Summary
Total advisories: 821 ↑ (last month: 725).
Important conclusions from this month report are:
- 2022 was a record-breaking year with the highest number of Secunia Advisories reported, however 2023 is shaping up to destroy that previous record since we are already 24.7% Year-to-date. (Last month YTD was 22%)
- Advisories for 93 unique vendors, 381 unique products and 792 unique product versions reported this month.
- Almost 47.99% of all vulnerabilities reported in this month have a “Remote Attack Vector” (last month 54.48%)
- The Secunia Research Team reported only 1 Extremely critical advisory this month. (Last month: 16) which doesn’t happen that often.
- 5 Zero-Day Advisories reported. (last month :17)
- Over 1,491 unique CVE’s (last month: 1,731) were covered in the 821 Advisories.
- Threat Intelligence indicates again that more Moderately Critical Vulnerabilities are targeted by hackers.
- More than half of all advisories are disclosed by 4 vendors (SUSE 16.94%, Amazon 13.62%, Ubuntu 11.04%, RedHat 11.04%)
- Interestingly some these vendors are also the ones with the most rejected advisories:
- SUSE: 30 out of 151 advisories were rejected by the Secunia Research Team
- Amazon: 23 out of 151 advisories were rejected.
- Cisco and NetApp are contributing to almost 63% of all Networking related Advisories this month.
Last month we reported that 80% of all Secunia Advisories had a Threat (exploits, malware, ransomware, etc.) associated with them, this month the number has been higher to 70.52%
Using Threat Intelligence is going to help you with prioritizing what needs to be patched immediately.
Software Vulnerability – and Patch Management is becoming more and more important.
Due to the ongoing global threats, attacks on critical infrastructures in many countries are increasing.
Back in 2019 (just before Covid) patching was recommended within 30 days (or 14 days for CVSS score 7 or higher)
Right now, hackers can deploy exploits within 1 week and even within 24 hours . This means that organizations need to prioritize even better to quickly patch vulnerabilities (especially the ones with threats associated with them)