and mitigation. Tools like Qualys VMDR can help automate detection and remediation of many exploited vulnerabilities. Cybersecurity authorities worldwide urge organizations to follow the mitigation guidance provided in the report to protect their systems.
Read also:
- Bridge the IT-Security Divide with Qualys VMDR for ITSM: A New Application to Streamline Your IT and Security Operations
- Italy passes AI legislation addressing privacy concerns, supervision, and kid-safe access
- East Asian countries should be cautious, as scamming operations are moving towards the region - it's high time we stay vigilant. - Phar Kim Beng
- Senators pressure nominated leader of CISA on election security concerns, focus of agency highlighted
