In an effort to raise awareness among private companies and government agencies, cybersecurity agencies in the United States, the United Kingdom, and Australia have released a new joint advisory containing information about the world's most exploited security holes 'the last year and so far this year. . As The Record reported, the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, as well as the UK's National Cyber Security Center (NCSC) and the Australian Cyber Security Center (ACSC) have issued joint advisories on the main vulnerabilities exploited by cybercriminals. . These vulnerabilities exist in a wide variety of products, such as VPN devices, mail servers, network access gateways, web applications, office software, etc. Based on the joint opinion of the cybersecurity agencies, these were the most exploited security vulnerabilities in 2020 by vendor and type, along with their CVE tracking numbers:
Main vulnerabilities in 2021 to date
The joint advisory also contains a second list of vulnerabilities that cybercriminals have actively exploited in their attacks so far this year. However, this list is broken down by provider:- Microsoft Exchange: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065
- Secure impulse: CVE-2021-22893, CVE-2021-22894, CVE-2021-22899 and CVE-2021-22900
- Accellion: CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104
- VMware: CVE-2021-21985
- Fortinet: CVE-2018-13379, CVE-2020-12812 and CVE-2019-5591