Skip to content

Home Early Warning System
EWS Activity

In the past twelve (12) months from June 2017 till May 2018 inclusive, there has been an “average” activity of just above four (4) advisories and just above one (1) issue per week, as collected by the Early Warning System function of MOCERT.

The Internet threat signal has been raised ten (10) times over the course of June 2017 till May 2018 to YELLOW-CAUTIOUS level, requesting computer users to be cautious about the websites and files they access from the Internet

Below are the monthly reports in reverse chronological order:

May 2018, “Normal” Level. A relatively normal amount of patches to vulnerabilities were reported this month. Two 0-days(EFail and JScript Error Object Use-After-Free) were uncovered this month, but there was no report of the vulnerabilities being exploited in the wild.

April 2018, the threat level has been raised to“Cautious” from the week 22nd of April. A new IE 0-days exploit has seen exploited in the wild and is being spread in Microsoft Office documents that include a malicious Web page. Besides, Oracle has published its Critical Patch Updates this month while Adobe, Apple, and Microsoft released regular patch update as usual.

March 2018, “Normal” Level. Firefox and Chrome security updates came out more often in this month. Microsoft and Adobe also released a normal amount of security patches. The threat level stayed at “Normal" throughout the month.

February 2018, “Normal” Level. Adobe security updates came out more often in this month while Apple and Microsoft released regular patch update as usual. There were no significant events that warranted a raising of the signal.

January 2018, the “Cautious” signal held the first half of this month due to two critical CPU vulnerabilities called Meltdown and Spectre. Nearly all modern computer processors are affected. These flaws could allow hackers to steal stored data on desktops, laptops, smartphones and cloud networks. Most vendors released patches for these vulnerabilities soon and security researchers also released POC exploit code.

December 2017, “Normal” Level. Apple security patches came out more often in this month. Microsoft and Adobe released a normal amount of security patches. The threat level stayed at “Normal" throughout the month.

November 2017, “Normal” Level. A normal amount of patches to vulnerabilities were reported this month. No significant events that warranted a raising of the signal.

October 2017, "Cautious" Level. Although a normal amount of patches to vulnerabilities were reported in this month, in the second half of October, the threat level was raised to“Cautious”owing to disclosure of an 0-day Apache Solr vulnerability and the key reinstallation attacks against WPA2 protocol.

September 2017, the threat level has been raised to “Cautious” from the week 11th of September. On 12th September, it was found that a new attack vector, dubbed BlueBorne, targets unpatched Android, iOS, Windows, and Linux devices with Bluetooth enabled. Most vendors have released patches before or soon after the public disclosure of the BlueBorne flaw. Nonetheless, some devices will never receive a BlueBorne patch as the devices have reached End-Of-Life and are not being supported. Users are advised to disable Bluetooth unless a patch or update is installed on a vulnerable device. On the other hand, a widely exploited zero-day vulnerability tied to Microsoft's .NET framework was addressed by Microsoft in its September Patch Tuesday security bulletin. Adobe released patches for five critical vulnerabilities; two of which addressed Flash issues and the remainder covering RoboHelp and ColdFusion. Apple also released several critical updates this month.

August 2017,“Normal” Level. A relatively normal amount of patches to vulnerabilities were reported this month. This made the quite normal and therefore the signal for this month stayed “Normal” GREEN signal.

July 2017, “Normal” Level. A normal amount of security patches were released for multiple Microsoft products. Scheduled Oracle Critical Patch released more than three hundred security fixes across multiple oracle product families while Adobe released the security updates for two products. There were no significant events that warranted a raising of the signal.

June 2017, the “Cautious” signal held the first half of June due to the report of WannaCry new variants. Adobe and Microsoft released regular patch update in the mid of this month. There were no significant events during the third week of June, the signal returned back to "Normal" level. But it was raised again to "Cautious" level at the end of the month due to another global ransomware attack called NotPetya/SortPetya/Petya.

May 2017, “Cautious” Level. On May 12th a new ransomware, dubbed WannaCry, swept the global, affecting hundreds of thousands of computers in more than 150 countries. This malware targets unpatched Microsoft Operating Systems through the exploitation of a vulnerability in Microsoft SMBv1 server. It has been addressed in Microsoft Security Update (MS17-010) released in March. For systems which haven’t apply the security update may pose a high risk of infection. The threat level for this month has been raised to “Cautious” due to the widespread nature of the exploitation.

April 2017, “Cautious” Level.Oracle published its Critical Patch Updates this month while Adobe and Microsoft released regular patch update as usual. There were multiple 0-days along with Proof of Concepts uncovered in the month. One Microsoft Word zero-day vulnerability is reportedly being exploited in the wild. The threat level has been raised to “Cautious”.

March 2017, GREEN: "Normal" Level,Adobe released security updates while Microsoft released it scheduled patch update which covers vulnerabilities in many products. Though a 0-day was uncovered at the end of this month, there was no report of the vulnerabilities being exploited in the wild.

 
[YOUR IP : 54.198.104.202: 48418] ...   [YOUR BROWSER: CCBot/2.0 (http://commoncrawl.org/faq/)] ...