1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Lazy software fixes are creating even more problems for security

    From TechnologyDaily@1337:1/100 to All on Tue Jul 5 15:45:04 2022
    Lazy software fixes are creating even more problems for security teams

    Date:
    Tue, 05 Jul 2022 14:34:50 +0000

    Description:
    Many zero-days found this year have been spin-offs of last year's poorly patched bugs.

    FULL STORY ======================================================================

    Quick fixes for zero-day vulnerabilities are giving rise to fresh issues for security teams, a new Google report suggests.

    According to cybersecurity researchers at Google Project Zero, half of the 18 zero-days found in major software this year could have been prevented had developers done a better job at patching the original flaw.

    Whats more, four of the zero-days discovered this year are spin-offs of bugs originally identified in 2021. Browsers are a major target

    "At least half of the 0-days we've seen in the first six months of 2022 could have been prevented with more comprehensive patching and regression tests," said Maddie Stone, one of the researchers.

    "On top of that, four of the 2022 0-days are variants of 2021 in-the-wild 0-days. Just 12 months from the original in-the-wild 0-day being patched, attackers came back with a variant of the original bug."

    In total, there were more zero-days discovered in 2021 than in the past five years. But while sloppiness may be a contributing factor, its not the only cause of this rise, it was said. Read more

    Google says 2021 was a record year for zero-day hacks


    This dangerous Microsoft Office zero-day is now being exploited in the
    wild


    Best identity theft protection of 2022

    Theres also the fact that, since the demise of the Flash player, cybercrooks have turned their attention towards browsers as their next biggest target. Theres also the fact that browsers have become so big that their code volume rivals that of certain operating systems.

    To top it off, researchers have probably gotten better at detecting zero-days being exploited on endpoints in the wild than they were five years ago.

    Google itself has patched four zero-day vulnerabilities in its Chrome
    browser, this year alone. These are the best antivirus solutions around

    Via ZDNet



    ======================================================================
    Link to news story: https://www.techradar.com/news/lazy-software-fixes-are-creating-even-more-prob lems-for-security-teams/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)