Security News > 2024 > March > Miscreants are exploiting enterprise tech zero days more and more, Google warns
Zero-day exploits targeting enterprise-specific software and appliances are now outpacing zero-day bugs overall, according to Google's threat hunting teams.
While 61 of the 97 zero-days affected end-user products last year, this number isn't increasing as rapidly as its enterprise counterparts.
Across these end-user platforms the Googlers did note an increase in zero-days across third-party components and libraries, which gives attackers more bang for their buck and allows them to exploit one bug while affecting multiple products.
Moving back to the enterprise zero-days, Google's threat hunters attribute the increase to buggy security software and appliances in 2023.
Ivanti had three zero-day exploits last year, as did North Grid Corporation, giving these two vendors the dubious honor of being the most-exploited enterprise tech in 2023 in terms of zero-days.
A couple of notable stats from the new zero-day report: CSVs were responsible for 75 percent of known zero-day exploits targeting Google products and Android ecosystem devices in 2023, and 55 percent targeting iOS and Safari.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/03/27/surge_in_enterprise_zero_days/
Related news
- Google: 70% of exploited flaws disclosed in 2023 were zero-days (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google fixes two Android zero-days used in targeted attacks (source)