CISA Warns: Patch Top 30 Vulnerabilities Now to Stop 'Cyber Drones'
On July 28, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a crucial cybersecurity advisory, in collaboration with the Australian Cyber Security Centre, the UK's National Cyber Security Centre, and the FBI. The advisory highlights the top 30 regularly exploited vulnerabilities from 2020 and 2021, actively used by cyber threat actors, dubbed 'cyber drones' by the agency.
CISA's advisory mirrors the October 2020 NSA advisory, which listed the top 25 vulnerabilities targeted by Chinese state-sponsored actors. CISA recommends a multi-pronged approach to mitigate these risks. Firstly, organizations should minimize personnel gaps, consistently consume relevant threat intelligence, and maintain strict reporting processes for indications of compromise (IOCs).
Patching systems promptly is also vital. CISA advises implementing rigorous configuration management programs and disabling unnecessary ports, protocols, and services. Enhancing network and email traffic monitoring, and using protection capabilities to stop malicious activity are also recommended.
Qualys has released several remote and authenticated detections (QIDs) for these vulnerabilities, allowing users to search for them in the VMDR Dashboard. Additionally, CISA stresses the importance of requiring multi-factor authentication for remotely accessing networks from external sources, particularly for administrator or privileged accounts.
The CISA advisory serves as a timely reminder for organizations to prioritize and apply patches or workarounds for these top 30 vulnerabilities immediately. By following CISA's recommendations and utilizing tools like Qualys VMDR, organizations can effectively prioritize and mitigate these active threats, enhancing their overall cybersecurity posture.
Read also:
- Strengthening Defense against Multi-faceted menaces in the Age of Authority-driven Technology
- Industries Under Jeopardy Due to Multi-Accounting: Prevention Strategies Revealed in 2024
- Web3 Esports undergoes transformation as Aylab and CreataChain collaborate for a radical change
- Latest Tech Highlights: Top Gadgets of March 2025
