National Cyber Security Centre
UK and allies publish advice to fix global cyber vulnerabilities
A joint advisory from international allies has offered advice for the most publicly known software vulnerabilities.
- Cyber agencies share details of the top 30 vulnerabilities routinely exploited by malicious actors in 2020
- Advisory highlights Common Vulnerabilities and Exposures (CVEs) being widely exploited in 2021
- UK, US and Australian cyber security organisations’ collaboration is the latest example of international allies working together to counter threats
Advice on countering the most publicly known—and often dated—software vulnerabilities has been published for private and public sector organisations worldwide.
The National Cyber Security Centre (NCSC), Cybersecurity and Infrastructure Security Agency (CISA), Australian Cyber Security Centre (ACSC), and Federal Bureau of Investigation (FBI) have today (Wednesday) published a joint advisory highlighting 30 vulnerabilities routinely exploited by cyber actors in 2020 and those being exploited in 2021.
In 2021, malicious cyber actors continued to target vulnerabilities in perimeter-type devices. Today’s advisory lists the vendors, products, and CVEs, and recommends that organisations prioritise patching those listed.
NCSC Director for Operations, Paul Chichester, said:
“We are committed to working with allies to raise awareness of global cyber weaknesses – and present easily actionable solutions to mitigate them.
“The advisory published today puts the power in every organisation’s hands to fix the most common vulnerabilities, such as unpatched VPN gateway devices.
“Working with our international partners, we will continue to raise awareness of the threats posed by those that seek to cause harm."
As well as alerting organisations to the threat, this advisory directs public and private sector partners to the support and resources available to mitigate and remediate these vulnerabilities.
Guidance for organisations on how to protect themselves in cyberspace can be found on the NCSC website. Our 10 Steps to Cyber Security collection provides a summary of advice for security and technical professionals.
On the mitigation of vulnerabilities, network defenders are encouraged to familiarise themselves with guidance on establishing an effective vulnerability management process. Elsewhere, the NCSC’s Early Warning Service also provides vulnerability and open port alerts.
CISA Executive Assistant Director for Cybersecurity, Eric Goldstein, said:
“Organisations that apply the best practices of cyber security, such as patching, can reduce their risk to cyber actors exploiting known vulnerabilities in their networks.
“Collaboration is a crucial part of CISA’s work and today we partnered with ACSC, NCSC and FBI to highlight cyber vulnerabilities that public and private organisations should prioritise for patching to minimise risk of being exploited by malicious actors.”
FBI Cyber Assistant Director, Bryan Vorndran, said:
“The FBI remains committed to sharing information with public and private organisations in an effort to prevent malicious cyber actors from exploiting vulnerabilities.
“We firmly believe that coordination and collaboration with our federal and private sector partners will ensure a safer cyber environment to decrease the opportunity for these actors to succeed.”
Head of the ACSC, Abigail Bradshaw CSC, said:
“This guidance will be valuable for enabling network defenders and organisations to lift collective defences against cyber threats.
“This advisory complements our advice available through cyber.gov.au and underscores the determination of the ACSC and our partner agencies to collaboratively combat malicious cyber activity.”
Latest News from
National Cyber Security Centre
Top of the class: Schools awarded by experts for high quality cyber teaching20/09/2021 12:20:00
Sixteen schools and colleges achieve recognition from the NCSC for excellence in cyber security education.
UK and US cyber security leaders meet to discuss shared threats and opportunities13/09/2021 11:15:00
National Cyber Security Centre CEO and Director of the US Cybersecurity and Infrastructure Security Agency meet in London.
Record number of teenagers sign up to develop cyber skills over summer26/08/2021 16:20:00
Participation at all-time high for CyberFirst summer courses, led by the National Cyber Security Centre (NCSC).
Email innovation simplifies takedown of cyber scams12/08/2021 14:15:00
Scam emails can be sent directly to SERS via a new button organisations can add to their Microsoft Office 365 accounts.
Tech startups join UK cyber experts to address security challenges11/08/2021 09:15:00
The first companies to work with the NCSC for Startups initiative have been selected.
Public can now report scam websites direct to the NCSC10/08/2021 11:15:00
A new reporting tool has been made available for the general public who come across scam websites.
NCSC lifts lid on three random words password logic09/08/2021 11:15:00
Cyber security experts recently (Friday) revealed in depth for the first time the logic behind their advice to use three random words when creating passwords.
UK and allies hold Chinese state responsible for pervasive pattern of hacking20/07/2021 14:05:00
Chinese state-backed actors were responsible for gaining access to computer networks around the world via Microsoft Exchange servers.