To keep your information and computer safe, it’s essential to have clear steps in case of a cyberattack. This way, you can minimize any harm and protect your data effectively.
In this article, we’ll delve into cybersecurity challenges and solutions, emphasizing common vulnerabilities and exposures (CVEs) that aim to equip you with the knowledge to promptly address these issues, ensuring robust cybersecurity defense and safety.
12 Most Exploited Vulnerabilities to Be Mindful Of
You may be wondering what CVEs are. CVEs are a list of publicly disclosed information on security exposures and vulnerabilities. We’ll look into these vulnerabilities that were released in a Cybersecurity Advisory (CSA) by the following organizations:
- United States: The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI)
- Canada: Canadian Centre for Cyber Security (CCCS)
- United Kingdom: National Cyber Security Centre (NCSC-UK)
- Australia: Australian Signals Directorate’s Australian Cyber Security Centre (ACSC)
- New Zealand: New Zealand National Cyber Security Centre (NCSC-NZ) and Computer Emergency Response Team New Zealand (CERT NZ)
This aims to inform you about prevalent vulnerabilities you may encounter, helping you to address and mitigate them proactively.
This vulnerability affects the Atlassian Confluence Server and Data Center, a government and private company-used web-based collaboration tool.¹ It enables an unauthenticated cyber actor to execute arbitrary codes on vulnerable systems. This vulnerability was frequently targeted and experienced widespread exploitation in September 2021.
This is a critical vulnerability of the Remote Code Execution (RCE) type affecting the Atlassian Confluence and Data Center. RCEs allow an actor to execute malicious code remotely on a computer or system. This CVE is related to the Confluence vulnerability (CVE-2021-26084), which was exploited in 2022.
3. CVE-2021- 44228
Also known as Log4Shell, this vulnerability affects the open-source logging framework Apache’s Log4j library. This framework is incorporated into thousands of products globally.
To exploit this, an actor can submit a specially crafted request to a vulnerable system, which can then execute an arbitrary code. The actor can then take full control of the system to launch ransomware, steal information, and conduct other malicious activities. Actors started exploiting this vulnerability in December 2021, right after it was disclosed to the public.
Targeting Fortinet SSL VPNs, this vulnerability faced repeated exploitation from 2020 to 2021. The persistent attacks revealed a lapse in organizations’ software patching, indicating a failure to address the issue promptly.
5. CVE-2021-34473, CVE-2021-31207, CVE-2021-34523
These three vulnerabilities are in the Microsoft Client Access Service (CAS), which operates on port 443 in Microsoft Internet Information Services (IIS), such as the Microsoft web server. CAS facilitates user access to emails through browsers and devices, often exposed to the internet.
Referred to as ProxyShell, these three vulnerabilities specifically impact Microsoft’s Exchange email servers. Exploitation of these vulnerabilities allows remote actors to execute arbitrary code on the affected servers.
6. CVE-2022-22954, CVE-2022-22960
These two vulnerabilities affect VMware products such as the VMware Identity Manager and VMware Workspace ONE Access. These enable privilege escalation, authentication bypass, and RCE.
Through network access, an actor could trigger a server-side template injection that can end up with an RCE. Exploitation of these CVEs started in early 2022 and continued throughout the year.
This CVE implies a security flaw in the iControl REST authentication mechanism of F5 BIG-IP application delivery and security software.
Actors could exploit this weakness to interact with or manipulate the F5 BIG-IP system without proper authentication, leading to unauthorized control, data compromise, or other security risks. It highlights the importance of promptly addressing and resolving such vulnerabilities to prevent unauthorized access and protect the integrity of the affected software.
This CVE concerns a vulnerability in Windows’ Microsoft Support Diagnostic Tool (MSDT). Actors can exploit the system remotely as it enables unauthorized control of the affected system. Addressing and patching this vulnerability promptly is crucial to prevent potential security breaches.
This CVE allows Remote Code Executions (RCEs) in Zoho ManageEngine ADSelfService Plus. It was associated with using an outdated third-party dependency and was first exploited in late 2021, persisting throughout 2022.
Protect Ahead: Mitigations Organizations Can Apply
Securing every computer or device connected to your system is vital as it directly influences your organization’s operations, data integrity, and overall outcomes. Implementing effective mitigation strategies is essential to ensure the well-being of your systems.
1. Provide necessary permissions only.
If you wish to secure your systems, you may want to start by providing only the necessary permissions to most of your employees. This is so they can perform their functions using non-administrative privileges, and it would be easier to monitor where vulnerabilities may appear in your system.
2. Promptly patch, replace, or update your software, applications, operating systems, and firmware.
Prioritize patching the CVEs listed in the CSA, then proceed with those critical and highly vulnerable, such as those that enable RCEs.
If you can’t quickly patch a critical vulnerability, get in touch with your vendor and see if there are workarounds you can implement. Remember also to replace any software no longer supported by your vendor.
3. Perform system backups regularly.
You can secure your system by performing secure backups. Create copies of all your device configurations for restoration and repair. You can store your documents in physically secure locations off-network.
4. Conduct a thorough cybersecurity risk assessment.
Organizing a cybersecurity risk assessment can help your team improve its cybersecurity program by identifying what needs to be improved and what vulnerabilities need to be mitigated. It can also help your team create a plan to recover from cyberattacks, as it can give you time to identify risks.
During this time, communicate with your stakeholders and team members about the risks you’ve identified and collaborate in making informed decisions.
5. Educate employees regularly.
Enhancing the awareness of potential risks within your organization involves educating every member. Providing insights on Common Vulnerabilities and Exposures (CVEs) and how to recognize such vulnerabilities can cultivate a more responsible online behavior. This includes removing suspicious links or downloads and maintaining good password hygiene.
6. Work with a managed services provider (MSP).
If you are uncertain how to deal with certain vulnerabilities or need the latest technology to help you defend your cybersecurity, a managed services provider can help you.
Conduct research to identify professionals with expertise in cybersecurity or a track record of effectively addressing these vulnerabilities. Reputable MSPs can patch your applications, including file sharing, file storage, webmail, chat, and other collaborative tools for employees.
Related Reading: End-to-End Solutions: A Guide to Strategic System’s Managed Services
Keep Your Systems and Teams Updated
Whichever software programs or tools you are using, make sure that you keep them updated. Work with vendors or a reputable MSP to protect your organization from attacks and vulnerabilities.
Remember to also regularly educate your employees about safe online behaviors, as they are regularly in touch with your systems.
Given the regular interaction with your systems, consistently educate your employees on secure online practices. This proactive approach enhances overall cybersecurity within your organization.
PROTECT YOUR SYSTEMS FROM THREATS WITH STRATEGIC SYSTEMS
Protecting your systems and data can impact the entirety of your organization. Aside from the right tools and programs, you may need the help of the right experts to handle your cybersecurity. Let Strategic Systems help you connect with the experts you need.
We can deliver managed services, technical services, offshore services, or staffing solutions that can cover your business’s cybersecurity needs. Let’s work together towards protecting your systems. Get in touch with us today.
1. “2022 Top Routinely Exploited Vulnerabilities.” Cybersecurity and Infrastructure Security Agency, 3 Aug. 2023, www.cisa.gov/news-events/cybersecurity-advisories.