CISA and FBI Identify Top 10 Routinely Exploited Cyber Vulnerabilities

Summary

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader U.S. Government are providing this technical guidance to advise IT security professionals at public and private sector organizations to place an increased priority on patching the most commonly known vulnerabilities exploited by sophisticated foreign cyber actors.

This alert provides details on vulnerabilities routinely exploited by foreign cyber actors—primarily Common Vulnerabilities and Exposures (CVEs)1—to help organizations reduce the risk of these foreign threats.

Foreign cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organizations. Exploitation of these vulnerabilities often requires fewer resources as compared with zero-day exploits for which no patches are available.

The public and private sectors could degrade some foreign cyber threats to U.S. interests through an increased effort to patch their systems and implement programs to keep system patching up to date. A concerted campaign to patch these vulnerabilities would introduce friction into foreign adversaries’ operational tradecraft and force them to develop or acquire exploits that are more costly and less widely effective. A concerted patching campaign would also bolster network security by focusing scarce defensive resources on the observed activities of foreign adversaries.

For Malware Initial Finding Reports and Malware Analysis reports associated with the CVEs in this alert, see https://www.us-cert.gov/ncas/alerts/aa20-133a.

Related Resources

AHA Center for Health Innovation Market Scan
Health care is under attack as never before from cybercriminals, and the stakes are rising for hospitals and patient safety. The latest potential threat: The…
Advancing Health Podcast
Public
Over the past few years every leader of health care organization in the country has had to acknowledge the threat of a cyberattack that has the potential to…
Advancing Health Podcast
Public
In this special Cybersecurity podcast we have the opportunity to talk to leaders of an AHA member hospital who was a victim of a major ransomware attack in the…
Letter/Comment
Public
AHA letter to Senators Jack Rosen and Bill Cassidy, M.D. voicing support of the Healthcare Cybersecurity Act (S.3904).
Advisory
Public
President Biden today urged an immediate hardening of private-sector cyber defenses “based on evolving intelligence that the Russian Government is exploring…
Special Bulletin
Public
The Senate last night passed a $1.5 trillion omnibus appropriations bill that would fund the federal government through the end of the current fiscal year.