April was the month with the highest number of vulnerabilities in the last 18 months. 9 Zero-day Vulnerabilities were reported including Google Chrome, Microsoft Edge, and VMWare Cloud Foundation.
The Log4j vulnerability is still being reported by (new) vendors and products for the 5th month in a row.
The trend that we’ve seen for the last few months is continuing with hackers focusing on the Low and Medium Vulnerabilities. Exploits for these vulnerabilities are more complex but have a longer lifespan due to the lack of Threat Intelligence in many organizations. Besides financial gain, many attacks are state-sponsored with the goal to disrupt companies and infrastructures.
Important conclusions from this month's report are:
Threat Intelligence indicates that more Low and Medium Vulnerabilities are targeted by hackers.
Most vulnerabilities are within the Linux families
15.36% (last month: 37% ) of all advisories are linked to recent cyber exploits which are significantly lower.
Last month we reported that 69% of all Secunia Advisories had a Threat ( exploits, malware, ransomware, etc.) associated with them, this month the number has been lower to 56%↓ , however an increase in the lower and medium criticality range
The added article from CISA (the US Gov. Cybersecurity & Infrastructure Security Agency) Known Exploited Vulnerabilities Catalog. They presented their key findings based on the top 2021 vulnerabilities including some interesting remediation tips that are 100% matching the remediation capabilities that Flexera Software Vulnerability Manager (SVM) offers.