Advertise

Threat Intelligence

12/9/2020
04:05 PM

Dark Reading Staff
Quick Hits

0 comments
Comment Now

50%

Vulnerabilities Continue Around 2019 Pace

After lagging 2019 numbers in the first quarter, vulnerabilities have surged in the rest of 2020, leading researchers to predict that final numbers for this year will meet or exceed those of last year, report says.

A new report says that 2020's vulnerabilities should match or exceed the number of vulnerabilities seen in 2019. According to the report from the VulnDB team at Risk Based Security, the 17,129 vulnerabilities reported through the end of the third quarter are 4.6% below the number at the same time last year, but the rate of vulnerability discovery gives the team confidence in its prediction.

The Changing Face of Threat Intelligence

New on The Edge: BECs and EACs: What's the Difference?

In the report, the team notes that the difference in vulnerability numbers between 2019 and 2020 at the end of the first quarter was 19.2%. Since then, the gap has narrowed considerably, and the trajectory indicates that the 2019 overall number of vulnerabilities is likely to be exceeded in 2020.

In particular, the report notes that regular Patch Tuesday vulnerability numbers are approaching those expected on "Fujiwhara Tuesdays" (named for a meteorological event when two cyclones meet and combine), when two major vendors like Microsoft and Cisco release patches on the same day. These events can overwhelm security teams, leading to remediation cycles that stretch on for weeks.

For more, read here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Recommended Reading:

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

Achieve Continuous Testing with Intelligent Test Automation, Powered by AI

Architecting Security for the Internet of Things

More Webcasts

White Papers

The Protector's Guide

Democratizing Data Management With a Self-Service Portal

More White Papers

Reports

Evolution of Ransomware Gangs

Annual Global State of the WAN

More Reports

Comments

Newest First | Oldest First | Threaded View

[close this box]

Be the first to post a comment regarding this story.

Hot Topics

Editors' Choice

Phishing Campaign Targets 200M Microsoft 365 Accounts

Kelly Sheridan, Staff Editor, Dark Reading, 12/7/2020

Nation-State Hackers Breached FireEye, Stole Its Red Team Tools

Kelly Jackson Higgins, Executive Editor at Dark Reading, 12/8/2020

Open Source Developers Still Not Interested in Secure Coding

Robert Lemos, Contributing Writer, 12/8/2020

Webinars

Achieve Continuous Testing with Intelligent Test Automation, Powered by AI

Architecting Security for the Internet of Things

The Pesky Password Problem: Policies That Help You Gain the Upper Hand on the Bad Guys

Webinar Archives

White Papers

The New Cloud-Enabled Business Network

ROI Study: Economic Validation Report of the Anomali Threat Intelligence Platform

Frost Radar: Global Threat Intelligence Platform Market, 2020

Crisis as an Opportunity for Reinvention

2021 State of Protective Intelligence Report

More White Papers

Cartoon Contest

Write a Caption, Win an Amazon Gift Card! Click Here

Latest Comment: Don't worry, you'll know if audit doesn't like your password strength!

Cartoon Archive

Current Issue

2020: The Year in Security

Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Assessing Cybersecurity Risk in Today’s Enterprises

COVID-19 has created a new IT paradigm in the enterprise — and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.

Download Now!

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

Building an Effective Cybersecurity Incident Response Team

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-17515
PUBLISHED: 2020-12-11

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.

CVE-2020-7793
PUBLISHED: 2020-12-11

The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).

CVE-2020-7788
PUBLISHED: 2020-12-11

This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.

CVE-2020-7790
PUBLISHED: 2020-12-11

This affects the package spatie/browsershot from 0.0.0. By specifying a URL in the file:// protocol an attacker is able to include arbitrary files in the resultant PDF.

CVE-2020-7792
PUBLISHED: 2020-12-11

This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn 'mixes objects into the target object, recursively mixing existing child objects as well'. In both cases, the key used to access the target object recursively ...

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]