Among “1,500 information security vulnerabilities in October”… the lowest in the year

In October, the National Internet Emergency Center launched… Around 35 percent of the vulnerabilities at a high risk level is Median susceptibility of roughly 800 to heomgeup… Down for over half of the year

Tuesday, November 17, 2020, 15:31 GMT

In the application program, the most frequent vulnerabilities

Warmth Red = Beijing, China – Chinese authorities It was announced that in October, when the National Day holiday was heard, there were 1,500 information security flaws publicly found in hardware, applications, and information systems used by government departments, businesses, research institutes, and colleges. It declined by almost 10 percent compared to a month earlier, and this is the smallest amount this year. Around 500 vulnerability vulnerabilities were assessed as high-risk among them, rising by almost 10% compared to the previous month, accounting for around 35% of all vulnerabilities. The number of medium-risk vulnerabilities was around 800, the lowest of the year a 15 percent decrease from the previous month.

image source: medium.com

“Information Security Flaws in October, 1,500 Sizes” National Internet Emergency Center… A monthly drop of about 10%
The National Computer Network Emergency Technology Processing Collaboration Centre of China (CNCERT, hereinafter referred to as the Internet Emergency Center) is via the National Information Security Vulnerability Exchange Portal (hereinafter referred to as CNVD), partners (security providers, contact service compa compa) during the first week of October to the fifth week (from September 28 to November 1), This decreased (about 1,650 units) for two consecutive months following September. It’s the lowest this year in fact.

Earlier, it passed 2,000 in February (2,400) and April (approximately 2,170), and in March it reached 1,840 in March, 1,650 in May, 1,800 in June, 1,760 in July, and 1,750 in August.

Online emergency centers are open in October: First and second national holiday week (September 28-October 11) 169 Third week (12-18) 372 4th week (19-25) 597 Fifth week (October 26 to November 1) 418 flaws of information technology have been verified and reported, respectively.

Looking at the vulnerability level of network security vulnerabilities measured by the Internet Emergency Centre, 44 of the 169 vulnerabilities were high-danger, 111 medium-risk, and 14 low-risk in the first and second weeks of October. 124 high-risk, 180 medium-risk, and 68 low-risk were reported in the third week (372 vulnerabilities in total). 235 high-risk, 286 medium-risk, and 76 low-risk were assessed in the fourth week (597 cumulative vulnerabilities). Out of 418 vulnerabilities, 137 high-risk, 226 medium-risk and 55 low-risk were reported by the center in the fifth week.

There were about 540 high-risk vulnerabilities in October, accounting for almost 35 percent of all vulnerability vulnerabilities.

From last September (450 scale), it grew by around 10 percent. After January (about 430) and September, this is the next smallest number. Similar to July (scale 500), August (scale 680), June (scale 590), May (scale 670), April (scale 970), March (scale 650), February. It was slightly smaller than (scale 950). In October, the number of medium-risk vulnerabilities was around 800, accounting for more than 50 percent of all vulnerabilities in protection. It was the lowest of the year, relative to last September (940 units). It was close to last May (approximately 830), February (1,215), March (905), April (approximately 1,010), June (approximately 980), July (1,000), and less than in August (approximately 900). Looking into bugs linked to zero-day.

42 (25 percent share of all vulnerability vulnerabilities) in the first and second weeks of October, 153 (41 percent) in the third week, 341 (57 percent) in the fourth week and 205 in the fifth week. They were puppies (49 per cent).


All vulnerability scores for information security vulnerabilities were classified as ‘low’ from the first to the fifth week of October, said the Internet Emergency Center. In

In China, incident-type vulnerability flaws linked to parties, states, and businesses in October.


When looking at incident-type security vulnerabilities related to party, government agencies and companies that China Internet Emergency Center received through CNVD, in the first and second weeks of October, 3,670 were reported, up 26% from the previous week (2,902). The number rose by 45 percent to 5,332 in the third week, followed by a 1.27-fold jump to 12,085 in the fourth week. In the fifth week, the number decreased by 18% to 9,867.

The number of security risk accidents reported to institutions and businesses in essential fields such as finance, insurance and electricity by the Internet Emergency Center was 20 in the first and second weeks of October, 24 in the third week, 14 in the fourth week and 27 in the fifth week.

