A team of Russian researchers Positive Technologies (PJSC Positive Group) discovered 100 zero-day vulnerabilities (unknown to the developers themselves) in projects of domestic and foreign developers over 11 months of 2024, Vedomosti reports citing the head of the coordinated department. Diana Abdurakhmanova vulnerability disclosure group.
Author:
https://rb.ru/author/mihail-zelenin/
Subscribe to RB.RU on Telegram
In particular, the company’s researchers discovered a vulnerability in the Windows operating system, through which attackers could gain full control of the system and use the data to deepen the attack. Positive Technologies also identified security holes in the ESET Internet Security antivirus, which could allow hackers to delete any files or control individual processes.
At the same time, in Russian software in 2024, researchers discovered 39% more zero-day vulnerabilities than in 2023, the company reported without specifying specific figures. 42% of them present a level of critical and high danger, which implies the possibility of obtaining full access to the company’s computer system, Positive Technologies clarified.
In 2024, about 1.8 thousand zero-day vulnerabilities were discovered worldwide, while last year this figure was three times less, Yaroslav Istomin, information security specialist at the ST IT group of companies, told the newspaper. , citing statistics from the CVE open database. vulnerabilities (common vulnerabilities and exposures). About 45% of them have been eliminated and the remaining vulnerabilities are still in the process of being corrected or require additional measures to eliminate them, the expert emphasized.
Abdurakhmanova associated the increase in the number of zero-day vulnerabilities identified in Russian software with the growing attention of companies to cybersecurity and with the increase in the number of researchers dedicated to identifying vulnerabilities.
“Due to the fact that the speed of patch management increases, attackers will be even more active in searching for and exploiting zero-day vulnerabilities, closely monitoring information about new bugs and creating exploits for them,” he emphasized.
Previously, RED Security SOC reported to RB.RU that the number of cyberattacks on Russian banks in the first 10 months of 2024 was twice as high as last year. In October 2024 alone, cybercriminals carried out more than 3,000 cyberattacks on banks, while in the first three quarters of this year the average monthly number of attacks was about 1.5 thousand. The main tools of hackers remain DDoS attacks and brute passwords. force.
Author:
Mikhail Zelenin
Source: RB
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
