Monday, November 23, 10:25
Home security 20.000 vulnerabilities expected in 2020: Where will you start updating?

20.000 vulnerabilities expected in 2020: Where will you start updating?

A new report from Skybox Security based in California states that since so far there have been 9.799 unique vulnerabilities in the first half of 2020 alone, by the end of the year we will have reached the record of 20.000 vulnerabilities.

The first half volume of software security vulnerability reports has increased by 34% compared to 7.318 last year. They are undoubtedly good news, reflecting the increased effort made in vulnerability research.

Of the five new products in the list above, three are business applications (IBM API Connect, Red Hat OpenShift, Oracle E - Business Suite). The other two - Edge Chromium and iPad OS - usually developed in workstations, home and commercial environments, emerging from the "non-existent" to become what Skybox describes as "weak points that patches seek" and require its attention Admin.

Critical vulnerabilities account for 15% of all new reports, according to Skybox.

And while critical errors - such as those with a maximum score of 10,0 in the CVSS (a way of evaluating features and the severity of software vulnerabilities) - they take great care, they end up being dangerous as they are generally approached, the security company notes.

"Although the organizations they tend to prioritize critical vulnerabilities; this general approach to hierarchy could allow attackers to take advantage of any moderate vulnerabilities exposed. "

"Criminals know that moderate-severity defects can remain unpached in an organization's systems for a long time. space and depending on where these exist defects, could give to intruder access to a critical point in the system or allow lateral movement. "

Security programs must have established procedures in place to 'address vulnerabilities based on exposure, exploitability and other factors to keep recovery focused on critical risks", Reports Skybox. He goes on to say: "If a security program bases its vulnerability priority solely on ratings CVSS, could be wasted resources repairing a vulnerable element which is protected by layers at defense levels and does not inform of any vulnerability of medium severity. ”

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Teo Ehchttps://www.secnews.gr
Be the limited edition.

LIVE NEWS

Hackers leaked nude photos and personal videos of athletes

Cybercriminals have stolen nude photos and videos of hundreds of well-known female athletes and posted them online. THE...

GoDaddy: hackers use it to attack cryptocurrencies

GoDaddy now faces another security issue. KrebsOnSecurity found that hackers managed to deceive employees ...

FBI: Warns of increased activity of Ragnar Locker ransomware

FBI Cyber ​​Division warns of increased activity of Ragnar Locker ransomware. The extraordinary ...

How to set time and date in Mac menu bar

The menu bar on Mac devices displays the time in a simple digital format of hours and minutes by default. However, you can ...

How to transfer Chrome tabs between iPhone, iPad and Mac

You can set Chrome as the default web browser on your iPhone and iPad and use it as your default ...

How can you view the "Notification Center" on iPhone and iPad?

Those who have an iPhone or iPad are familiar with the alerts but also with how annoying they can become. However...

Instagram: How to block messages from Facebook users?

As we said in a previous article, Facebook gives users the ability to send messages ...

How to create Tweets that disappear through Fleets

Temporary "stories" have become very popular on social media. The corresponding feature on Twitter is called "Fleets" and you can ...
00:02:58

Pixel 5: 5 features make it a better choice than the iPhone 12

One of the most exciting smartphone trends of 2020 was the rise of "value flagships" that offer flagship experiences at a lower price ...

How to insert bullets into an Excel spreadsheet

Adding a list of bullets to an Excel worksheet is not simple, but it is possible. Unlike Microsoft ...