Total advisories: 1,073 ↑ (last month: 992)
Another record-breaking month (and quarter) with the highest advisory count in the history of Secunia Research (since 2002)
and a record breaking Q1 with a whopping 44% increase compared to last years Q1.
NVD Challenges:
The biggest news are the ongoing issues at NVD, where the entire vulnerability community is seriously concerned about the potential delays in vulnerability analysis efforts. In our monthly report we will dive deeper into this serious matter and explain why Flexera's Software Vulnerability Research is not affected.
Important conclusions from this month report are:
- Less than half (43.8%) of all vulnerabilities reported in this month have a “Remote Attack Vector” (last month 49.29%)
- The Secunia Research Team reported 2 Extremely critical advisory this month. (Last month: 1)
- 7 Zero-Day Advisories reported. (last month :5) for mostly Apple (5), Microsoft (1) and Tukaani Project XZ Utils (1)
- Threat Intelligence indicates again that Moderately Critical Vulnerabilities are targeted by hackers.
- This month 110 advisories contain at least one vulnerability linked to a Recent Cyber Exploit
and 402 advisories contained at least one vulnerability linked to a Historical Cyber Exploit.
- More than half of all advisories are disclosed by these 3 usual (Linux) suspect vendors (SUSE,Linux,Red Hat)
- Interestingly among these vendors are also the ones with the most rejected advisories:
- Record breaking: Linux Foundation: 176 out of 276 advisories were rejected by the Secunia Research Team.
- Cisco contributed to more than half of all Networking related Advisories this month with 25 advisories.
Last month we reported that 66.53% of all Secunia Advisories had a Threat (exploits, malware, ransomware, etc.) associated with them, this month the number has been lower again for at least 2 months in a row to 53.59%
Using Threat Intelligence is going to help you with prioritizing what needs to be patched immediately.
Happy reading!
Jeroen
