Skip to main content

These are the biggest security flaws of 2021 so far

Lock
(Image credit: Shutterstock)
Audio player loading…

In an effort to raise awareness among both private companies and government agencies, cybersecurity agencies from the US, the UK and Australia have published a new joint advisory (opens in new tab) which contains information on the most exploited security flaws from last year and so far this year.

As reported (opens in new tab) by The Record, the US Cybersecurity and Infrastructure Security Agency (CISA (opens in new tab)) and the FBI along with the UK National Cyber Security Centre (NCSC (opens in new tab)) and the Australian Cyber Security Centre (ACSC (opens in new tab)) all published joint advisories on the top vulnerabilities exploited by cybercriminals.

These vulnerabilities exist in a wide variety of products from VPN (opens in new tab) appliances, email servers, network access gateways, web-based applications, desktop software and more.

According to the cybersecurity agencies' joint advisory, these were the most exploited security flaws in 2020 by vendor and type along with their CVE tracking numbers:

Top vulnerabilities in 2021 so far

The joint advisory also contains a second list of vulnerabilities that cybercriminals have been actively exploiting in their attacks so far this year. However, this list is divided by vendor:

  • Microsoft Exchange: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065
  • Pulse Secure: CVE-2021-22893, CVE-2021-22894, CVE-2021-22899, and CVE-2021-22900
  • Accellion: CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104
  • VMware: CVE-2021-21985
  • Fortinet: CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591

By releasing these two lists of the top security flaws last year and so far this year, the cybersecurity agencies from the US, the UK and Australia hope to encourage businesses as well as government agencies to take a second look at their products and services so that they can patch any vulnerabilities (opens in new tab) they have yet to fix.

Director of operations at the UK's NCSC, Paul Chichester provided further insight on the joint advisory published by the three countries' cybersecurity agencies in a press release (opens in new tab), saying:

“We are committed to working with allies to raise awareness of global cyber weaknesses – and present easily actionable solutions to mitigate them. The advisory published today puts the power in every organisation’s hands to fix the most common vulnerabilities, such as unpatched VPN gateway devices. Working with our international partners, we will continue to raise awareness of the threats posed by those that seek to cause harm."

Via The Record (opens in new tab)

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.