Log in
Show password
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Dynamic quotes 
News: Latest News
Latest NewsCompaniesMarketsEconomy & ForexCommoditiesInterest RatesBusiness LeadersFinance Pro.CalendarSectors

RiskSense Research Report Finds Attackers Weaponized More Security Vulnerabilities Last Year than Ever Before

04/23/2019 | 09:09am EDT

Despite Decrease in Adobe Software Flaws, Number of Exploits in 2018 More than Doubled Compared to 2017

RiskSense®, Inc., pioneering risk-based vulnerability management and prioritization, today announced the results of the RiskSense Vulnerability Weaponization Spotlight Report which analyzed more than 20 years of security flaws across the Adobe family of products. It found that 2018 had the most weaponized vulnerabilities ever (177), which represents a 139% increase compared to 2017. In addition, the rate of exploits discovered in the wild before a patch was available was nearly three times higher last year than the previous record set in 2010.

“The fact that attackers are weaponizing more vulnerabilities than ever before, and releasing exploits before patches are available, illustrates the need for a more holistic approach to vulnerability management and prioritization that is based on threat exploitability and weaponization metrics,” said Srinivas Mukkamala, CEO of RiskSense. “For example, global exploit kits including Neutrino and Angler were taking advantage of vulnerabilities in the wild for more than a year before they were disclosed.”

The report provides an in-depth analysis of vulnerabilities and weaponization patterns across the Adobe family of products from August 1996 through November 2018, and spans 2,891 Common Vulnerabilities and Exposures (CVE) entries. While the primary data source was Adobe security bulletins and advisories, the study also included CVEs published by third parties such as scanner knowledge bases, bug bounty programs, vendors (SUSE, Red Hat, Microsoft, etc.), and NVD (National Vulnerability Database) entries that were not included in Adobe security bulletins and advisories.

Report Highlights
Following are some of the key insights from the RiskSense Vulnerability Weaponization Spotlight Report:

  1. 2018 was most weaponized year on record
    Despite a 31% decrease in vulnerabilities compared to the high reached in 2016, last year had the most weaponized vulnerabilities ever (177), which represents a 139% increase compared to 2017 (74). Meanwhile, the percentage of vulnerabilities weaponized in 2018 (47.3%) was double compared to 2017 (20.6%) and 2016 (23.2%).
  2. Most exploits are available before a patch is
    2018 also had the highest number of exploits in the wild before a patch was available (50), compared to the previous record set in 2010 (18). This represents a nearly 200% increase.
  3. Cloud products produced largest increase in vulnerabilities
    2015, the year Adobe introduced cloud-based delivery of its products, generated the largest year over year increase in vulnerabilities. Both in terms of total vulnerabilities and high-severity vulnerabilities. The number of vulnerabilities in 2015 increased by 357 compared to 2014. Within that figure, 314 were high severity making 2015 the year with largest number of high-severity vulnerabilities.
  4. Buffer Overflow was most common vulnerability
    Among the 2,891 vulnerabilities investigated, Buffer Overflow was the most common type across all years (1,094 CVEs), distantly followed by Out-of-bounds Read (195 CVEs) and Use After Free (160 CVEs) types.
  5. Acrobat Reader most vulnerable product
    Over the research period, the Acrobat Reader family of products contained the most vulnerabilities (1,338). In 2015, the year the Acrobat DC product was introduced, 137 vulnerabilities were reported. Given the large number of organizations that depend on the Acrobat family of products for business workflows, this represents a major security concern.

A full copy of the report is available here: https://go.risksense.com/WC-Adobe-Spotlight.html?utm_source=website&utm_medium=press.

About RiskSense
RiskSense®, Inc. provides vulnerability management and prioritization to measure and control cybersecurity risk. The cloud-based RiskSense platform uses a foundation of risk-based scoring, analytics, and technology-accelerated pen testing to identify critical security weaknesses with corresponding remediation action plans, dramatically improving security and IT team efficiency and effectiveness. For more information, visit www.risksense.com or follow us on Twitter at @RiskSense.

ę Business Wire 2019
Latest news "Companies"
11:40aBOX OFFICE : 'Halloween Kills' Scores Bloody Great $50.3 Million Debut, 'The Last Duel' Bombs
11:32aMinister Ng highlights importance of small businesses in Canada's economic recovery during Small Business Week
11:32aFACEBOOK : Hate Speech Prevalence Has Dropped by Almost 50% on Facebook
11:32aAIN : Annual report 2021
11:26aChina faces challenges from 'mismanagement' at certain firms, says PBOC head
11:24aRE/MAX : Wemlo Announces Groundbreaking Loan Brokering System
11:13aNETFLIX : quid Game' estimated to be worth about $900 million - Bloomberg News
11:09aENBRIDGE : fails to meet aquifer cleanup deadline in Minnesota
10:55aBank of England will have to act to contain inflation - Bailey
10:11aNANO X IMAGING : ROSEN, GLOBAL INVESTOR COUNSEL, Encourages Nano-X Imaging Ltd. Investors With Losses to Secure Counsel Before Important December 6 Deadline in Securities Class Action – NNOX
Latest news "Companies"