Five Eyes alliance has revealed the most exploited vulnerabilities of 2023
Zero-day exploits were the primary concern, with CVE-2023-3519 was at the top of the list
Businesses urged to patch as soon as possible to stay safe
The Five Eyes intelligence alliance has revealed the most routinely exploited vulnerabilities for 2023. The joint advisory, made with contributions from agencies in the US, UK, Australia, New Zealand, and Canada, has called for organizations to patch the security flaws to mitigate network exposure.
The agencies confirmed what many in the industry will know all too well, that threat actors focus their attacks on zero-day attacks, with 12 out of the top 15 exploited vulnerabilities initially exploited as a zero-day.
“In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets,” the advisory warned.
The top vulnerability for 2023 was CVE-2023-3519, a code injection in NetScaler ADC/Gateway using Citrix as the vendor, which was the tactic used in critical infrastructure attacks in the US last year, and had a severity rating of 9.8, making it a critical flaw.
Another high severity flaw in the top three, CVE-2023-20198, was one that Cisco issued a patch for in October 2023, which allowed attackers to create accounts on affected devices with privileged access, gaining full control over the device.
The agencies, as always, strongly encouraged end-user organizations to continually update software and applications, implement a robust patch management process, and perform regular secure systems backups to ensure your company stays safe against cyberattacks.
“Malicious cyber actors continue to have the most success exploiting vulnerabilities within two years after public disclosure of the vulnerability,” the advisory warned,
Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors
“The utility of these vulnerabilities declines over time as more systems are patched or replaced. Malicious cyber actors find less utility from zero-day exploits when international cybersecurity efforts reduce the lifespan of zero-day vulnerabilities.”
Original Author: Ellen Jennings-Trace | Source: TechRadar
The deal allows the U.S. to take more equity in Intel if the company doesn't…
We're expecting two new models alongside the all-new Apple Watch Series 11. | Original Author:…
Japan’s FugakuNEXT supercomputer will combine Fujitsu CPUs and Nvidia GPUs to deliver 600EFLOPS AI performance…
Microsoft has fired two more employees who participated in recent protests against the company’s contracts…
Microsoft announced its first homegrown AI models on Thursday: MAI-Voice-1 AI and MAI-1-preview. The company…
A comprehensive review of Max Tegmark's Life 3.0, exploring the future of artificial intelligence and…