Staying Up To Date On Software Patches Is Critical

February 17, 2021

Written by wukovits

Google’s Project Zero security team has an impressive track record when it comes to chasing down and addressing the most critical security flaws found. They’re tireless in their work, which has saved untold billions of dollars and hampered the efforts of hackers all over the world.

The team has gathered some rather shocking statistics, however, including this eye-opener:

Based on their research, fully one fourth of the Zero-day exploits being discovered in use in the wild could have been avoided entirely if vendors and IT admins had properly patched their products.

Over the course of 2020, the team detected a total of 24 zero-day exploits. Six of these were variations on a theme; vulnerabilities disclosed in prior years, where hackers had access to older bug reports and had plenty of time to study older issues, making a few simple tweaks and winding up with a brand new zero-day exploit.

For instance, CVE-2020-0674, which is a Zero-Day Internet Explorer flaw is a variant that combines elements of CVE-2018-8653, CVE-2019-1367, and CVE-20191429.

In a similar vein, the devastating Google Chrome flaw tracked as CVE-2020-6572 is a variant that combines elements of CVE-2019-5870 and CVE-2019-13695. The Apple Safari zero-day issue tracked as CVE-2020-27930 is virtually identical to the one discovered back in 2015 and tracked as CVE-2015-0093.

On the one hand, this news is rather depressing as it seems that many in the IT security profession seem to be making things harder on themselves than they need to be. On the other hand, as Maddie Stone, a member of the Project Zero team observed, these kinds of insights are the exact reason the team was formed to begin with.

By studiously identifying and shutting down the most glaring and serious flaws and gathering statistics and data on them, the hope is to make them increasingly harder for hackers around the world to take advantage of in years to come. So far, that approach seems to be working. Kudos to Google and the Zero Day team.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Major Cyber Attack at OMV

Louisiana’s Office of Motor Vehicles (OMV) is one of a still undetermined number of government entities, major businesses, and organizations to be affected by an unprecedented Data Breach.There is no indication at this time that cyber attackers who breached MOVEit...

New Graphene Technology May Increase Hard Drive Storage

HDDs are old, well understood technology. They haven't changed much in recent years. In fact, increasingly, people are writing them off, preferring SSDs for their greater speed and smaller size, even though HDDs are less expensive. The clever folks at the University...

Some Amazon Device Features May Have Security Risks

Have you heard of Amazon Sidewalk? If not, it's definitely something you should be aware of. Depending on your point of view, the new feature, which was enabled by default on a wide range of Amazon devices by default on June 8 of this year (2021) is either...

Send us a message

Your message was sent.