top of page
  • Writer's pictureORNA
    • Oct 24, 2022
    • 2 min read

AWARE. PREPARE. RESPOND - Top 20 Vulnerabilities Announced By US Agencies

AWARE:

US authorities, the FBI, CISA, and the NSA have released a 'top 20' of vulnerabilities used by Chinese threat actors since 2020. The vulnerabilities predominantly allowed remote code execution or command injection and affected a number of technologies, including Log4J and vendors such as Microsoft, Atlassian, F-5, and Citrix.

The software listed within the top 20 is commonly used in business environments and provides actors with a wide range of targets to leverage for data theft.

The full list of vulnerabilities is below:

  1. Apache Log4J (CVE-2021-44228)

  2. Pulse Connect Secure (CVE-2019-11510)

  3. GitLab CE/EE (CVE-2021-22205)

  4. Atlassian (CVE-2022-26134)

  5. Microsoft Exchange (CVE-2021-26855)

  6. F5 Big-IP (CVE-2020-5902)

  7. VMware vCenter Server (CVE-2021-22005)

  8. Citrix ADC (CVE-2019-19781)

  9. Cisco Hyperflex (CVE-2021-1497)

  10. Buffalo WSR (CVE-2021-20090)

  11. Atlassian Confluence Server and Data Center (CVE-2021-26084)

  12. Hikvision Webserver (CVE-2021-36260)

  13. Sitecore XP(CVE-2021-42237)

  14. F5 Big-IP (CVE-2022-1388)

  15. Apache (CVE-2022-24112)

  16. ZOHO (CVE-2021-40539)

  17. Microsoft (CVE-2021-26857)

  18. Microsoft (CVE-2021-26858)

  19. Microsoft (CVE-2021-27065)

  20. Apache HTTP Server (CVE-2021-41773)

Source: CISA.gov


PREPARE:

Minimizing vulnerabilities within your organization reduces the opportunities for attackers to successfully breach your network, and therefore, reduces the risk of compromise and data loss. We recommend that organizations consider the steps below to identify possible threats:

  • Review the CISA briefing and determine if you have any vulnerable technology on your estate.

  • Update and patch software promptly wherever possible to reduce the availability of security weaknesses.

  • Utilize multi-factor authentication wherever available.

  • Block obsolete or unused network protocols at the network perimeter.

  • Collect and monitor logs from perimeter devices.


RESPOND:

ORNA provides organizations with a clear, step-by-step guide for how to respond in the event of a cyber attack supported, if needed, by our incident response experts.


In addition, ORNA's Alerts module allows organizations to monitor assets and provides alerts enriched with deep insight including tools, tactics, procedures, and indicators of compromise, allowing you to promptly identify and respond to potential network threats.


If you have any questions, need more information, or require support in implementing these recommendations please contact: support@orna.app

An article by Eleanor Upson

Edited by Anne Caminer

26 views
orna_sh_5_edited.jpg

Rome wasn't built in a day, but your SOC might be.

Subscribe

Weekly cyber insights

Thanks for submitting!

bottom of page