Half of Recent Zero Day Bugs Could Have Been Prevented with Patching, Regression Tests
45.5% of Lockbit 2.0 victims paid a ransom, Macmillan forced to shut down due to security incident, SessionManager backdoored Exchange servers, Google blocked hack-for-hire sites, much more
Metacurity will not publish its regular daily newsletter on July 4, 2022. Remember the words of Ben Franklin, who, while exiting the constitutional convention in 1787, was asked what sort of government the delegates had created in America. His answer was: "A republic, if you can keep it."
Google Project Zero reports that as of June 15, 2022, there have been 18 zero day bugs detected and disclosed as exploited in the wild in 2022, with at least nine of the zero days being variants of previously patched vulnerabilities.
In other words, at least half of the zero days Google discovered in the first six months of 2022 could have been prevented with more comprehensive patching and regression tests. Moreover, four of the 2022 zero days are variants of 2021 in-the-wild zero days. Just 12 months after the original in-the-wild zero day patched, attackers came back with a variant of the original bug. (Maddie Stone / Google Project Zero)
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.