June reported fewer advisories after we have seen an increase each month since the beginning of this year.
The Log4j vulnerability is still being reported by vendors after almost 7 months:
TRAVIS – Corporate
IBM PureData System for Operational Analytics
The trend that we’ve seen for the last few months with hackers focusing on the Low and Medium Vulnerabilities has increased again ( with May being an exception). These Moderate and Less Critical Vulnerabilities are normally not a priority for many organizations, but please make sure you include Threat Intelligence in your Software Vulnerability Management Process to improve your prioritization.
Important conclusions from this month's report are:
No Extremely Critical Advisory reported
Only 1Zero-Day Advisory was reported ( Atlassian)
No Browser Zero-Day Advisories were reported, which is still very rare.
Threat Intelligence indicates that more Medium and Low Vulnerabilities are targeted by hackers.
Most vulnerabilities (54.5%) are disclosed by IBM, SUSE, Ubuntu (Canonical), and Redhat
Last month we reported that 62.65% of all Secunia Advisories had a Threat ( exploits, malware, ransomware, etc.) associated with them, this month the number has been higher to 64.60%↑ , with an increase in the lower and medium criticality range.