This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Monthly Vulnerability Insights: July 2022

raslam
By Level 7 Flexeran
Level 7 Flexeran

Summary of  Monthly Vulnerability Insights:

July reported more advisories than June’s sudden dip. (the first half year was a continued monthly increase until June)

The Log4j vulnerability is still being detected/reported by vendors after almost 8 months:

  • IBM Operations Analytics
  • IBM Tivoli Network IP Edition
  • IBM Enterprise Content Management System Monitor

The trend that we’ve seen for the last few months with hackers focusing on the Low and Medium Vulnerabilities has increased again ( with May being an exception). These Moderate and Less Critical Vulnerabilities are normally not a priority for many organizations, but please make sure you include Threat Intelligence in your Software Vulnerability Management Process to improve your prioritization. 

Important conclusions from this month's report are:

  • 2 extreme critical advisories were reported ( Google Chrome and  Microsoft Edge are both also Zero-day)
  • 8 Zero-Day Advisory reported ( 6x Microsoft OS, 1x Google Chrome, 1x Microsoft Edge)
  • Over 2,645 CVEs were covered in the 548 Advisories which is more than double from last month. (1,281)
  • Threat Intelligence indicates that more Medium and Low Vulnerabilities are targeted by hackers.
  • Most vulnerabilities  (57.34%) are disclosed by IBM, SUSE, Ubuntu (Canonical), Oracle, and Amazon.
    (Red Hat this month outside the top 5 /  top +50%)  

Last month we reported that 62.60% of all Secunia Advisories had a Threat ( exploits, malware, ransomware, etc.) associated with them, this month the number has been slightly lower to 64.23% , with an increase in the lower and medium criticality range.

Using Threat Intelligence is going to help you with prioritizing what needs to be patched immediately.

Software Vulnerability – and Patch Management is becoming more and more important.
Due to the ongoing Russia-Ukraine conflict, attacks on critical infrastructures in many countries are increasing.
Back in 2019 (just before Covid) patching was recommended within 30 days (or 14 days for a CVSS score of 7 or higher)

Right now, hackers are able to deploy exploits within 1 week and even within 24 hours. This means that organizations need to prioritize even better to quickly patch vulnerabilities (especially the ones with threats associated with them)

‎Sep 20, 2022 08:56 AM
Preview file
886 KB