The number of information security vulnerability incidents identified by the Center to Chinese wired and wireless communications service providers was 7 in the first and second weeks of October, 11 in the third week, 7 in the fourth week and 13 in the fifth week, respectively.

In each region of the country, the number of security vulnerability incidents involving major local organizations verified and handled by the center in cooperation with CNCERT centers was 239 in the first and second weeks of October, 266 in the third week, 513 in the fourth week and 314 in the fifth week, respectively.

The number of vulnerabilities in the information systems of universities and research institutes verified and treated in collaboration with the center and the education sector reached 41 cases in the first and second weeks of October, 94 in the third week, 91 in the fourth week and 57 in the fifth week, respectively.

The vulnerabilities incidents identified by the Center to the National High-Level Information Security Coordination Body in the information system of each government department and committee website and related websites or directly affiliated organizations were 47 cases in the first and second weeks of October, 29 cases in the third week and 25 cases in the fourth week. 35 incidents during the fifth week.

Many October bugs in technology systems… Web apps are accompanied by
The proportion of server programs and web software was high, splitting the information security vulnerabilities officially registered by the Internet Emergency Center by the affected target in October. 85 vulnerabilities in the application program field (50 percent share) accounted for half in the first and second weeks of October (169 overall vulnerabilities registered).

First in the web application market, there were 60 vulnerabilities (36 percent), 21 operating systems (12 percent), 2 network equipment (switches, routers, etc.) (1 percent), and 1 security product sector weakness (1 percent).

There were 133 vulnerabilities in the application software field in the third week (372 vulnerabilities in total), accounting for 36 percent, less than half. 130 online apps (34 per cent) followed closely. In comparison, 81 operating systems (22%), 16 network computers (4%), 6 protection items (2%), 5 smart devices and devices (1%), and 2 database field weaknesses (1%).

Uh, over. There were 264 (44 percent) vulnerabilities in the framework program field in the fourth week (597 cumulative vulnerabilities), and 200 (34 percent) in the web application sector. In comparison, there were 50 operating systems (8%), 35 network equipment (6%), 23 databases (4%), 15 smart devices and devices (3%), and 10 protection product weaknesses (2%).

In the fifth week (418 vulnerabilities in total), 215 vulnerabilities (51 percent) accounted for half of them in the application program field. In the web application market, 128 vulnerabilities accounted for 31 percent . Network equipment 26 (6%), servers 25 (6%), operating system 16 (4%), protection goods 5 (1%), flaws in smart equipment and software, accompanied by 3 (1%) .

Security vulnerabilities in the communication, mobile Internet and industrial control systems sectors in October The security vulnerabilities in the communication, mobile Internet and industrial control systems sectors

The Internet Emergency Center conducted a study of information technology weaknesses in major industries and found that the mobile Internet industry as a whole has multiple security vulnerabilities in October. 12 vulnerabilities in the mobile Internet market (4 high-risk 5 medium-risk, 3 low-risk) and 2 sectors of contact (medium-risk) were counted in the first and second weeks of October. In the third week, 20 vulnerabilities in the mobile Internet sector (20 high risk, 23 medium risk, 18 low risk)

18 Industrial Device Vulnerabilities (5 extreme danger, 7 medium risk, 2 low risk), Communications. 8 areas (2 high risk, 3 medium risk, and 3 low risk) were identified.

In the fourth week with 60 (21 high danger, 28 medium risk, 11 low risk), 27 industrial control systems (7 high risk, 20 medium risk) and 14 communications industries, the number of vulnerabilities in the mobile Internet sector was the maximum. Dogs (2 high danger, 8 medium risk, 4 low risk) There were 16 mobile Internet risks (7 high risk, 9 medium risk), 14 contact areas (5 high risk, 8 medium risk, 1 low risk) and 14 industrial control systems (high risk) throughout the fifth week. 2, 12 mild hazard).

The Internet Emergency Center looked at the amount and proportion of vulnerabilities among the information security vulnerabilities last registered in October for large domestic and international corporations (products). Artifex App (24 glitches, 14 percent share) Google (18 IBM (12, 7 percent) Mozilla (11, 7 percent) cPanel (10, 6 percent) Microsoft (10, 6 percent) Oracle (10, 6 percent) Observium (6, 3 percent), Zhuhai Jinshan Pangong S/W ( , 5, 3 percent) Other (63, 37 percent) in the first and second weeks.