June reported fewer advisories after we have seen an increase each month since the beginning of this year.
The Log4j vulnerability is still being reported by vendors after almost 7 months:
Atlassian Confluence
Atlassian Jira
TRAVIS – Corporate
IBM PureData System for Operational Analytics
Amazon Linux
The trend that we’ve seen for the last few months with hackers focusing on the Low and Medium Vulnerabilities has increased again ( with May being an exception). These Moderate and Less Critical Vulnerabilities are normally not a priority for many organizations, but please make sure you include Threat Intelligence in your Software Vulnerability Management Process to improve your prioritization.
Important conclusions from this month's report are:
No Extremely Critical Advisory reported
Only 1Zero-Day Advisory was reported ( Atlassian)
No Browser Zero-Day Advisories were reported, which is still very rare.
Threat Intelligence indicates that more Medium and Low Vulnerabilities are targeted by hackers.
Most vulnerabilities (54.5%) are disclosed by IBM, SUSE, Ubuntu (Canonical), and Redhat
Last month we reported that 62.65% of all Secunia Advisories had a Threat ( exploits, malware, ransomware, etc.) associated with them, this month the number has been higher to 64.60%↑ , with an increase in the lower and medium criticality range.
