Governments release joint advisory on top cyber vulnerabilities

Jul 28, 2021 - 02:37 PM
FDAcybersecurity

The U.S. Cybersecurity and Infrastructure Security Agency and FBI, Australian Cyber Security Centre, and United Kingdom National Cyber Security Centre today released an advisory detailing the top 30 cyber vulnerabilities in 2020 and 2021. 

“Organizations are encouraged to remediate or mitigate vulnerabilities as quickly as possible to reduce the risk of exploitation,” the advisory states. “Most can be remediated by patching and updating systems. Organizations that have not remediated these vulnerabilities should investigate for the presence of [indicators of compromise] and, if compromised, initiate incident response and recovery plans.”

John Riggi, AHA senior advisor for cybersecurity and risk, said, “This advisory is very important for a number of reasons. First, it clearly demonstrates that our cyber adversaries are most likely to exploit well-known vulnerabilities for which patches already exist. They are simply trying to beat us in the never-ending race to patch. This advisory also highlights the necessity of having an effective patch management program, especially as it relates to medical devices. On the plus side, this rare joint U.S., U.K. and Australian cyber advisory demonstrates the significantly increased level of cooperation and intelligence exchange in cyber defense among allied nations. No doubt the information contained in this advisory is of high confidence and should be acted upon immediately.”

For further information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org.
 

Related News Articles

Headline
Agencies issue advisories on Conti ransomware, sanctions risks
The Cybersecurity and Infrastructure Security Agency, FBI and National Security Agency yesterday issued an advisory to help organizations secure their…
Headline
New AHA podcast highlights cyber threats to hospitals, health systems  
John Riggi, AHA’s senior advisory for cyber security and risk, speaks with Edward You, supervisory special agent in the FBI’s Weapons of Mass Destruction…
Headline
White House, technology companies announce cybersecurity initiatives
The National Institute of Standards and Technology will work with technology leaders to develop a framework to improve security in the technology supply chain…
Headline
FBI alerts organizations to new ransomware threat
The FBI today released an alert on Hive ransomware, which uses mechanisms such as phishing emails with malicious attachments and Remote Desktop Protocol to…
Headline
FBI alerts organizations to OnePercent Group ransomware attacks, mitigations
The FBI yesterday alerted U.S. organizations to ransomware attacks by a group using phishing emails to access victim networks and download Cobalt Strike threat…
Headline
BlackBerry announces cyber threat to operating system for medical devices
BlackBerry yesterday announced a set of cyber vulnerabilities in its QNX Real Time Operating System for medical devices and other products, which a remote…