U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Reading the Secunia Vulnerability Review 2015

Secunia firm issued its annual report on vulnerabilities exploited in 2014 in most popular software, a document which includes key figures and facts. Secunia has recently released its annual study of trends in software vulnerabilities, an interesting report that highlights the impact of the presence of flaws in common software and provide useful details on the […]

Reading the Secunia Vulnerability Review 2015

Secunia firm issued its annual report on vulnerabilities exploited in 2014 in most popular software, a document which includes key figures and facts.

Secunia has recently released its annual study of trends in software vulnerabilities, an interesting report that highlights the impact of the presence of flaws in common software and provide useful details on the way bad actors exploited it. According data provided by the Security firm Secunia, the number of  Web browser vulnerabilities and zero-day exploited by hackers worldwide in 2014 is increased in a significant way.

Despite the prompt response of the security community and software vendors, which were able to early identify the threat and provide the necessary patch. Secunia revealed that more than 83 percent of 15,435 vulnerabilities present in 3,870 applications was fixed by vendors when a flaw was publicly disclosed, a positive trend that reveals a marked improvement compared to the past.

“The absolute number of vulnerabilities detected was 15,435, discovered in 3,870 applications from 500 vendors. The number shows a 55% increase in the five year trend, and a 18% increase from 2013 to 2014. Since 2013, the number of vendors behind the vulnerable products has decreased by 11% and the amount of vulnerable products has increased by 22%.” states the report published by Secunia.

secunia vulnerabilities report

The number of Zero-day flaws exploited by threat actors worldwide stepped up from 14 in 2013 to 25 in 2015, a significant increase that worries security experts because the exploitation of this type of vulnerabilities resets the effectiveness of the main defense systems. Another concerning data is the number vulnerabilities affecting Web browser software that increased to 1,035 in 2014, up from 728 the prior year.

The study confirmed the efficiency of the research community that succeeded into addressing the vulnerability limiting the exposure of users to the exploitation of the flaw.

“The most likely explanation is that researchers are continuing to coordinate their vulnerability reports with vendors and their vulnerability programs, resulting in immediate availability of patches for the majority of cases,” continues the report.

By analyzing data related to patch management, the experts discovered that if a patch wasn’t available on the day a flaw was publicly disclosed, the time for its release lengthens, the percentage of products that had a patch ready a month after a flaw was disclosed only rose to 84.3 percent.

“30 days after day of disclosure, 84.3% of vulnerabilities have a patch available, indicating that if a patch is not available on the first day, the vendor does not prioritize patching the vulnerability” reads Secunia.

Very interesting a detailed analysis of the exploitation of PDF reader software which is a very common attack method due to its diffusion. According to data presented in the report the number of vulnerabilities discovered in Adobe Reader in 2014 is 43.

The report also analyzed the vulnerabilities discovered in open-source software that represented a serious security issue last year, we all have in mind the effects of the disclosure of the Heartbleed flaw. The use of open source applications and libraries is widespread, in the majority of cases they are bundled in a variety of commercial products and solutions, for this reason it must be carefully addressed.

“Organizations should not presume to be able to predict which vendors are dependable and quick to react when vulnerabilities are discovered in products bundled with open-source libraries,” Secunia said.

Let me suggest to read the report, I’m sure you will find it interesting.

Pierluigi Paganini

(Security Affairs –  Secunia,  vulnetabilities)