National Cyber Security Centre, a division of GCHQ, along with agencies from the US, Australia, Canada and New Zealand, have released a Joint Advisory note detailing the 12 most commonly exploited vulnerabilities in 2022.
Malicious cyber actors have continued to target internet-facing systems through previously disclosed vulnerabilities despite the availability of security updates to fix them. This is highlighted by the fact that more than half of the top vulnerabilities listed for 2022 also appeared on the previous year’s list. Such findings accentuate the need for organisations to apply security updates promptly, as attackers tend to exploit known vulnerabilities within the first two years of public disclosure to maximise impact. The advisory note also includes technical details on 30 other routinely exploited vulnerabilities and mitigation advice to help reduce the risk of compromise. UK organisations are advised to sign up for the NCSC’s Early Warning service to receive alerts about potential issues, including vulnerabilities, affecting their networks.
Click here to read the full press release from NCSC