cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Monthly Vulnerability Insights: July 2022

raslam
Level 7 Flexeran
Level 7 Flexeran
3 0 164

Summary of  Monthly Vulnerability Insights:

July reported more advisories than June’s sudden dip. (the first half year was a continued monthly increase until June)

The Log4j vulnerability is still being detected/reported by vendors after almost 8 months:

  • IBM Operations Analytics
  • IBM Tivoli Network IP Edition
  • IBM Enterprise Content Management System Monitor

The trend that we’ve seen for the last few months with hackers focusing on the Low and Medium Vulnerabilities has increased again ( with May being an exception). These Moderate and Less Critical Vulnerabilities are normally not a priority for many organizations, but please make sure you include Threat Intelligence in your Software Vulnerability Management Process to improve your prioritization. 

Important conclusions from this month's report are:

  • 2 extreme critical advisories were reported ( Google Chrome and  Microsoft Edge are both also Zero-day)
  • 8 Zero-Day Advisory reported ( 6x Microsoft OS, 1x Google Chrome, 1x Microsoft Edge)
  • Over 2,645 CVEs were covered in the 548 Advisories which is more than double from last month. (1,281)
  • Threat Intelligence indicates that more Medium and Low Vulnerabilities are targeted by hackers.
  • Most vulnerabilities  (57.34%) are disclosed by IBM, SUSE, Ubuntu (Canonical), Oracle, and Amazon.
    (Red Hat this month outside the top 5 /  top +50%)  

Last month we reported that 62.60% of all Secunia Advisories had a Threat ( exploits, malware, ransomware, etc.) associated with them, this month the number has been slightly lower to 64.23% , with an increase in the lower and medium criticality range.

Using Threat Intelligence is going to help you with prioritizing what needs to be patched immediately.

Software Vulnerability – and Patch Management is becoming more and more important.
Due to the ongoing Russia-Ukraine conflict, attacks on critical infrastructures in many countries are increasing.
Back in 2019 (just before Covid) patching was recommended within 30 days (or 14 days for a CVSS score of 7 or higher)

Right now, hackers are able to deploy exploits within 1 week and even within 24 hours. This means that organizations need to prioritize even better to quickly patch vulnerabilities (especially the ones with threats associated with them)