The Department of Homeland Security US-CERT has published a list of the top 30 high risk vulnerabilities targeted by attackers. Among these are vulnerabilities in multiple product lines from Adobe, Microsoft, Oracle, and OpenSSL. US-CERT states that attackers continue to exploit unpatched software to conduct attacks against critical infrastructure organizations, and upwards of 85% of targeted attacks are preventable. Once a patch has been publicly released, the underlying vulnerability can be reverse engineered by attackers to create an exploit, which can take anywhere from 24 hours to four days. US-CERT recommends organizations to establish a strong, ongoing patch management process to minimize these attack vectors. In addition, executives should ensure their organizations have patched these top 30 vulnerabilities, while network administrators should implement application whitelisting and restrict administrative privileges based on users’ duties. In related reporting, Bank Info Security has compared the US-CERT Top 30 list against Verizon’s top 10 list from its 2016 Data Breach Investigations Report.