Skip to content

Home Early Warning System Issues EWS Activity EWS Activity
EWS Activity

ews active chart 201907

In the past twelve (12) months from August 2018 till July 2019 inclusive, there has been an “average” activity of just above four (4) advisories and just above one (1) issue per week, as collected by the Early Warning System function of MOCERT.

The Internet threat signal has been raised one (1) time over the course of August 2018 till July 2019 to YELLOW-CAUTIOUS level, requesting computer users to be cautious about the websites and files they access from the Internet.

Below are the monthly reports in reverse chronological order:

July 2019, “Normal” Level. Microsoft released the security updates to address the vulnerabilitie, 2 of them has been exploited in the wild. For systems which haven't been applied the security updates may pose a high risk of infection.

June 2019, “Normal” Level. The signal was stayed GREEN “Normal” as patch cycles are recognized to be the current normal although some advisories were seen to have been listed for the month with little changes on the amount of issues released

May 2019, “Normal” Level. Microsoft released the security updates to address the vulnerabilitie, one of them has been exploited in the wild. For systems which haven't been applied the security updates may pose a high risk of infection.

April 2019, The threat level has been raised to "Cautious” in the first week of April. Two 0-day vulnerabilities were reported in Microsoft Edge and IE Browsers with publicly-available PoCs Microsoft released regular patch,Oracle published its quarterly Critical Patch Updates, and Adobe patched eight products this month.

March 2019, "Normal" Level. Microsoft released regular patch update. Apple and Adobe also released several security updates this month. There were no significant events that warranted a raising of the signal.

January 2019, “Normal” Level. Oracle released quarterly critical patch updates which contains 284 new security fixes. Adobe released security updates for Adobe Flash Player, Adobe Digital Editions, Adobe Connect, Adobe Acrobat and Reader, and Adobe Experience Manager. Apple and Microsoft released their regular patch update as usual.

December 2018, "Cautious” Level. Microsoft's regular patch updates this month included a zero-day in the Windows Kernel reported as being actively exploited in the wild. Adobe also released patches for multiple vulnerabilities in Acrobat and Reader and one critical zero-day vulnerability in Flash Player. A critical SQLite flaw disclosed affected millions of Apps. phpMyAdmin also released critical software update to fix multiple vulnerabilities.

November 2018, “Normal” Level. A normal amount of patches to vulnerabilities were reported this month. Although zero-day vulnerabilities in Microsoft Edege and Oracle VirtualBox were uncovered and their exploits or proof-of-concept (PoC) were publicly disclosed in this month, there was no report of the vulnerabilities being exploited in the wild. The signal for this month stayed "Normal" GREEN signal.

October 2018, “Cautious” Level. Oracle published Critical Patch Updates which contains 301 new security fixes while Adobe, Apple, and Microsoft released regular patch updates. An 0-day passcode bypass vulnerability with PoC was reported in iOS12 in iPhone, but only attacker with physical access to devices could exploit it. At the end of October, another Windows 0-day vulnerability with PoC was also disclosed affecting Windows 10 and recent versions of Windows severs editions. The Windows 0-day has left all Windows users vulnerable to the hackers until the next month's security Patch Tuesday.

September 2018, “Normal” Level. Microsoft, Apple, and Adobe released regular patch update as usual. Although a set of 0-days were uncovered in this month, there was no report of the vulnerabilities being exploited in the wild. The signal for this month stayed "Normal" GREEN signal.

August 2018, “Cautious” Level. Adobe security updates came out more often this month. Microsoft released its regular patch update as usual. From the week 24th of August, the threat level was raised to "Cautious" owing to disclosure of a new critical vulnerability in Apache Struts and an 0-day Microsoft Windows Task Scheduler vulnerability.

 
[YOUR IP: 100.26.176.182: 57420] ...   [YOUR BROWSER: CCBot/2.0 (https://commoncrawl.org/faq/)] ...