The Australian Cyber Security Centre (ACSC) has issued a joint advisory with its counterparts in the United States and United Kingdom, setting out the top 30 cyber-security vulnerabilities exploited by malicious cyber actors since 2020.
The ACSC has co-authored with the US Cybersecurity and Infrastructure Security Agency (CISA), the United Kingdom’s National Cyber Security Centre (NCSC), and the US Federal Bureau of Investigation (FBI) — the first time all four Agencies have issued joint advice on cyber vulnerabilities of mutual concern.
In a statement accompanying the advisory, the ACSC said a range of malicious cyber actors, including criminal syndicates operating worldwide, had been targeting Australians, conducting cyber operations that threatened national, economic and security interests in the private sector and Government, as well as households.
“The ACSC, CISA, NCSC and FBI detail how malicious entities have quickly and routinely sought to exploit publicly known — and often dated — software vulnerabilities against a range of targets,” it said.
“Organisations can mitigate these vulnerabilities by applying readily-available patches to systems and implementing a centralised patch management system.”
The ACSC said the advisory had concluded that organisations and households had likely been exploited by malicious cyber actors through more recently disclosed software flaws in 2020 because of the expansion of remote work arrangements during the COVID-19 pandemic.
“Four of the most targeted vulnerabilities in 2020 affected remote work, virtual private networks, or cloud technologies,” it said.
The ACSC said the international Agencies assessed that public and private organisations worldwide remained vulnerable to compromise from the exploitation of these cyber vulnerabilities unless they were urgently patched.
Advice on patching is available on the ACSC website at this PS News link.