This joint Cybersecurity Advisory was coauthored by cybersecurity authorities of the US, Australia, Canada, New Zealand, and the UK. This advisory provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.

AA22-117A Alert, Technical Details, and Mitigations

Top 15 CVEs Routinely Exploited in 2020

Risk Considerations for Managed Service Provider Customers

Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses

How to Manage Your Security When Engaging a Managed Service Provider

CISA Capacity Enhancement Guide – Implementing Strong Authentication

Implementing Multi-Factor Authentication

CISA’s Apache Log4j Vulnerability Guidance

All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at [email protected] or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or [email protected].

Learn more about your ad choices. Visit megaphone.fm/adchoices