Over a quarter of last year’s 0-day vulnerabilities caused by poorly written patches.
A zero-day represents a previously unidentified software vulnerability. They are very dangerous because it takes time for them to be discovered, time in which bad actors can exploit them uninterruptedly. According to Google security researchers, there were 24 0-days discovered in 2020, and incomplete security patches caused a good number of them.
Microsoft’s response to the attacks on their old JScript engine can be used as an example. Back in January 2018, there were a number of Internet Explorer vulnerabilities reported. A fix was released by the end of the year, along with a 0-day vulnerability which was discovered several months later.
“Looking at them all together as a group, the number that stuck out the most to me was that six out of the 24 zero-days exploited in 2020 are variants of previously disclosed vulnerabilities. […] On top of that, three out of the 24 vulnerabilities were incompletely patched, meaning that with just a few tweaks, you could have an exploit that still works even after the patch was applied.”Maddie Stone – Google security researcher
Check the source.
- Most Companies Aren’t Ready For The Greatest Cyber Threat Of 2021 – RansomwareOne would think that ransomware, currently the most significant cyber threat out there, keeps all organizations on edge and […]
- Patch These 5 Vulnerabilities Now To Protect Your Company From Ransomware AttacksHackers are actively exploiting years-old security vulnerabilities to launch ransomware attacks because organizations skip on patching them. Some of […]
- Fileless And Encrypted Malware Saw Massive Growth in Q2 2021A new report analyzing malware trends in the second quarter of 2021 shows that cyber threats are becoming stealthier, […]
- Massive Phishing Attack Hits At Least 6,000 Coinbase UsersCrypto exchange Coinbase confirmed that funds were stolen from at least 6,000 accounts in a vast phishing attack this […]
- The 3 Top Ransomware Threats Might Surprise YouNo, it’s not Revil, Ragnar Locker, BlackMatter, or Conti to make it to the top three ransomware threats responsible […]