cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Monthly Vulnerability Insights: September 2022

raslam
Level 7 Flexeran
Level 7 Flexeran
0 0 287

Summary of Monthly Vulnerability Insights:

Total advisories:  544 (last month: 591).

September reported fewer advisories than August, After 9 consecutive months, September is the first month when vendors did not have to disclose Log4j vulnerability information for one of their products. 

Important conclusions from this month's report are:

  • The Secunia Research Team reported 3 extremely critical advisories.
  • 13 Zero-Day Advisory reported (more than double from last month when 6 zero-day advisories were reported)
    mostly Microsoft and Apple and 1 for Google.
  • Over 1,686 CVEs ( last month: 1,982) were covered in the 544 Advisories
  • Threat Intelligence indicates that more Medium and Highly Critical Vulnerabilities are targeted by hackers.
  • More than half of all advisories are disclosed by SUSE, Ubuntu (Canonical), IBM, and RedHat
  • This month SUSE was identified as the vendor with the most rejected advisories (25 out of 87 advisories)
    And the vendor with the most disclosed Advisories (19.04% of all advisories)
  • Cisco is contributing to 63.04% of all Networking related Advisories.

Last month we reported that 68.70% of all Secunia Advisories had a Threat ( exploits, malware, ransomware, etc.) associated with them, this month the number has been significantly lower to 59.74%, with an increase in the lower and medium criticality range.

Using Threat Intelligence is going to help you with prioritizing what needs to be patched immediately.

Software Vulnerability – and Patch Management is becoming more and more important. Due to the ongoing Russia-Ukraine conflict, attacks on critical infrastructures in many countries are increasing. Back in 2019 (just before Covid) patching was recommended within 30 days (or 14 days for a CVSS score of 7 or higher).

Right now, hackers are able to deploy exploits within 1 week and even within 24 hours. This means that organizations need to prioritize even better to quickly patch vulnerabilities (especially the ones with threats associated with them)