One Article Review
| Source |  Mandiant |
|---|---|
| Identifiant | 8500401 |
| Date de publication | 2024-03-26 22:00:00 (vue: 2024-05-15 19:06:53) |
| Titre | Tendances les jours zéro exploités dans le monde en 2023 Trends on Zero-Days Exploited In-the-Wild in 2023 |
| Texte | Written by: Maddie Stone, Jared Semrau, James Sadowski
Combined data from Google\'s Threat Analysis Group (TAG) and Mandiant shows 97 zero-day vulnerabilities were exploited in 2023; a big increase over the 62 zero-day vulnerabilities identified in 2022, but still less than 2021\'s peak of 106 zero-days. This finding comes from the first-ever joint zero-day report by TAG and Mandiant. The report highlights 2023 zero-day trends, with focus on two main categories of vulnerabilities. The first is end user platforms and products such as mobile devices, operating systems, browsers, and other applications. The second is enterprise-focused technologies such as security software and appliances. Key zero-day findings from the report include: Vendors\' security investments are working, making certain attacks harder. Attacks increasingly target third-party components, affecting multiple products. Enterprise targeting is rising, with more focus on security software and appliances. Commercial surveillance vendors lead browser and mobile device exploits. People\'s Republic of China (PRC) remains the top state-backed exploiter of zero-days. Financially-motivated attacks proportionally decreased. Threat actors are increasingly leveraging zero-days, often for the purposes of evasion and persistence, and we don\'t expect this activity to decrease anytime soon. Progress is being made on all fronts, but zero-day vulnerabilities remain a major threat. A Look Back - 2023 Zero-Day Activity at a Glance Barracuda ESG: CVE-2023-2868 Barracuda disclosed in May 2023 that a zero-day vulnerability (CVE-2023-2868) in their Email Security Gateway (ESG) had been actively exploited since as early as October 2022. Mandiant investigated and determined that UNC4841, a suspected Chinese cyber espionage actor, was conducting attacks across multiple regions and sectors as part of an espionage campaign in support of the PRC. Mandiant released a blog post with findings from the initial investigation, a follow-up post with more details as the investigation continued |
| Envoyé | Oui |
| Condensat | 106 2021 2022 2023 2023; 20867 2868 34362 about across actively activity actor actors additionally advisory affecting against all also analysis anytime appliances applications approach are attack attacks attributed back backed barracuda based been being better big blog browser browsers but by: campaign can categories certain certificate china chinese combined comes commercial components conduct conducting containment continue continued critical customers cve cyber damage data day days decrease decreased deep defend defenders defense defenses depth detailed detailing details detection determined device devices difficult disclosed discovered don early effort email end enterprise esg esg: espionage esxi esxi: evade evasion ever evidenced examples expect exploitation exploited exploiter exploiting exploits file fin11 financial financially finding findings first focus focused follow from fronts gateway get glance google group guidance guide had hardening harder has help high highlights hunting identified impact include: increase increasingly industry infrastructure initial initially investigated investigation investing investments involving james jared joint key knowledge landscape later lead leak learn least less leveraging light look losses maddie made main major making management mandiant may merged mobile more motivated moveit multiple must network now observed october often operating opportunities organizations other over overlaps part party peak people persistence platform platforms post potential prc principles privilege proactive products progress proportionally protect provided purposes read recommendations reduce reduction regions released remain remains report republic reputational result rising risk sadowski second sectors security segmentation semrau shared shined should shows significant since site software solutions soon sound state stone such support surface surveillance suspected systems tag takeaways target targeting technical technologies than theft third threat threats three through top transfer transfer: trends two unc3886 unc4841 unc4857 understanding undiscovered user users vcenter vendors verticals vigilant virtualization vmware vulnerabilities vulnerability well which widespread wild working written zero |
| Tags | Vulnerability Threat Mobile Cloud Technical |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.