Summary of Monthly Vulnerability Insights:
The Log4j vulnerability is still being detected/reported by vendors after almost 9 months mostly by IBM:
This month, the trend that we’ve seen for the last few months with hackers focusing on the Low and Medium Vulnerabilities has lowered again. We are seeing more focus this month on Highly Critical Vulnerabilities being exploited, but Moderately and Less Critical Vulnerabilities are still a target for hackers to create exploits.
Please make sure you include Threat Intelligence in your Software Vulnerability Management Process to improve your prioritization.
Important conclusions from this month's report are:
Last month we reported that 64.23% of all Secunia Advisories had a Threat ( exploits, malware, ransomware, etc.) associated with them, this month the number has been slightly higher to 68.70%, with an increase in the lower and medium criticality range.
Using Threat Intelligence is going to help you with prioritizing what needs to be patched immediately.
Software Vulnerability – and Patch Management is becoming more and more important. Due to the ongoing Russia-Ukraine conflict, attacks on critical infrastructures in many countries are increasing. Back in 2019 (just before Covid) patching was recommended within 30 days (or 14 days for a CVSS score of 7 or higher)
Right now, hackers are able to deploy exploits within 1 week and even within 24 hours. This means that organizations need to prioritize even better to quickly patch vulnerabilities (especially the ones with threats associated with them)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.