"About half of those zero-days exploited the very devices that are designed to protect enterprise networks from digital intruders. Google said security and networking devices, such as firewalls made by Cisco and Fortinet, and VPN and virtualization platforms like Ivanti and VMWare, were among the top targeted vendors last year."
"Google's researchers said that hackers exploited common flaws, like input validation and incomplete authorization processes, to break through firewall and VPN defenses to gain access to customer networks. These classes of bugs are generally easier to exploit, but generally require a software update to fix."
"Google noted the Clop extortion gang's campaign against Oracle E-Business Suite customers, which allowed hackers to walk away with reams of human resources data from dozens of companies about their staff and executives. The hacks affected Harvard University, the American Airlines subsidiary Envoy, and The Washington Post, among others."
Google's annual security report reveals that 48% of tracked zero-day vulnerabilities exploited enterprise technologies, reaching a new high. Security and networking devices from vendors like Cisco, Fortinet, Ivanti, and VMware were heavily targeted. Hackers exploited common flaws including input validation errors and incomplete authorization processes to breach firewall and VPN defenses. Notable incidents included the Clop extortion gang's campaign against Oracle E-Business Suite, compromising human resources data from major organizations including Harvard University, American Airlines' Envoy subsidiary, and The Washington Post. The remaining 52% of zero-days affected consumer products from Microsoft, Google, and Apple, with operating systems and mobile devices experiencing increased vulnerability exploitation.
#zero-day-vulnerabilities #enterprise-security #cyber-attacks #network-infrastructure-threats #data-breaches
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]