AdvisoriesCISAAA23-215AAugust 3, 2023
August 3, 2023
This advisory highlights the Common Vulnerabilities and Exposures (CVEs) that were frequently exploited by malicious cyber actors in 2022, with a particular emphasis on older software vulnerabilities and unpatched, internet-facing systems. The authoring agencies strongly recommend vendors, designers, developers, and end-user organizations to follow the suggested mitigations. For vendors and developers, this involves implementing secure-by-design principles and adhering to the Secure Software Development Framework (SSDF) throughout the software development life cycle. Additionally, end-user organizations are advised to apply timely patches, employ a centralized patch management system, and use security tools to enhance product security and protect against cyber threats.
August 3, 2023
Threat actors generally have the most success exploiting known vulnerabilities within the first year or two of their disclosure. Their value gradually decreases as the associated software is upgraded and patched. Safe automated patching reduces the effectiveness of known exploitable vulnerabilities, decreases the pace of threat actor operations and forces adversaries to pursue more costly and time-consuming methods, such as zero-day exploit development. Establishing an automated patching process - across all endpoints - is table stakes for a good security posture. Your endpoint defense, such as EDR, should be your last line of defense against unpatched vulnerabilities. An EDR should be capable of detecting and preventing an exploit attempt.
Be immediately notified of new advisories and associated security tests
AdvisoryCISAAA24-207AJuly 25, 2024
