Experts Reaction On DHS CISA and FBI share list of top 10 most exploited vulnerabilities

335 0
Dot Your Expert Comments
Facebook Twitter WhatsApp Google LinkedIn Email

It has been reported that US cybersecurity agencies have outlined the top 10 most exploited software vulnerabilities across the past 4 years. The report, authored by the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS CISA) and the FBI, urges organisations in the public and private sector to apply necessary updates in order to prevent the most common forms of attacks encountered today. This includes attacks carried out by state-sponsored, non-state, and unattributed threat actors. US government officials argue that applying patches could degrade the cyber arsenal of foreign actors targeting US entities, as they’d have to invest resources into developing new exploits, rather than relying on old and tested bugs.

EXPERTS COMMENTS
Martin Jartelius, CSO ,  Outpost24
May 14, 2020
If organisations would have to prioritise just one system they would spend that extra love and attention on, the very first to start with, those VPN
This shows quite clearly that while many focus our attention on the “risks and vulnerabilities of tomorrow”, the ones that most frequently will end up hurting us are the ones of yesteryear which we have still not managed to identify and resolve. Predictively most attackers are either using macro-based malware to reach their goals when the endpoints are users, either via tricking users to allo ....
[Read More >>]
Eoin Keary, CEO and Cofounder,  Edgescan
May 14, 2020
It’s also of importance to note that common vulnerabilities used to exploit systems are years old and not "zero day" issues.
The DHS report appears to align what we are seeing in the wild, detailed in the Edgescan Vulnerability stats report. CVEs are an attack vector which should be mitigated with good patching and/or maintenance procedures. It’s also of importance to note that common vulnerabilities used to exploit systems are years old and not "zero day" issues. Web application vulnerabilities should also be menti ....
[Read More >>]
Tim Mackey, Principal Security Strategist,  Synopsys CyRC
May 14, 2020
The majority of the vulnerabilities listed are within Windows
Understanding attack vectors used on large scale attacks is always valuable to defenders, particularly those whose business would count as a prime target. In the CISA Top 10 Vulnerabilities Report we see confirmation that attackers do indeed exploit vulnerabilities in older software, and that the “long-tail” patch problem we’ve seen within open source is as prevalent within IT organisations ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments
In this article