It’s official — FBI, CISA, and NSA reveal the most exploited vulnerabilities of 2023

Akshit Behera

Five Eyes alliance has revealed the most exploited vulnerabilities of 2023

Zero-day exploits were the primary concern, with CVE-2023-3519 was at the top of the list

Businesses urged to patch as soon as possible to stay safe

The Five Eyes intelligence alliance has revealed the most routinely exploited vulnerabilities for 2023. The joint advisory, made with contributions from agencies in the US, UK, Australia, New Zealand, and Canada, has called for organizations to patch the security flaws to mitigate network exposure.

The agencies confirmed what many in the industry will know all too well, that threat actors focus their attacks on zero-day attacks, with 12 out of the top 15 exploited vulnerabilities initially exploited as a zero-day.

“In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets,” the advisory warned.

Injections and escalations

The top vulnerability for 2023 was CVE-2023-3519, a code injection in NetScaler ADC/Gateway using Citrix as the vendor, which was the tactic used in critical infrastructure attacks in the US last year, and had a severity rating of 9.8, making it a critical flaw.

Another high severity flaw in the top three, CVE-2023-20198, was one that Cisco issued a patch for in October 2023, which allowed attackers to create accounts on affected devices with privileged access, gaining full control over the device.

The agencies, as always, strongly encouraged end-user organizations to continually update software and applications, implement a robust patch management process, and perform regular secure systems backups to ensure your company stays safe against cyberattacks.

“Malicious cyber actors continue to have the most success exploiting vulnerabilities within two years after public disclosure of the vulnerability,” the advisory warned,

Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

“The utility of these vulnerabilities declines over time as more systems are patched or replaced. Malicious cyber actors find less utility from zero-day exploits when international cybersecurity efforts reduce the lifespan of zero-day vulnerabilities.”

Original Author: Ellen Jennings-Trace | Source: TechRadar

About

Shark’s Data Den provides data-driven insights and analysis on technology, business, and innovation.

AI artificial intelligence Artificial Intelligence: A Guide for Thinking Humans Being Human in the Age of Artificial Intelligence books bookself Dangers data science data scientist Human Compatible Human Compatible: Artificial Intelligence and the Problem of Control Life 3.0 machine learning Max Tegmark Melanie Mitchell Pedro Domingos Stuart Russell Superintelligence Superintelligence: Paths Dangers Strategies The Master Algorithm: How the Quest for the Ultimate Learning Machine Will Remake Our World

Discover more from The Shark's Data Den

Subscribe now to keep reading and get access to the full archive.

Continue reading