Summary
The following cybersecurity agencies coauthored this joint Cybersecurity Advisory (hereafter collectively referred to as the authoring agencies):
- United States: The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and National Security Agency (NSA)
- Australia: Australian Signals Directorate’s Australian Cyber Security Centre (ACSC)
- Canada: Canadian Centre for Cyber Security (CCCS)
- New Zealand: New Zealand National Cyber Security Centre (NCSC-NZ) and Computer Emergency Response Team New Zealand (CERT NZ)
- United Kingdom: National Cyber Security Centre (NCSC-UK)
This advisory provides details, collected and compiled by the authoring agencies, on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2023 and their associated Common Weakness Enumerations (CWEs). Malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks in 2023 compared to 2022, allowing them to conduct operations against high priority targets.
The authoring agencies strongly encourage vendors, designers, developers, and end-user organizations to implement the following recommendations, and those found within the Mitigations section of this advisory, to reduce the risk of compromise by malicious cyber actors.
- Vendors, designers, and developers. Implement secure by design and default principles and tactics to reduce the prevalence of vulnerabilities in your software.
- Follow the SP 800-218 Secure Software Development Framework (SSDF) and implement secure by design practices into each stage of the software development life cycle (SDLC). Establish a coordinated vulnerability disclosure p
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article:
- Follow the SP 800-218 Secure Software Development Framework (SSDF) and implement secure by design practices into each stage of the software development life cycle (SDLC). Establish a coordinated vulnerability disclosure p