1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Google reveals the nastiest zero-days it tracked this year

    From TechnologyDaily@1337:1/100 to All on Wed Mar 27 13:15:05 2024
    Google reveals the nastiest zero-days it tracked this year

    Date:
    Wed, 27 Mar 2024 13:00:56 +0000

    Description:
    Nation-states are more interested in exploiting zero-days, and mostly through third-party software.

    FULL STORY ======================================================================

    The number of zero-day vulnerabilities exploited in the wild continued on an upward trajectory in 2023, posing a worrying question for businesses and consumers alike, new research from Google's security experts has claimed.

    A new report from Mandiant and Google's own Threat Analysis Group (TAG) analyzed the zero-day landscape, noting hackers were focused on third-party components and libraries, as that allowed them faster and easier scaling, for maximum impact.

    According to the analysis, there were 87 zero-day vulnerabilities exploited
    in the wild last year, more than 50% compared to the year before (62). However, the year was somewhat better than the record-breaking 2021, when 106 zero-days were abused. Nation-state attacks on the rise

    Enterprises were, and continue to be, a major target, with hackers casting an ever-wider net, while state-sponsored groups keep grabbing the larger piece
    of the overall hacking pie.

    Last year, most hackers focused on third-party components and libraries. Google claims that this type of vulnerability can scale to affect more than one product, making it a prime attack surface. We saw this theme repeated across threat actors of all motivations, seeking vulnerabilities in products or components that provided broad access to multiple targets of choice.

    As targets, enterprise entities grew even more popular, and more varied last year. Google observed hackers increasingly targeting enterprise-specific technologies, with the total number of zero-days abused here, up by almost two-thirds (64%) year-on-year. This increase was fueled mainly by the exploitation of security software and appliances, Google added.

    The report also argues that nation-states are more interested in exploiting zero-days than financially motivated hacking groups. That being said, China
    is still the number one, with its groups exploiting 12 zero-days last year,
    up from 7 the year before. This was more than we were able to attribute to
    any other state, Google concluded. More from TechRadar Pro New Zealand government claims it also suffered attacks from Chinese hacking groups Here's a list of the best firewalls around today These are the best endpoint
    security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/google-reveals-the-nastiest-zero-days-i t-tracked-this-year


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)