Key takeaway: Ensure that you have patched these vulnerabilities—or have mitigations for them especially if your organization is in the technology, telecommunications, defense industrial base and other critical infrastructure sectors. [216 words]
What: The US National Security Agency (NSA), Cybersecurity and Infrastructure Agency (CISA) and the FBI have issued a joint cybersecurity advisory listing the top CVEs that threat actors believed to be working on behalf of the Chinese government are actively exploiting.
A sampling of vulnerabilities in the list: Apache Log4j RCE CVE-2021-44228; arbitrary file read Pulse Connect Secure CVE-2019-11510; ProxyLogon RCE vulnerability in Windows Exchange Server CVE-2021-26855; and VMware vCenter Server Vulnerability CVE-2021-22005
Recommended actions: The advisory urges organizations to update and patch their systems against the identified vulnerabilities, implement phishing-resistant MFA, use strong passwords, and block obsolete or unused protocols at the network edge.
Why it matters: The vulnerabilities in the list are all currently being actively exploited by threat actors that are known to have engaged in extensive trade secret and intellectual property theft, surveillance and spying, ransomware attacks and other financially motivated attacks.
Further reading:
Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors