CISA Alert: Top 10 Routinely Exploited Vulnerabilities, 2016-2019

May 13, 2020

Recently, the Cybersecurity & Infrastructure Security Agency (CISA), the FBI, and US government published an alert on the Top 10 Routinely Exploited Vulnerabilities identified by the US government between 2016 to 2019.

The alert aims to provide organizations with a list of vulnerabilities, most of which are Common Vulnerabilities and Exposures (CVEs), that are being exploited repeatedly by cyber criminals.

Although many threat actors choose to find and target Zero-Day vulnerabilities, the advantage of using known vulnerabilities is that they don’t require as many resources as the Zero-Day exploits and many can be used to broadly target both the public and private sectors.

According to the alert, the top 10 most exploited vulnerabilities are: CVE-2017-11882, CVE-2017-0199, CVE-2017-5638, CVE-2012-0158, CVE-2019-0604, CVE-2017-0143, CVE-2018-4878, CVE-2017-8759, CVE-2015-1641, and CVE-2018-7600.

Herjavec Group recommends that organizations routinely patch their systems and implement any security updates for software applications as soon as they become available. Patching remains one of the most significant ways to render the exploitation of known vulnerabilities ineffective.

For a detailed breakdown of mitigation strategies for each particular CVE, please read the full alert by CISA here.

Herjavec Group's Threat Management & Incident Response team is available for further support and consultation. If you need Incident Response support or Security Expertise, please connect with us.

Herjavec Group continues to track COVID-19 related cyberattacks. We have a complete resource center tracking COVID-19 related threats, malware types, as well as a summary of IOCs and domains specific to COVID-19. Review it here.

About Herjavec Group

Dynamic entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. We have been recognized as one of the world’s most innovative cybersecurity operations leaders, and excel in complex, multi-technology environments. Our service expertise includes Advisory Services, Technology Architecture & Implementation, Identity Services, Managed Security Services, Threat Management and Incident Response. Herjavec Group has offices and Security Operations Centers across the United States, United Kingdom and Canada.

Stay Informed

Follow us on Twitter

Connect with us on LinkedIn