Total critical failures discovered so far in 2021 has nearly doubled

2018 has everything to end as one of the most tense years when it comes to cybersecurity and Google numbers are further evidence of this. Until the beginning of September this year, the company’s Project Zero had already portrayed 2018 vulnerabilities that, until then, were unknown to the developers of software, and has everything to close this period with more than double the alerts compared to 2018.

  • Google fixes new critical security flaws in Chrome
  • Brazil registers 13,2 billion cyberattack attempts in the 1st half
  • REvil | Ransomware gang returns to active and talks about error in releasing keys

We already have, for example, an increase of 2018% in the number of reported incidents, as last year’s total was 16 vulnerabilities. The growth also shows an increasing trend with each period that has been solidifying since 2018, the year in which Project Zero had one of the lowest totals in its story, with only 16 vulnerabilities discovered and revealed to the public.

In 2021, the Google Chrome browser and Windows are tied as the software with the highest number of reported incidents — the Microsoft platform becomes the biggest if it is also considered a reported flaw in Defender, its security system. Of the 76 failures that have already been reported by the project, 16 involve some kind of memory corruption, with values ​​being written or executed outside the proper limits, thus allowing malware to be run remotely or opening access to unauthorized third parties.

Want to catch up on the best tech news of the day? Go and subscribe to our new channel on youtube, Canaltech News.

Every day a summary of the main news in the tech world for you!

Also appear with considerable importance in the numbers of Project Zero the operating systems Android, with five loopholes, and iOS, with three , including a recent one that could allow government spying from the overt surveillance software of the Israeli group NSO, which develops Pegasus. Another highlight is the WebKit rendering engine, with seven flaws in Google’s list and presence in all browsers available for Apple devices, in addition to appearing in Chrome and Opera in modified versions.

Bandits look for critical failures as new attack alternatives

Type failures zero day

are named for the idea that developers have “zero days” to work and release an update that solves the opening. Otherwise, there is nothing users can do to avoid suffering cyber attacks — in many cases, reports of breaches of this type also accompany the idea that malicious exploits are already taking place.

However, it helps that ordinary users are not often the target of sophisticated attacks in this category, while a combination of them may be needed for an attacker to, for example, take control of a smartphone or computer. According to Maddie Stone, security researcher at Project Zero, the greatest concern for citizens should be the leaks of personal data from the systems of private companies — these are more likely to be affected by the reported openings.

Stone even points out an ironic fact: the increase in the number of vulnerabilities zero day2021 is a reflection of the increased concern with security, with criminals needing to seek new alternatives in the face of a drop in the effectiveness of old scams. Thus, the recommendation for everyone, from gigantic corporations to users, is to keep software, operating systems and devices always up to date, since the absence of this type of maintenance is precisely what opens the door for criminals in the most common attacks.

Source: NBC News

Did you like this article?

Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.

Back to top button