Top 30 serious security holes are being exploited by hackers the most
Recently, the cybersecurity agencies of Australia, the UK and the US have issued a joint report detailing the most exploited vulnerabilities in 2020 and 2021.
This report shows that cybercriminals can quickly turn a publicly reported vulnerability into a weapon to their advantage.
This report also includes a list of the top 30 critical security holes that are being exploited by hackers the most. These 30 vulnerabilities appear in a variety of software including teleworking, virtual private networks (VPNs), and cloud-based technologies. These are products of many big names such as Microsoft, VMware, Pulse Secure, Fortinet, Accelion, Citrix, F5 Big IP, Atlassian and Drupal.
Here are the most exploited critical security holes in 2020:
- CVE-2019-19781 (CVSS score: 9.8): Citrix Application Delivery Controller (ADC) and Gateway Directory Transport Vulnerability
- CVE-2019-11510 (CVSS score: 10.0): Pulse Connect Secure arbitrary file reading vulnerability
- CVE-2018-13379 (CVSS score: 9.8): Fortine FortiOS pipeline vulnerability leads to system file leak
- CVE-2020-5902 (CVSS score: 9.8): F5 BIG-IP Remote Code Execution Vulnerability
- CVE-2020-15505 (CVSS score: 9.8): MobileIron Core & Connector Remote Code Execution Vulnerability
- CVE-2020-0688 (CVSS score: 8.8): Microsoft Exchange memory corruption vulnerability
- CVE-2019-3396 (CVSS score: 9.8) - Atlassian Confluence Server remote code execution vulnerability
- CVE-2017-11882 (CVSS score: 7.8) - Microsoft Office memory corruption vulnerability
- CVE-2019-11580 (CVSS score: 9.8) - Atlassian Crowd and Crowd Data Center remote code execution vulnerability
- CVE-2018-7600 (CVSS score: 9.8) - Drupal Remote Code Execution Vulnerability
- CVE-2019-18935 (CVSS score: 9.8) - Telerik .NET decryption vulnerability leads to remote code execution
- CVE-2019-0604 (CVSS score: 9.8) - Microsoft SharePoint Remote Code Execution Vulnerability
- CVE-2020-0787 (CVSS score: 7.8) - Windows Platform Intelligent Transport Service (BITS) privilege escalation vulnerability
- CVE-2020-1472 (CVSS score: 10.0) - Windows Netlogon Privilege Escalation Vulnerability
List of the most actively exploited security vulnerabilities so far in 2021:
- Microsoft Exchange Server: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 (also known as "ProxyLogon")
- Pulse Secure: CVE-2021-22893, CVE-2021-22894, CVE-2021-22899 and CVE-2021-22900
- Accelion: CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, and CVE-2021-27104
- VMware: CVE-2021-21985
- Fortinet: CVE-2018-13379, CVE-2020-12812 and CVE-2019-5591
According to experts, cybercriminals are increasingly exploiting software vulnerabilities to attack large groups of objects, including both private and institutional, around the world. However, users and organizations can mitigate the damage of these reported vulnerabilities by updating patches early and implementing a centralized patch management system.
You should read it
- Patches of dangerous vulnerabilities being exploited by hackers contain dangerous holes and then continue to be exploited by hackers
- The US shares the top 20 vulnerabilities most exploited by Chinese hackers since 2020 until now
- 10 security holes exploited by hackers in 2018
- Detect 2 serious security holes in the Zoom application
- Internet Explorer has vulnerabilities, unused users are still hacked
- Microsoft has a group of 'elite' hackers that specialize in attacking Windows to keep the operating system safe
- The security flaw threatens more than 2 billion Google Chrome users
- White-hat hackers, from their passion to the job to earn money, and little-known things
- There are vulnerabilities that allow hackers to bypass the fingerprint security mechanism of Lenovo computers
- AMD patched a series of security holes in the graphics driver for Windows 10
- Google Chrome again urgently updates to patch serious security holes
- Google Chrome has an urgent update, patching a serious zero-day vulnerability being exploited by hackers