US, Allied Cybersecurity Agencies Publish Joint Advisory About Most Common Cyber Vulnerabilities

Cybersecurity agencies within and outside the United States have published a joint advisory informing organizations about common vulnerabilities and exposures hackers used in 2022.

The advisory, titled “2022 Top Routinely Exploited Vulnerabilities,” includes details on the 12 most exploited cybersecurity flaws and an overview of 30 vulnerabilities hackers use to infiltrate organizations. The document also includes the root causes of vulnerabilities, as well as recommendations on how organizations can minimize their risks of exposure.

The CSA also urges technology vendors to implement specific secure-by-design principles and ensure that all published CVEs include common weakness enumerations that identify the cause of vulnerabilities, the Cybersecurity and Infrastructure Security Agency said.

The document was co-published by the National Security Agency, the FBI, the Australian Cyber Security Centre, the Canadian Centre for Cyber Security, the New Zealand National Cyber Security Centre, the Computer Emergency Response Team New Zealand and the U.K. National Cyber Security Centre.

The multinational cybersecurity advisory release comes two months after cybersecurity authorities from the Five Eyes intelligence alliance issued a joint CSA warning IT professionals and organizations about the primary tactics, techniques and procedures used by the China-sponsored Volt Typhoon hacking group. It also follows the release of two cyber advisories CISA co-published with its partners from Australia and Norway.