Over 12,500 vulnerabilities disclosed in the first half of 2021: Risk-based security

For risk-based security 2 releases New arrival Report Covering data breaches and vulnerabilities in the first half of 2021, we found that the total number of reported breaches decreased, but the amount of disclosed vulnerabilities increased.

According to the company’s data breach report, there were 1,767 publicly reported breaches in the first six months of 2021, down 24% from the same period last year.

The number of reported violations increased by 1.5% in the United States, but so far 18.8 billion records have been published, a 32% decrease compared to the 27.8 billion records leaked in the first half of 2020.

Inga Goddijn, Executive Vice President of Risk Based Security, has diversified the methods attackers use to monetize their efforts, while at the same time, preventable errors outweigh hackers when it comes to the amount of data exposed. I said there is.

“The amount of compromised data remains stubbornly high, and no serious second-quarter breaches have yet been identified, so that number could exceed 19 billion in the near future,” Goddijn said. ..

The numbers may be a bit misleading, but the report states: Forex Trading Service FBS Market Violation It accounts for about 85% of the records released by June 30th.

Researchers added that 352 data breaches were associated with ransomware attacks.

The number of email addresses leaked was stable at 40% of all breaches, and passwords were leaked at 33%. Medical institutions led the most information leaks in 2021 with 238 cases so far. Financial and insurance companies suffered 194 information breaches, manufacturing 169 and educational institutions 138.

Other reports found by Risk Based Security’s VulnDB (R) team aggregated 12,723 vulnerabilities disclosed in the first half of 2021.

In the first half of 2021, they found that the number of disclosed vulnerabilities increased by 2.8% compared to 2020.

“Of the vulnerabilities disclosed in the first half of 2021, 32.1% do not have a CVE ID and an additional 7% have a CVE ID but are in reserved status. This is a practical use of the vulnerability. Information is not yet available. In CVE / NVD, “the report was added.

“In the first half of 2021, Risk Based Security’s VulnDB team aggregated an average of 80 new vulnerabilities per day, and Risk Based Security has new solution information, references, and additional metadata available. We updated an average of 200 existing vulnerability entries per day.

Of the vulnerabilities disclosed so far in 2021, 1,425 can be exploited remotely, and there are public exploits and solutions to mitigate the problem. Nearly 900 vulnerabilities that can be exploited remotely have no solution to mitigate the problem.

One of the issues highlighted in the report is that organizations tend to fail to report violations.

The COVID-19 pandemic has shifted its focus from cybersecurity, comparing data from the first half of 2020 to the first half of 2021 with a 24% reduction in the number of published violations.

Despite the reduction in disclosed violations, the number of confidential files published continues to grow. Between January 2021 and June 2021, more than 18 billion confidential or confidential records were released. This is the second highest record ever recorded by risk-based security.

Of the data lost in the breach, 61% were public names, 38% were social security numbers, 25% were addresses, and 22% were financial information.

The report also ranked the top 10 products by vulnerability disclosure in the second quarter of 2021. Debian Linux led with 628, followed by Fedora with 584, openSuSE Leap with 526, and Ubuntu with 443.

Microsoft (627), SUSE (590), Fedora (584), IBM (547), and both Oracle and Google are among the top 10 vendors in the second quarter of 2021 for vulnerability disclosure. .. Cisco, Canonical, and Red Hat closed the list with disclosures of over 400 vulnerabilities. In the second quarter of 2021. Over 12,500 vulnerabilities disclosed in the first half of 2021: Risk-based security

Back to top button