Kaspersky Security Bulletin 2024. Statistics

The “Kaspersky Security Bulletin 2024. Statistics” report contains statistics on cyberthreats for the period from November 2023 through October 2024. It covers such threats as financial malware, ransomware, miners, malware for IoT and macOS, vulnerabilities and others. Continue reading Kaspersky Security Bulletin 2024. Statistics

Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days

Zero-day vulnerabilities are more commonly used, according to the Five Eyes:

Key Findings

In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets. In 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a zero-day, which is an increase from 2022, when less than half of the top exploited vulnerabilities were exploited as a zero-day.

Malicious cyber actors continue to have the most success exploiting vulnerabilities within two years after public disclosure of the vulnerability. The utility of these vulnerabilities declines over time as more systems are patched or replaced. Malicious cyber actors find less utility from zero-day exploits when international cybersecurity efforts reduce the lifespan of zero-day vulnerabilities…

Continue reading Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days

Threats in space (or rather, on Earth): internet-exposed GNSS receivers

Internet-exposed GNSS receivers pose a significant threat to sensitive operations. Kaspersky shares statistics on internet-exposed receivers for July 2024 and advice on how to protect against GNSS attacks. Continue reading Threats in space (or rather, on Earth): internet-exposed GNSS receivers

AIs Discovering Vulnerabilities

I’ve been writing about the possibility of AIs automatically discovering code vulnerabilities since at least 2018. This is an ongoing area of research: AIs doing source code scanning, AIs finding zero-days in the wild, and everything in between. The AIs aren’t very good at it yet, but they’re getting better.

Here’s some anecdotal data from this summer:

Since July 2024, ZeroPath is taking a novel approach combining deep program analysis with adversarial AI agents for validation. Our methodology has uncovered numerous critical vulnerabilities in production systems, including several that traditional Static Application Security Testing (SAST) tools were ill-equipped to find. This post provides a technical deep-dive into our research methodology and a living summary of the bugs found in popular open-source tools…

Continue reading AIs Discovering Vulnerabilities

Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

Kaspersky experts analyze cyberdefense weak points, including patch management, policy violations and MSSP issues, and real-world cases where compromise assessment helped detect and mitigate incidents. Continue reading Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

White House is prioritizing secure internet routing, using memory safe languages

National Cyber Director Harry Coker says the Biden administration is focusing on securing foundational technologies.

The post White House is prioritizing secure internet routing, using memory safe languages appeared first on CyberScoop.

Continue reading White House is prioritizing secure internet routing, using memory safe languages

Research reveals vulnerabilities in routers that left 700,000-plus exposed

ForeScout said one of them warranted rating at the maximum severity level, although DrayTek has issued patches.

The post Research reveals vulnerabilities in routers that left 700,000-plus exposed appeared first on CyberScoop.

Continue reading Research reveals vulnerabilities in routers that left 700,000-plus exposed