Security News > 2024 > March > Miscreants are exploiting enterprise tech zero days more and more, Google warns

Miscreants are exploiting enterprise tech zero days more and more, Google warns
2024-03-27 14:00

Zero-day exploits targeting enterprise-specific software and appliances are now outpacing zero-day bugs overall, according to Google's threat hunting teams.

While 61 of the 97 zero-days affected end-user products last year, this number isn't increasing as rapidly as its enterprise counterparts.

Across these end-user platforms the Googlers did note an increase in zero-days across third-party components and libraries, which gives attackers more bang for their buck and allows them to exploit one bug while affecting multiple products.

Moving back to the enterprise zero-days, Google's threat hunters attribute the increase to buggy security software and appliances in 2023.

Ivanti had three zero-day exploits last year, as did North Grid Corporation, giving these two vendors the dubious honor of being the most-exploited enterprise tech in 2023 in terms of zero-days.

A couple of notable stats from the new zero-day report: CSVs were responsible for 75 percent of known zero-day exploits targeting Google products and Android ecosystem devices in 2023, and 55 percent targeting iOS and Safari.


News URL

https://go.theregister.com/feed/www.theregister.com/2024/03/27/surge_in_enterprise_zero_days/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 103 256 4322 4698 744 10020