Security News > 2024 > March > Miscreants are exploiting enterprise tech zero days more and more, Google warns
Zero-day exploits targeting enterprise-specific software and appliances are now outpacing zero-day bugs overall, according to Google's threat hunting teams.
While 61 of the 97 zero-days affected end-user products last year, this number isn't increasing as rapidly as its enterprise counterparts.
Across these end-user platforms the Googlers did note an increase in zero-days across third-party components and libraries, which gives attackers more bang for their buck and allows them to exploit one bug while affecting multiple products.
Moving back to the enterprise zero-days, Google's threat hunters attribute the increase to buggy security software and appliances in 2023.
Ivanti had three zero-day exploits last year, as did North Grid Corporation, giving these two vendors the dubious honor of being the most-exploited enterprise tech in 2023 in terms of zero-days.
A couple of notable stats from the new zero-day report: CSVs were responsible for 75 percent of known zero-day exploits targeting Google products and Android ecosystem devices in 2023, and 55 percent targeting iOS and Safari.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/03/27/surge_in_enterprise_zero_days/
Related news
- Google engineer caught stealing AI tech secrets for Chinese firms (source)
- Poking holes in Google tech bagged bug hunters $10M (source)
- Google: Spyware vendors behind 50% of zero-days exploited in 2023 (source)
- Google fixes Chrome zero-days exploited at Pwn2Own 2024 (source)
- Zero-day exploitation surged in 2023, Google finds (source)
- Google fixes two Pixel zero-day flaws exploited by forensics firms (source)
- Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies (source)
- Google fixes one more Chrome zero-day exploited at Pwn2Own (source)