Deploying security patches as quickly as possible remains one of the best ways to prevent most security breaches, as attackers usually rely on exploits for publicly known vulnerabilities that have a patch available — the so-called n-day exploits. But mitigating the risk from vulnerabilities unknown to the affected software developers and don’t have a patch available — the zero-day flaws — requires a careful analysis of the types of actors exploiting them, the geography and industries they target, the malware payloads they deploy, the tactics they use, and the type of products they usually target.
According to an analysis by Google-owned threat intelligence and incident response firm Mandiant, attackers exploited 55 zero-day flaws last year, fewer than the 81 observed in 2021 but triple the number tracked in 2020 and higher than in any previous years. In fact, 2020 was an outlier because security vendors saw their normal workflows disrupted by the COVID pandemic that year, possibly impacting their ability to discover and track zero-day attacks.
To read this article in full, please click here
More Stories
Hardware Vulnerability in Apple’s M-Series Chips
It’s yet another hardware side-channel attack: The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts...
Half of British SMEs Have Lost Data in Past Five Years
Beaming research reveals that nearly half of UK SMEs have lost data since 2019, costing billions Read More
Calls to Incident Response Helpline Double in a Year
A rising volume of calls to the Scottish Cyber and Fraud Centre highlights surging threat levels Read More
Smashing Security podcast #365: Hacking hotels, Google’s AI goof, and cyberflashing
Security researchers find a way to unlock millions of hotel rooms, the UK introduces cyberflashing laws, and Google's AI search...
NHS Trust Confirms Clinical Data Leaked by “Recognized Ransomware Group”
NHS Dumfries and Galloway confirmed that patient clinical data was leaked following the attack on its systems earlier in March...
Ransomware hits The Big Issue. Qilin group leaks confidential data
The Qilin ransomware group has targeted The Big Issue, a street newspaper sold by the homeless and vulnerable. Spost on...