Search cyberveille.decio.ch

Found 9 bookmarks

Custom sorting

2023 Top Routinely Exploited Vulnerabilities | CISA

In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets. In 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a zero-day, which is an increase from 2022, when less than half of the top exploited vulnerabilities were exploited as a zero-day. Malicious cyber actors continue to have the most success exploiting vulnerabilities within two years after public disclosure of the vulnerability. The utility of these vulnerabilities declines over time as more systems are patched or replaced. Malicious cyber actors find less utility from zero-day exploits when international cybersecurity efforts reduce the lifespan of zero-day vulnerabilities.

#cisa #EN #2024 #zero-day #vulnerabilities #2023 #Routinely-Exploited

·cisa.gov·Nov 13, 2024

2023 Top Routinely Exploited Vulnerabilities | CISA

How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities

Volexity regularly prioritizes memory forensics when responding to incidents. This strategy improves investigative capabilities in many ways across Windows, Linux, and macOS. This blog post highlights some specific ways memory forensics played a key role in determining how two zero-day vulnerabilities were being chained together to achieve unauthenticated remote code execution in Ivanti Connect Secure VPN devices.

#volexity #EN #2024 #Ivanti #Connect #Secure #VPN #Zero-Day #Vulnerabilities

·volexity.com·Feb 1, 2024

How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities

Apple fixes two zero-days exploited to hack iPhones and Macs

Apple has released emergency security updates to address two new zero-day vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads.

#Apple #EN #2023 #updates #zero-day #vulnerabilities #ios #macos

·bleepingcomputer.com·Apr 7, 2023

Apple fixes two zero-days exploited to hack iPhones and Macs

Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace

Mandiant tracked 55 zero-day vulnerabilities that we judge were exploited in 2022. Although this count is lower than the record-breaking 81 zero-days exploited in 2021, it still represents almost triple the number from 2020. * Chinese state-sponsored cyber espionage groups exploited more zero-days than other cyber espionage actors in 2022, which is consistent with previous years. * We identified four zero-day vulnerabilities exploited by financially motivated threat actors. 75% of these instances appear to be linked to ransomware operations. * Products from Microsoft, Google, and Apple made up the majority of zero-day vulnerabilities in 2022, consistent with previous years. The most exploited product types were operating systems (OS) (19), followed by browsers (11), security, IT, and network management products (10), and mobile OS (6).

#mandiant #EN #2022 #2023 #zero-day #zero-days #vulnerabilities #exploited #review

·mandiant.com·Mar 22, 2023

Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace

Microsoft Zero-Days, Wormable Bugs Spark Concern

For April Patch Tuesday, the computing giant addressed a zero-day under active attack and several critical security vulnerabilities, including three that allow self-propagating exploits.

#CVE-2022-26809 #EN #2022 #threatpost #Vulnerabilities #Patch-Tuesday #zero-day #CVE-2022-26904 #Windows #RPC

·threatpost.com·Apr 13, 2022

Microsoft Zero-Days, Wormable Bugs Spark Concern

Apple fixes two zero-days exploited to hack iPhones and Macs

Apple has released emergency security updates to address two new zero-day vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads.

#Apple #EN #2023 #updates #zero-day #vulnerabilities #ios #macos

·bleepingcomputer.com·Apr 7, 2023

Apple fixes two zero-days exploited to hack iPhones and Macs

Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace

* Mandiant tracked 55 zero-day vulnerabilities that we judge were exploited in 2022. Although this count is lower than the record-breaking 81 zero-days exploited in 2021, it still represents almost triple the number from 2020. * Chinese state-sponsored cyber espionage groups exploited more zero-days than other cyber espionage actors in 2022, which is consistent with previous years. * We identified four zero-day vulnerabilities exploited by financially motivated threat actors. 75% of these instances appear to be linked to ransomware operations. * Products from Microsoft, Google, and Apple made up the majority of zero-day vulnerabilities in 2022, consistent with previous years. The most exploited product types were operating systems (OS) (19), followed by browsers (11), security, IT, and network management products (10), and mobile OS (6).

#mandiant #EN #2022 #2023 #zero-day #zero-days #vulnerabilities #exploited #review

·mandiant.com·Mar 22, 2023

Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace

Microsoft Zero-Days, Wormable Bugs Spark Concern

For April Patch Tuesday, the computing giant addressed a zero-day under active attack and several critical security vulnerabilities, including three that allow self-propagating exploits.

#CVE-2022-26809 #EN #2022 #threatpost #Vulnerabilities #Patch-Tuesday #zero-day #CVE-2022-26904 #Windows #RPC

·threatpost.com·Apr 13, 2022

Microsoft Zero-Days, Wormable Bugs Spark Concern

For April Patch Tuesday, the computing giant addressed a zero-day under active attack and several critical security vulnerabilities, including three that allow self-propagating exploits.

#CVE-2022-26809 #EN #2022 #threatpost #Vulnerabilities #Patch-Tuesday #zero-day #CVE-2022-26904 #Windows #RPC

·threatpost.com·Apr 13, 2022

Microsoft Zero-Days, Wormable Bugs Spark Concern