Dr. Erdal Ozkaya
Search
  • Home
  • About Me
  • Home
  • About Me
  • Home
  • Cybersecurity
  • Monthly Vulnerability Review – April 2020

Monthly Vulnerability Review – April 2020

Vulnerability
Erdal2021-07-12T17:48:57-04:00
Monthly Vulnerability Review
As usual it was a busy month for the Security Community.  The security researchers were finding bugs, zero days as usual and the vendor’s were patching the findings .
In April 2020 they were 623 advisories for 91 unique vendors in 406 products and 512 unique versions. This is an nearly a  40%  increase of advisories compared to previous month.

There were two Zero Day ‘s in Mozilla Firefox ( CVE-2020-6819 and CVE-2020-6820 ) and three extremely critical advisories were issued by Microsoft , which was patched due its regular cycle. I highly recommend you keep your software up to date, but for this two specifically

  • Firefox users  to update your software to the latest version
  • Windows Users to install the latest patch via Windows Update

Red Hat kept its position as a top vendor with the most amount of vulnerabilities,  proving the wrong perception that Linux is more secure , in the other hand  Microsoft also held its 6th position based on Flexera’s Monthly report.

Below is also some highlight from other Operating Systems which you should be aware :

  • F5 Networks, Juniper Networks, and Cisco , so in other words Networking Product vendors had also some vulnerabilities, which means you should update the firmware of your outdated product . Please keep in mind that your Network equipment  are the first line of defense against external attacks so please don’t delay to update them
  • 1 advisory for each of the Microsoft Client and Server Operating systems.
  • 125 advisories for Red Hat Enterprise Linux 7,8, and Fedora 30 and 31.
  • 30 advisories for Ubuntu 14.04, 16.04 and 18.04
  • 49 advisories for SUSE Linux Enterprise Linux Server (SLE) version 11 through 15
  • 39 advisories for Oracle Linux 6 and 7 and two advisory for Oracle Solaris.
  • 21 advisories for Debian 10.x and GNU/Linux 9.x.
  • 10 advisories for CentOS 6.x.
  • 11 advisories for Amazon Linux AMI and 2.
  • Also if you are a Cisco WebEx Meeting customer ensure to update your Desktop app as well as Recording player applications

 

Advisories by Vendors

Table of Contents

  • Advisories by Vendors
  • Average Criticality per Vendor
  • Advisories by Criticality
  • Count of Advisories versus Attack Vector.
  • Threat Score
  • Ransomware, Malware, and Exploit Kits
  • Conclusion

Monthly Vulnerability Review
Monthly Vulnerability Review

 

Average Criticality per Vendor

5 being the highest criticality, the below graph shows the average criticality per vendor, which is sorted based on the number of advisories.

2.png

Advisories by Criticality

3.png

Count of Advisories versus Attack Vector.

65% of vulnerabilities can be exploited from remote, which makes the remediation efforts even more critical.

5.png

Threat Score

9.png
  • Advisories with positive Threat Score (1+):            397 (63.72%)
  • None Threat Score SAIDs (=0):                                 226 (36.28%)
  • Low-Range Threat Score SAIDs      (1-12):               204 (32.74%)
  • Medium-Range Threat Score SAIDs   (13-23):       164 (26.32%)
  • High-Range Threat Score SAIDs     (24-44):             22 (3.53%)
  • Critical-Range Threat Score SAIDs (45-70):             7 (1.12%)
  • Very Critical Threat Score SAIDs  (71-99):               0 (0.00%)

Ransomware, Malware, and Exploit Kits

17 instances of kinsing and Loncom with CVE-2020-6819 in Oracle, Red hat Linux, SUSE and CentOS, Fedora, and Mozilla Firefox and Thunderbird.

4  instances of SafeStrip (Fake Antivirus), Snatch Ransomware, Mdrop, and Xhelper (Adware) in CentOS, Oracle Linux, and RedHat with CVE-2019-17666.

