Over a quarter of last year’s 0-day vulnerabilities caused by poorly written patches.
A zero-day represents a previously unidentified software vulnerability. They are very dangerous because it takes time for them to be discovered, time in which bad actors can exploit them uninterruptedly. According to Google security researchers, there were 24 0-days discovered in 2020, and incomplete security patches caused a good number of them.
Microsoft’s response to the attacks on their old JScript engine can be used as an example. Back in January 2018, there were a number of Internet Explorer vulnerabilities reported. A fix was released by the end of the year, along with a 0-day vulnerability which was discovered several months later.
“Looking at them all together as a group, the number that stuck out the most to me was that six out of the 24 zero-days exploited in 2020 are variants of previously disclosed vulnerabilities. […] On top of that, three out of the 24 vulnerabilities were incompletely patched, meaning that with just a few tweaks, you could have an exploit that still works even after the patch was applied.”Maddie Stone – Google security researcher
Check the source.
- H0lyGh0st Ransomware After Small and Midsize BusinessesMicrosoft has linked H0lyGh0st, a cyberthreat that emerged in June 2021 and targets small-to-midsized businesses, to North Korean state-sponsored […]
- Popular NFT Marketplace Ravaged by $540M Phishing SchemeIn March, a North Korean APT netted $540 million thanks to a massive phishing operation carried out on the […]
- Massive $59M Facebook Phishing Campaign Steals Nearly 400M CredentialsThreat actors have managed to net a staggering $59 million and steal hundreds of millions of credentials in a […]
- Human Error is a Top Security Risk in 2022, New Report ShowsA new report from Verizon warns about the human error as being one of the most frequent causes of […]
- Paying The Ransom – An Open Invitation For A Second Attack, 2022 Report WarnsWhether the unlucky victim of a ransomware attack ends up paying the ransom or not, they are still susceptible […]