Monday, January 8, 2024

New exploits being released same day as the patch

This isn't great:

  • Less than one percent of vulnerabilities contributed to the highest risk and were routinely exploited in the wild.
  • 97 high-risk vulnerabilities, likely to be exploited, were not part of the CISA Known Exploited Vulnerabilities (KEV) catalog.
  • 25 percent of these security vulnerabilities were immediately targeted for exploitation, with the exploit being published on the same day as the vulnerability itself was publicly disclosed.
Bold emphasis is mine.  This is really not great at all.

 

 

4 comments:

  1. The problem is what used to called "fatware". Insanely complicated programs create much more vulnerability. And most of the gizmos that get added are unnecessary if not actively negative.

    ReplyDelete
  2. JUST part of the agenda for the US Great Reset. No power, no fuel, no food. Kill off the useless eaters and critical thinkers. "They" rule over the ashes. The top management doesn't care about profits, only middle and lower management does.
    Top management wants Gaia to return to pristine, pre industrial beauty. "They" have told us they only need 500 million for "sustainability" and living "in balance"*. Just enough service personnel to keep "Them" in opulence.
    *Georgia Guidestones.

    ReplyDelete
  3. The article needs to be read with a little care. In particular, "exploited on the day of publication" is not the same as "zero day". I've been there myself in a small way - one day while monitoring some traffic on a secure system we were building, I noticed a cleartext password being transferred where it should not have been. In other words, the "exploit" was actually how the vulnerability was discovered. A couple of phone calls with the component vendor enabled them to design a fix, after which they issued a patch and then finally published the vulnerability.

    A true zero day exploit happens where the first anyone trying to keep things secure knows about it is when they discover they have been penetrated, then have to work back and find out how that happened. There have certainly been more of those recently. One suspects the various ongoing hostilities have led to the use by state sponsored, or at least state affiliated, groups of vulnerabilities they had discovered and quietly 'banked' against such need.

    Presumably either Qualys don't have statistics for zero day vulnerabilities as such, or they are not willing to release them.

    ReplyDelete

Remember your manners when you post. Anonymous comments are not allowed because of the plague of spam comments.