cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jbraak
By Level 5 Flexeran
Level 5 Flexeran

Summary

Total advisories:  719 ↑  (last month: 709).

March has reported 719 advisories, replacing February as the third-highest number of advisories since the Secunia Research Team started in 2002. (#1 : July’20, #2: April’20)

Important conclusions from this month's report are:

  • March is the 4th month in a row to show an increase in advisories, zero-days, and threats
  • Vulnerabilities were reported this month for 91 vendors, 338 products, and 415 Product versions.
  • More than 60% of all advisories (rejected advisories not included)  have vulnerabilities that can be attacked from Remote.
    From remote describes vulnerabilities where the attack vector does not require access to the system nor a local network.
    This category covers services, which are acceptable to expose to the Internet (for example, HTTP, HTTPS, SMTP) as well as client applications used on the Internet and certain vulnerabilities, where it is reasonable to assume that a security-conscious user can be tricked into performing certain actions.
  • The Secunia Research Team reported no Extremely critical advisories this month (5 last month)
  • 7 Zero-Day Advisories reported (Apple iOS, Microsoft, Microsoft Windows, Microsoft 365)
  • Microsoft Patch Tuesday reported 80 Vulnerabilities (with 98 CVE’s),  Secunia research team summarized these into 16 Advisories
  • Over 1,468 unique CVE’s ( last month : 1,233) were covered in the 719 Advisories.
  • Threat Intelligence indicates that more Moderately Critical Vulnerabilities are targeted by hackers.
  • More than half of all advisories are disclosed by 3 vendors (SUSE 20%, Ubuntu 20%, IBM 12%)
  • Cisco and NetApp are contributing to more than 50% of all Networking related Advisories.

Last month we reported that 74.19% of all Secunia Advisories had a Threat ( exploits, malware, ransomware, etc.) associated with them, this month the number has been slightly lower to 71.63%

Using Threat Intelligence is going to help you with prioritizing what needs to be patched immediately.

Software Vulnerability – and Patch Management is becoming more and more important. Due to the ongoing Russia-Ukraine conflict, attacks on critical infrastructures in many countries are increasing.Back in 2019 (just before Covid), patching was recommended within 30 days (or 14 days for a CVSS score of 7 or higher)

Right now, hackers can deploy exploits within 1 week and even within 24 hours. This means that organizations need to prioritize even better to quickly patch vulnerabilities (especially the ones with threats associated with them)