The National Cyber Security Centre (NCSC) has issued a cyber security advisory in collaboration with its international partners detailing common vulnerabilities and exposures.

The advisory covers common vulnerabilities and exposures that malicious cyber actors frequently exploit.

These include the 15 most commonly exploited of 2021.

The NCSC notes that disclosed critical software vulnerabilities in both the public and private sectors continue to be a significant target for malicious cyber actors.

Even though the top 15 vulnerabilities have previously been disclosed, the NCSC explains that the advisory is intended to assist companies in prioritising their mitigation strategies.

International partners working with the NCSC include Cybersecurity and Infrastructure Security Agency, NSA, FBI, Australian Cyber Security Centre, Canadian Centre for Cyber Security, and the United Kingdom's National Cyber Security Centre.

Measures agreed upon by the cybersecurity authorities include vulnerability and configuration management (such as updating software, operating systems, applications, and firmware), identifying and accessing management (including ensuring multi-factor authentication is in place for all users), and the implementation of protective controls and architecture (such as adequately configuring and securing internet-facing network devices).

The announcement of this advisory comes after Advantage partnered with the NCSC's Malware Free Networks (MFN) service.

A branch of the GCSB, the NCSC has developed MFN as a service intended to reinforce New Zealand's cyber defence capabilities.

MFN does this through threat detection and disruption that offers near real-time threat intelligence, providing insight into current malicious activity targeting New Zealand organisations.

The NCSC explains that its MFN service works with various local partners to afford them technology platforms that can swiftly collect cyber threat information and turn it into actionable threat intelligence.

“The NCSC has had strong interest in Malware Free Networks (MFN) since we publically launched the service in December,” NCSC director Lisa Fong says.

“We have formed new partnership agreements with a number of additional providers and are currently working with them to bring their MFN services online.

“This process can take several months depending on how the partner organisation configures their service delivery, and we will announce new partners when they go live with their MFN service.

“Earlier today, we added managed service provider, Advantage, to the MFN partner list on our website to recognise Advantage going live with their MFN service offering. We are excited to have Advantage as our 10th MFN partner.

Advantage now offers the MFN service as part of its managed security products, such as firewalls, managed detection and response, SIEM, secure web gateways and endpoint.

“We are pleased to work with the NCSC in order to bring the MFN disruption service into our intelligence and service portfolio,” Advantage managing director Brad Pearpoint says.

“Threat intelligence is critical for us to assess risk and protect our managed customers and therefore we are always looking for ways to bolster insights in this area which lead us to this partnership.