This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

The Community is now in read-only mode to prepare for the launch of the new Flexera Community. During this time, you will be unable to register, log in, or access customer resources. Click here for more information.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Monthly Vulnerability Insights: September 2022

raslam
By Level 7 Flexeran
Level 7 Flexeran

Summary of Monthly Vulnerability Insights:

Total advisories:  544 (last month: 591).

September reported fewer advisories than August, After 9 consecutive months, September is the first month when vendors did not have to disclose Log4j vulnerability information for one of their products. 

Important conclusions from this month's report are:

  • The Secunia Research Team reported 3 extremely critical advisories.
  • 13 Zero-Day Advisory reported (more than double from last month when 6 zero-day advisories were reported)
    mostly Microsoft and Apple and 1 for Google.
  • Over 1,686 CVEs ( last month: 1,982) were covered in the 544 Advisories
  • Threat Intelligence indicates that more Medium and Highly Critical Vulnerabilities are targeted by hackers.
  • More than half of all advisories are disclosed by SUSE, Ubuntu (Canonical), IBM, and RedHat
  • This month SUSE was identified as the vendor with the most rejected advisories (25 out of 87 advisories)
    And the vendor with the most disclosed Advisories (19.04% of all advisories)
  • Cisco is contributing to 63.04% of all Networking related Advisories.

Last month we reported that 68.70% of all Secunia Advisories had a Threat ( exploits, malware, ransomware, etc.) associated with them, this month the number has been significantly lower to 59.74%, with an increase in the lower and medium criticality range.

Using Threat Intelligence is going to help you with prioritizing what needs to be patched immediately.

Software Vulnerability – and Patch Management is becoming more and more important. Due to the ongoing Russia-Ukraine conflict, attacks on critical infrastructures in many countries are increasing. Back in 2019 (just before Covid) patching was recommended within 30 days (or 14 days for a CVSS score of 7 or higher).

Right now, hackers are able to deploy exploits within 1 week and even within 24 hours. This means that organizations need to prioritize even better to quickly patch vulnerabilities (especially the ones with threats associated with them)



‎Oct 04, 2022 03:52 AM
Preview file
866 KB
0 Kudos