Advancing UK Aerospace, Defence, Security & Space Solutions Worldwide
  • Home
  • /
  • Security
  • /
  • UK and allies publish cyber vulnerability fixes

Security

UK and allies publish cyber vulnerability fixes

The National Cyber Security Centre (NCSC), Cybersecurity and Infrastructure Security Agency (CISA), Australian Cyber Security Centre (ACSC) and the Federal Bureau of Investigation (FBI) have published advice on countering the most publicly known — and often dated — software vulnerabilities, for private and public sector organisations worldwide.

Above: The National Cyber Security Centre (NCSC), Nova South, London.
By Simone Flamigni / copyright Shutterstock

Last Wednesday, the NCSC, CISA, ACSC and FBI published a joint advisory highlighting 30 vulnerabilities routinely exploited by cyber actors in 2020 and those being exploited in 2021.

Advertisement
DSEI 2025

In 2021, malicious cyber actors continued to target vulnerabilities in perimeter-type devices. Today’s advisory lists the vendors, products, and CVEs, and recommends that organisations prioritise patching those listed.

NCSC Director for Operations, Paul Chichester, said: “We are committed to working with allies to raise awareness of global cyber weaknesses – and present easily actionable solutions to mitigate them.

“The advisory published today puts the power in every organisation’s hands to fix the most common vulnerabilities, such as unpatched VPN gateway devices.

“Working with our international partners, we will continue to raise awareness of the threats posed by those that seek to cause harm."

As well as alerting organisations to the threat, this advisory directs public and private sector partners to the support and resources available to mitigate and remediate these vulnerabilities.

Guidance for organisations on how to protect themselves in cyberspace can be found on the NCSC website. Our 10 Steps to Cyber Security collection provides a summary of advice for security and technical professionals.

On the mitigation of vulnerabilities, network defenders are encouraged to familiarise themselves with guidance on establishing an effective vulnerability management process. Elsewhere, the NCSC’s Early Warning Service also provides vulnerability and open port alerts.

CISA Executive Assistant Director for Cybersecurity, Eric Goldstein, said: “Organisations that apply the best practices of cyber security, such as patching, can reduce their risk to cyber actors exploiting known vulnerabilities in their networks.

“Collaboration is a crucial part of CISA’s work and today we partnered with ACSC, NCSC and FBI to highlight cyber vulnerabilities that public and private organisations should prioritise for patching to minimise risk of being exploited by malicious actors.”

Advertisement
ODU RT

FBI Cyber Assistant Director, Bryan Vorndran, said: “The FBI remains committed to sharing information with public and private organisations in an effort to prevent malicious cyber actors from exploiting vulnerabilities.

“We firmly believe that coordination and collaboration with our federal and private sector partners will ensure a safer cyber environment to decrease the opportunity for these actors to succeed.”

Head of the ACSC, Abigail Bradshaw CSC, said: “This guidance will be valuable for enabling network defenders and organisations to lift collective defences against cyber threats.

“This advisory complements our advice available through cyber.gov.au and underscores the determination of the ACSC and our partner agencies to collaboratively combat malicious cyber activity.”

 

 

Advertisement
Cranfield University
Boeing appoints Stephen Parker as CEO of BDS

Defence Security Space

Boeing appoints Stephen Parker as CEO of BDS

3 July 2025

Boeing today announced Stephen (Steve) Parker as president and chief executive officer of its Defense, Space & Security (BDS) business, effective immediately. Parker has served as interim leader of the Boeing business unit since September 2024.

Lancashire aims at advancing cyber-enabled defence and security

Defence Security Events

Lancashire aims at advancing cyber-enabled defence and security

3 July 2025

Over 200 senior business leaders, investors, policymakers and academics from across the UK gathered this week at the Lancashire Cyber Festival to discuss Lancashire’s opportunity to become a global leader in cyber-enabled defence and security.

Airframe Designs aligns with US NCAMP standards

Aerospace Defence Security

Airframe Designs aligns with US NCAMP standards

3 July 2025

Airframe Designs has aligned its material systems with the US National Centre for Advanced Materials Performance (NCAMP) which works with the Federal Aviation Administration (FAA) and industry partners to support its existing testing processes.

Bernd Kögel to spearhead launch of DSEI Germany

Defence Security Events

Bernd Kögel to spearhead launch of DSEI Germany

3 July 2025

Clarion Events Defence and Security has announced the appointment of Colonel (ret) Bernd Kögel as Managing Director of DSEI Germany, effective 1st October 2025.

Advertisement
Leonardo RT
Siemens and NVIDIA team to drive AI in advanced manufacturing

Aerospace Defence Security

Siemens and NVIDIA team to drive AI in advanced manufacturing

2 July 2025

Siemens and NVIDIA are expanding their partnership to accelerate the next era of industrial AI and digitalisation, towards enabling the factory of the future.

Expleo partners with Keyfactor on cryptography solutions

Security

Expleo partners with Keyfactor on cryptography solutions

2 July 2025

Expleo has signed a strategic partnership with identity-first security solutions provider Keyfactor, to offer its clients across all industries Keyfactor’s cybersecurity solutions, designed to help businesses address the ever-changing cyber-threat landscape.

Advertisement
DSEI 2025