  • Historically Linked to Ransomware:          6 (0.96%)
  • Historically Linked to Malware:                 59  (9.47%)
  • Linked to a Recent Cyber Exploit:              111 (17.82%)
  • Related to a Historical Cyber Exploits:      267 (42.86%)
  • Included in Penetration Testing Tools:     212  (34.03%)

Conclusion

The number of advisories is steadily increasing month over month – 67 % increase since February 2020. Zero and extremely critical vulnerabilities should be pathed on an emergency basis and shouldn’t wait for a regular patch cycle.

https://www.erdalozkaya.com/category/about-erdal-ozkaya/awards/

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *


Related Posts

CISO -Cybersecurity Hero Erdal

CISO Challenges to learn from – Watch 4 Free

CISO Challenges to learn from - Watch 4 Free Watch in you Tube  https://youtu.be/0nOpEwMyAyY  https://www.youtube.com/watch?v=0nOpEwMyAyY       (more…) read more
Inside The Dark Web Dr Ozkaya

New Book Inside the Dark Web

New Book Inside the Dark Web I am proud to announce my new book which I authored with support of... read more
A STRATEGIC PERSPECTIVE INTO THE TRADECRAFT OF THREAT ACTORS Dr Ozkaya

STRATEGIC PERSPECTIVE INTO THE TRADECRAFT 0F THREAT ACTORS

STRATEGIC PERSPECTIVE INTO THE TRADECRAFT OF THREAT ACTORS Phishing and ransomware have been effective weapons for hackers. Even the most sophisticated... read more
Chris Jackson & Erdal Ozkaya Feedback Microsoft

Azure Security – Watch and learn 4 Free

Azure Security Azure service that helps you prevent, detect and respond to threats with increased visibility and control over the security... read more
Remove Virus from your computer

Remove Virus from your computer, secure it back easily !

Remove Virus from your computer, secure it back easily ! WHAT IS A COMPUTER VIRUS? Computer virus is a computer program which... read more
Forensic

Forensic investigation of a Social Engineering attack

Forensic investigation of a Social Engineering attack In this article I am going to share with you a real Social... read more
Network Security Administrator Erdal

Network Security Administrator (ENSA) Free Certification Week 1

Network Security Administrator Lecture 1: - Welcome to Cyber Security Administration Why Security? Fundamentals of Computer Network Network Security DEMO: How hackers sneak into... read more
System Information Discovery Erdal Ozkaya

System Information Discovery – Free Video Tra1ning

System Information Discovery Join Dr. Carlo Tarantini, Dr Suleyman Ozarslan and myself via watching this on-demand webinar recording  which can help... read more

A CISOs role in Security Leadership – 6 Critical Tips ( Free PDF)

A CISOs role in Security Leadership A short summary of a CISO's role definition, and the six critical responsibilities  underpin Chief... read more

Working from Home & Cybersecurity : Free Webinar 1

Working from Home and Cybersecurity In the first edition of our new series of virtual discussions called DigiTalks, we spoke... read more

Categories

  • About Dr Erdal Ozkaya (298)
    • Awards (96)
    • Erdal in the news (118)
    • Feedback (90)
    • My Books (54)
    • Who is Dr Erdal Ozkaya ? (2)
  • Announcemets (302)
  • Artificial Intelligence AI (11)
  • Certification (52)
  • Cloud Computing (72)
  • Cybersecurity (322)
  • Cybersecurity Leadership (52)
  • Financial Sector (31)
  • Forensics (17)
  • Free Events (156)
  • General (133)
  • How to …? (63)
  • ISO 2700x (12)
  • News (38)
  • Reviews (77)
    • Book Reviews (33)
    • Free E-Books (13)
    • Hardware Review (9)
    • Security Review / Reports (10)
    • Software Review (8)
  • Video Tutorials (101)
  • What is new? (27)
  • Windows (30)

Recent Comments

  • Erdal on Free EDR Certification Training
  • SANDEEP SHRIVASTAV on Free EDR Certification Training
  • Alicia Harlow on Core isolation Memory Integrity not available – (Get it fixed)
  • Alicia Harlow on Core isolation Memory Integrity not available – (Get it fixed)
  • Erdal on Siber Güvenlik Saldiri ve Savunma Stratejileri – NEW B00K

Archives

Dr. Erdal Ozkaya © Copyright 2023. All Rights Reserved.