National Public Safety Telecommunications Council
People and Vehicles : Firefighter, Policeman, Police cruiser, Ambulance
Vehicles : Fire truck, Ambulance, Police boat
People : Policemen
Towers : Towers on a ridge
Computers : monitor array
SAFECOM Cybersecurity Advisory Recent Top Routinely Exploited Vulnerabilities
SAFECOM Cybersecurity Advisory Banner
Greetings SAFECOM Members,
The Cybersecurity and Infrastructure Security Agency, National Security Agency, and the Federal Bureau of Investigation, together with the cybersecurity authorities of Australia, Canada, New Zealand, and the United Kingdom released a joint advisory assessing the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.
In 2021, malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities against broad target sets, including public safety agencies, public, and private sector organizations worldwide.  Some of the known vendors and products as well as the type of attack included:
  • Apache Log4j – Remote code execution (RCE)
  • Microsoft Exchange Server – RCE; Elevation of Privilege; Security feature bypass
  • VMware vSphere Client – RCE
  • Accellion File Transfer Appliance – Operating system command execution; Server-side request forgery; Structured Query Language injection
  • For a full list of these vulnerabilities and attacks, please see the advisory.  We strongly encourage you to apply the recommended mitigations, and sign up for U.S. Computer Emergency Readiness Team (US-CERT) alerts at cisa.gov/uscert to receive timely, important updates.  Visit cisa.gov/publication/communications-resiliency for additional cyber and communications resiliency resources.
    Thank you for your continued support.
    Major George Perera
    Miami-Dade Police Department
    Chair, SAFECOM Cybersecurity Working Group
    CISA Logo