This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Monthly Vulnerability Insights: April 2024

jbraak
By Level 5 Flexeran
Level 5 Flexeran

Summary

Total advisories:  1,010 (last month: 1073)

Important conclusions from this month report are:

  • April has become the third month with more than 1,000 advisories (third highest in history)
  • Since the start of 2024 we’ve seen a serious increase in the number of advisories: + 46%
  • Less than half (48.91%)  of all vulnerabilities reported in this month have a “Remote Attack Vector” (last month 43.8%)
  • The Secunia Research Team reported 2 Extremely critical advisory this month. (Last month: 2)
  • 2 Zero-Day Advisories reported. (last month :7) for Cisco (ASA and FTD) and Palo Alto Networks (PAN-OS)
  • Threat Intelligence indicates again that Moderately Critical Vulnerabilities are targeted by hackers.
  • This month 132 (last month:110) advisories contain at least one vulnerability linked to a Recent Cyber Exploit
    and 412 (last month:402) advisories contained at least one vulnerability linked to a Historical Cyber Exploit.
  • More than half of all advisories are disclosed by these 3 usual (Linux) suspect vendors (SUSE,Linux,Red Hat)
  • Interestingly among these vendors are also the ones with the most rejected advisories:
    • Linux, RedHat and SUSE reported 141 out of 203 advisories were rejected by the Secunia Research Team.
  • Juniper (45%) and Cisco (18%)  contributed to more than half of all Networking related Advisories this month with 38 advisories.

Last month we reported that 53.59% of all Secunia Advisories had a Threat (exploits, malware, ransomware, etc.) associated with them, this month the number has been HIGHER  to 62.97%

Using Threat Intelligence is going to help you with prioritizing what needs to be patched immediately.

 NVD Challenges:

Currently more than 8,000 CVEs are awaiting analysis!

Issues at NVD are still ongoing, where the entire vulnerability community is seriously concerned about the potential delays in vulnerability analysis efforts.  (Latest news: https://nvd.nist.gov/general/news/nvd-program-transition-announcement  )

While it’s unclear on the exact reasons on what’s cooking at NVD, we are positive that NIST will bounce back strongly. However, the gap between enriched and pending analysis is simply increasing by the day.

Having said that Flexera’s Software Vulnerability Research (Secunia Research), is completely unperturbed with these delays from NVD. We recognize the importance of timely and accurate vulnerability intelligence for our customers. We understand that delays in analysis efforts can impact decision-making and cybersecurity strategies. However, we want to assure our clients that our solution remains unaffected by these challenges. 

‎May 02, 2024 07:29 AM
Preview file
1104 KB
0 Kudos