Five Eyes infosec agencies list 2024's most exploited software flaws
The cyber security agencies of the UK, US, Canada, Australia, and New Zealand have issued their annual list of the 15 most exploited vulnerabilities, and warned that attacks on zero-day exploits have become more common.
"More routine initial exploitation of zero-day vulnerabilities represents the new normal which should concern end-user organizations and vendors alike as malicious actors seek to infiltrate networks," wrote Ollie Whitehouse, CTO of the UK's National Cyber Security Centre.
"To reduce the risk of compromise, it is vital all organizations stay on the front foot by applying patches promptly and insisting upon secure-by-design products in the technology marketplace," he added. "We urge network defenders to be vigilant with vulnerability management, have situational awareness in operations and call on product developers to make security a core component of product design and life-cycle to help stamp out this insidious game of whac-a-mole at source."
The top two spots on the list go to Citrix, which topped the chart with a remote code execution bug in versions 12 and 13 of NetScaler ADC and Gateway. The two platforms also got a second place spot due to sensitive information leaking when they are configured as a gateway or authentication, authorization and accounting (AAA) server.
