March was the month with the second-highest number of vulnerabilities in the last 12 months. Most Browsers disclosed zero-day vulnerabilities that also had high threats associated with them. The Log4j vulnerability is still being reported by (new) vendors and products for the 4th month in a row.
Important conclusions from this month's report are:
Threat Intelligence indicates that more Low and Medium Vulnerabilities are targeted by hackers.
Most vulnerabilities are within the Linux families (SUSE, Ubuntu, RHEL, Debian, Linux)
37% of all advisories are linked to recent cyber exploits
Last month we reported that 62% of all Secunia Advisories had a Threat ( exploits, malware, ransomware, etc.) associated with them, unfortunately, this month the number has risen to almost 69%↑
This means that these vulnerabilities are actively being exploited or attacked. Using Threat Intelligence is going to help you with prioritizing what needs to be patched immediately. Software Vulnerability – and Patch Management is becoming more and more important.
Due to the ongoing Russia-Ukraine conflict, attacks on critical infrastructures in many countries are increasing. Back in 2019 (just before Covid) patching was recommended within 30 days (or 14 days for a CVSS score of 7 or higher)
Right now, hackers are able to deploy exploits within 1 week and even within 24 hours. This means that organizations need to prioritize even better to quickly patch vulnerabilities (especially the ones with threats associated with them)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added this month 226 more security flaws to its Known Exploited Vulnerabilities Catalog, taking the total number of actively exploited vulnerabilities to 613.
It is strongly recommended to immediately mitigate these risks. (CISA requires federal agencies to mitigate critical vulnerabilities within 15 days and high-risk vulnerabilities within 30 days).