September reported fewer advisories than August, After 9 consecutive months, September is the first month when vendors did not have to disclose Log4j vulnerability information for one of their products.
Important conclusions from this month's report are:
The Secunia Research Team reported 3extremely critical advisories.
13 Zero-Day Advisory reported (more than double from last month when 6 zero-day advisories were reported) mostly Microsoft and Apple and 1 for Google.
Over 1,686 CVEs ( last month: 1,982) were covered in the 544 Advisories
Threat Intelligence indicates that more Medium and Highly Critical Vulnerabilities are targeted by hackers.
More than half of all advisories are disclosed by SUSE, Ubuntu (Canonical), IBM, and RedHat
This month SUSE was identified as the vendor with the most rejected advisories (25 out of 87 advisories) And the vendor with the most disclosed Advisories (19.04% of all advisories)
Cisco is contributing to 63.04% of all Networking related Advisories.
Last month we reported that 68.70% of all Secunia Advisories had a Threat ( exploits, malware, ransomware, etc.) associated with them, this month the number has been significantly lower to 59.74%, with an increase in the lower and medium criticality range.
Using Threat Intelligence is going to help you with prioritizing what needs to be patched immediately.
Software Vulnerability – and Patch Management is becoming more and more important. Due to the ongoing Russia-Ukraine conflict, attacks on critical infrastructures in many countries are increasing. Back in 2019 (just before Covid) patching was recommended within 30 days (or 14 days for a CVSS score of 7 or higher).
Right now, hackers are able to deploy exploits within 1 week and even within 24 hours. This means that organizations need to prioritize even better to quickly patch vulnerabilities (especially the ones with threats associated with them)