Allies publish advisory on exploited vulnerabilities of 2021

The UK and international partners have published an advisory for public and private sector organisations on the 15 most commonly exploited vulnerabilities in 2021.

The National Cyber Security Centre, alongside agencies in the US, Australia, Canada and New Zealand, has published the joint advisory which shows that malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities across the public and private sector worldwide.

Threat actors often geared their efforts towards targeting internet-facing systems, such as email and virtual private network (VPN) servers. It also indicates that, to a lesser extent, actors continue to exploit publicly known – and often dated – vulnerabilities, some of which were routinely exploited in 2020 or earlier.

Lindy Cameron, NCSC CEO, said: “The NCSC and our allies are committed to raising awareness of vulnerabilities and presenting actionable solutions to mitigate them. This advisory places the power in the hands of network defenders to fix the most common cyber weaknesses in the public and private sector ecosystem. Working with our international partners, we will continue to raise awareness of the threats posed by those who seek to harm us.”

The joint Cybersecurity Advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC), and United Kingdom’s National Cyber Security Centre (NCSC).