The Log4j vulnerability is still being detected/reported by vendors after almost 9 months mostly by IBM:
IBM Security Identity Manager
IBM Infosphere Master Data Management
IBM Data Risk Manager
This month, the trend that we’ve seen for the last few months with hackers focusing on the Low and Medium Vulnerabilities has lowered again. We are seeing more focus this month on Highly Critical Vulnerabilities being exploited, but Moderately and Less Critical Vulnerabilities are still a target for hackers to create exploits.
Please make sure you include Threat Intelligence in your Software Vulnerability Management Process to improve your prioritization.
Important conclusions from this month's report are:
No extremely critical advisories were reported by the Secunia Research Team.
6 Zero-Day Advisory reported ( 4x Apple (iOS, Safari,macOS) , 1x Google Chrome, 1x Microsoft Edge)
Over 1,982 CVEs were covered in the 591 Advisories
Threat Intelligence indicates that more Medium and Highly Critical Vulnerabilities are targeted by hackers.
More than half of all advisories are disclosed by IBM, SUSE, Ubuntu (Canonical), RedHat, and Gentoo.
Last month we reported that 64.23% of all Secunia Advisories had a Threat ( exploits, malware, ransomware, etc.) associated with them, this month the number has been slightly higher to 68.70%, with an increase in the lower and medium criticality range.
Using Threat Intelligence is going to help you with prioritizing what needs to be patched immediately.
Software Vulnerability – and Patch Management is becoming more and more important. Due to the ongoing Russia-Ukraine conflict, attacks on critical infrastructures in many countries are increasing. Back in 2019 (just before Covid) patching was recommended within 30 days (or 14 days for a CVSS score of 7 or higher)
Right now, hackers are able to deploy exploits within 1 week and even within 24 hours. This means that organizations need to prioritize even better to quickly patch vulnerabilities (especially the ones with threats associated with them)