Highlights of December Digest
-
27 vendors have released security updates for 746 vulnerabilities, and among them, 55 are known exploits
-
CISA has issued an alert for 53 vulnerabilities that got patched this month
-
Microsoft plugged 58 security vulnerabilities
-
185 old vulnerabilities have been patched this month
-
4 CVEs have been issued an alert by CISA
-
2 CVEs are associated with Remote Code Execution
-
1 CVE with Privilege Escalation
-
10 CVEs are linked with Denial of Service
-
43 CVEs are Webapp exploits.
-
4 CVEs are rated critical, 16 with high, and 24 of medium severity
-
2 CVEs are associated with Bitpaymer ransomware.
-
15 CVEs have been alerted by CISA
-
19 CVEs are public exploits
-
15 CVEs are critical, 21 are high, and 135 of medium severity
In the first 9 months of 2020 alone, organizations and individuals estimated losses of about $6 trillion due to cyber thefts, with organizations deploying the highest level of security also falling susceptible to cyber-attacks. Therefore, organizations are recommended to have a robust cybersecurity policy.
-
1 CVE is associated with Mercury and Muddy water APT group
-
1 CVE with Clop and Ryuk ransomware
-
22 CVEs are Remote Code Execution bugs
-
Of these, 9 CVEs are critical, 46 are high, and 3 are rated medium
-
4 CVEs have known exploits
-
2 CVEs are rated critical, 4 CVEs are high, and 18 are medium
2020 had a surge in ransomware attacks, data breaches, spyware, phishing, and cryptocurrency theft. Need for cyber hygiene is critical as cybercriminals will continue to use any and all vulnerabilities to breach and disrupt.
Table: Vulnerability Patches