Federal Agencies List Top 10 Exploited Security Bugs Used by Foreign Hackers
The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued Alert AA20-133A. This alert provides guidance and information on the top ten exploited vulnerabilities. The federal agencies have listed the top ten most commonly exploited vulnerabilities since 2016.
The information is broken down by who that attacks are attributed to; Nation-state, nonstate, and unattributed atatcks.
Alert AA20-133A provides details Common Vulnerabilities and Exposures, or CVE, used by cyber criminals to conduct espionage, hack government agencies, and steal money to fund operations. Earlier today, DHS, the FBI, and US Department of Justice issued a joint alert on criminal cyber activity carried out by North Korea’s HIDDEN COBRA. Vulnerabilities are security flaws that exist in hardware, software, and apps. These flaws are already patched by hardware manufacturers, and developers. But when a deice is left unpatched, it leaves the deice, the information on it, and the network it is connected to vulnerable to hackers.
Zero-day exploits are vulnerabilities that are new, and no fix exists yet. Advanced Persistent Threat (APT) groups are hackers that work for governments. They carry out hacking activities – espionage, monetary theft, corporate espionage – for their sponsoring nation.
Top 10 Most Exploited Vulnerabilities 2016 – 2019
| Vulnerability | Vulnerable Products | Associated Malware |
| CVE-2017-11882 | Microsoft Office 2007 SP3/2010 SP2/ | Loki, FormBook, Pony/FAREIT |
| CVE-2017-0199 | Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016, Vista SP2, Server 2008 SP2, Windows 7 SP1, Windows 8.1 | FINSPY, LATENTBOT, Dridex |
| CVE-2017-5638 | Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 | JexBoss |
| CVE-2012-0158 | Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2 | Dridex |
| CVE-2019-0604 | Microsoft SharePoint | China Chopper |
| CVE-2017-0143 | Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 | Multiple using the EternalSynergy and EternalBlue Exploit Kit |
| CVE-2018-4878 | Adobe Flash Player before 28.0.0.161 | DOGCALL |
| CVE-2017-8759 | Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 | FINSPY, FinFisher, WingBird |
| CVE-2015-1641 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 | Toshliph, UWarrior |
| CVE-2018-7600 | Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 | Kitty |
