Home » » Microsoft, Google and Apple zero-days were a huge security threat in 2022

Microsoft, Google and Apple zero-days were a huge security threat in 2022

No comments

When hackers look for zero-day flaws to exploit and gain a foothold on the target endpoint, they usually look at either Microsoft, Google, or Apple products, according to a new report from cybersecurity researchers Mandiant which claims of the major zero-day vulnerabilities were exploited last year, most targeted the big three.

Zero-days are flaws that have not yet been discovered by security researchers, hence IT teams have had zero days to patch their systems up. As such, they’re every hacker’s most prizer possession as abusing it triggers no alarms.

Of all the possible products that could have been targeted, crooks were keeping their magnifying glasses tightly focused on operating systems, web browsers, and network management products. Windows has had 15 vulnerabilities exploited, Chrome nine, and iOS five. MacOS rounds off the top four with four zero-day vulnerabilities exploited.

Chinese activity

Breaking the findings down geographically, Mandiant says the majority of the zero-days were exploited by Chinese state-sponsored threat actors (7), followed by the Russians (2 - one overlapping), and North Koreans (2). For three, an origin could not be established. Thirteen were exploited by cyber-espionage groups. 

Usually, they would look for flaws that would enable them to gain elevated privileges, or run remote code on vulnerable devices (53 out of 55 flaws).

Read more

> Windows, Chrome and Firefox zero-days exploited to spread malware

 > More Microsoft Exchange zero-days exploited in the wild

 > Here are the best malware removal tools today

Between edge infrastructure and cloud services, crooks were mostly interested in the former, as these products usually lack proper cybersecurity defences and are more likely to be compromised without alerting the IT teams. At the same time, as more firms migrate to the cloud, the number of disclosed zero-days might shrink, as cloud service providers report security incidents differently, Mandiant claims.

In any case, 2022 had fewer disclosed zero-day flaws (55) compared to the year prior (80), and while that does sound positive, 2022 was a record-breaker when it comes to the number of zero-days actively exploited. The researchers believe that the trend is only going to get worse this year.

Via: BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/AQxreyK
Share:

No comments:

Post a Comment

Categories

Rove Reviews Youtube Channel

  1. Subscribe to our youtube channel
  2. Like our videos and share them too.
  3. Our youtube channel name Rove reviews.

WITNUX

This website is made by Witnux LLC. This website provides you with all the news feeds related to technology from large tech media industries like GSM Arena, NDTV, Gadgets 360, Firstpost and many other such ates altogether at technical depicts so that you need not go to several sites to view their post provide you advantantage of time.

From the developer
Tanzeel Sarwar

OUR OTHER NETWORKS

OUR YOUTUBE CHANNEL

ROVE REVIEWS PLEASE SUBSCRIBE

OUR FACEBOOK PAGE

The Rove Reviews

Support

Trying our best to provide you the best DONATE or SUPPORTour site Contact me with details how are you gonna help us