Blog

Monthly Vulnerability Review

As usual, it was a busy month for the Security Community. The security researchers were finding bugs, zero days as usual, and the vendors were patching the findings. In April 2020, there were 623 advisories for 91 unique vendors in 406 products and 512 unique versions. This is nearly a 40% increase in advisories compared to the previous month.

During this period, I stumbled upon a discussion about casino utan svensk licens, a trend in online gambling where players seek out casinos not licensed in Sweden for more flexible gaming options. Interestingly, the rise in online activities seemed to correlate with increased security advisories. Notably, there were two Zero Days in Mozilla Firefox (CVE-2020-6819 and CVE-2020-6820) and three extremely critical advisories issued by Microsoft, which were patched during its regular cycle. I highly recommend you keep your software up to date, but for these two specifically.

  • Firefox users  to update your software to the latest version
  • Windows Users to install the latest patch via Windows Update

Red Hat kept its position as a top vendor with the most amount of vulnerabilities,  proving the wrong perception that Linux is more secure , in the other hand  Microsoft also held its 6th position based on Flexera’s Monthly report.

Below is also some highlight from other Operating Systems which you should be aware :

  • F5 Networks, Juniper Networks, and Cisco , so in other words Networking Product vendors had also some vulnerabilities, which means you should update the firmware of your outdated product . Please keep in mind that your Network equipment  are the first line of defense against external attacks so please don’t delay to update them
  • 1 advisory for each of the Microsoft Client and Server Operating systems.
  • 125 advisories for Red Hat Enterprise Linux 7,8, and Fedora 30 and 31.
  • 30 advisories for Ubuntu 14.04, 16.04 and 18.04
  • 49 advisories for SUSE Linux Enterprise Linux Server (SLE) version 11 through 15
  • 39 advisories for Oracle Linux 6 and 7 and two advisory for Oracle Solaris.
  • 21 advisories for Debian 10.x and GNU/Linux 9.x.
  • 10 advisories for CentOS 6.x.
  • 11 advisories for Amazon Linux AMI and 2.
  • Also if you are a Cisco WebEx Meeting customer ensure to update your Desktop app as well as Recording player applications

Advisories by Vendors

1.png

Average Criticality per Vendor

5 being the highest criticality, the below graph shows the average criticality per vendor, which is sorted based on the number of advisories.

2.png

Advisories by Criticality

3.png

Count of Advisories versus Attack Vector.

65% of vulnerabilities can be exploited from remote, which makes the remediation efforts even more critical.

5.png

Threat Score

9.png
  • Advisories with positive Threat Score (1+):            397 (63.72%)
  • None Threat Score SAIDs (=0):                                 226 (36.28%)
  • Low-Range Threat Score SAIDs      (1-12):               204 (32.74%)
  • Medium-Range Threat Score SAIDs   (13-23):       164 (26.32%)
  • High-Range Threat Score SAIDs     (24-44):             22 (3.53%)
  • Critical-Range Threat Score SAIDs (45-70):             7 (1.12%)
  • Very Critical Threat Score SAIDs  (71-99):               0 (0.00%)

Ransomware, Malware, and Exploit Kits

17 instances of kinsing and Loncom with CVE-2020-6819 in Oracle, Red hat Linux, SUSE and CentOS, Fedora, and Mozilla Firefox and Thunderbird.

4  instances of SafeStrip (Fake Antivirus), Snatch Ransomware, Mdrop, and Xhelper (Adware) in CentOS, Oracle Linux, and RedHat with CVE-2019-17666.

  • Historically Linked to Ransomware:          6 (0.96%)
  • Historically Linked to Malware:                 59  (9.47%)
  • Linked to a Recent Cyber Exploit:              111 (17.82%)
  • Related to a Historical Cyber Exploits:      267 (42.86%)
  • Included in Penetration Testing Tools:     212  (34.03%)

Conclusion

The number of advisories is steadily increasing month over month – 67 % increase since February 2020. Zero and extremely critical vulnerabilities should be pathed on an emergency basis and shouldn’t wait for a regular patch cycle.

Ozkaya

Dr. Erdal Ozkaya is a leading Cybersecurity Professional with business development, management, and Academic skills who focuses on securing the Cyber Space & sharing his real-life skills as a Security Adviser, Speaker, Lecturer, and Author. Erdal is known to be passionate about reaching communities, and creating cyber aware campaigns and leveraging new and innovative approaches and technologies to holistically address the information security and privacy needs for every person and organization in the world. He has authored many cybersecurity books as well as security certification courseware and exams for different vendors. Erdal has the following qualifications: Doctor of Philosophy in Cybersecurity. Master of Computing Research, Master of Information Systems Security, Bachelor of Information Technology, Microsoft Certified Trainer, Microsoft Certified Learning Consultant, ISO27001 Auditor & Implementer, Certified Ethical Hacker (CEH), Certified Ethical Instructor & Licensed Penetration Tester. He is an award-winning technical expert & speaker: His recent awards are: CISO Top 50 Award by Security ME Adviser Magazine & Tahawultech.com (2020) Legend Cybersecurity Pro by GEC Media (2019) Hall of Fame, CISO Magazine(2019) Cybersecurity Influencer of the year (2019) , CISO Magazine Cyber Security Professional of the year MEA (2019) Microsoft Circle of Excellence Platinum Club (2017), NATO Center of Excellence (2016) Security Professional of the year by MEA Channel Magazine (2015), Professional of the year Sydney (2014) and many speakers of the year awards at conferences. He also holds Global Instructor of the year awards from EC Council & Microsoft as well as Logical Operations. Erdal is also a part-time lecturer at Australian Charles Sturt University Erdal’s Social Media Accounts to follow: Twitter: https://twitter.com/Erdal_Ozkaya LinkedIn https://www.linkedin.com/in/erdalozkaya/ FaceBook https://www.facebook.com/CyberSec.Advisor/ Instagram https://www.instagram.com/drerdalozkaya/ Amazon https://www.amazon.com/-/e/B0796D9KQ4 He has built and managed CEO IT from scratch into a multi-million dollars National Training & IT Solutions center. With the skills, he has gained, he has introduced & repeated the success with KEMP Technologies, where he was tasked to single-handedly manage the ANZ region and then build the business in the Asia Pacific region. From there he joined Secunia as CISO in Dubai and extended his experience in Middle East & Africa. Beginning of 2016 he joined Microsoft as a Cybersecurity Architect / Trusted Security advisor where he is responsible in the EMEA region. Erdal currently works at Standard Chartered Bank as Head of Infomation and Cyber Security in a Managing Director status.

İlgili Makaleler

Bir Yorum

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu