trends

Hello 0-Days, My Old Friend: a 2024 Zero-Day Exploitation Analysis

, ,

Google's Threat Intelligence Group reported 75 zero-day vulnerabilities exploited in 2024, down from 98 in 2023 but up from 63 in 2022. This year's exploitation continued a trend towards targeting enterprise technologies over end-user products. Key findings included:

  1. Trends in Exploitation: 44% of vulnerabilities targeted enterprise software, up from 37% in 2023. Vendors are improving security, reducing exploits on popular targets like browsers.
  2. Notable Targets: Security and networking products saw increased exploitation, with a significant focus on Ivanti and Palo Alto. Attackers' focus is shifting from end-user devices to critical enterprise infrastructures.
  3. Actor Analysis: State-sponsored espionage actors, particularly from China and North Korea, accounted for the majority of attributable exploitation, often blending espionage with financial motives.
  4. Exploited Vulnerability Types: The most common were remote code execution and privilege escalation vulnerabilities, often resulting from software coding errors.

Overall, while detection and vendor defenses improve, zero-day vulnerabilities remain appealing to threat actors, necessitating stronger vendor security practices.

https://cloud.google.com/blog/topics/threat-intelligence/2024-zero-day-trends/

RSAC 2025: What We Expect at the Largest Cybersecurity Conference of the Year

RSAC 2025, the largest cybersecurity conference, will address critical topics like AI management, non-human identities, and online safety for seniors. Attendees will learn from experts including Bruce Schneier on AI trustworthiness, and explore scam prevention strategies led by Ayelet Biger-Levin. Key initiatives include evolving the web for privacy with Sir Tim Berners-Lee's Solid project and a special DARPA AI challenge showcase. PCMag will cover highlights from the event starting April 28.

https://uk.pcmag.com/security/157731/rsac-2025-what-we-expect-at-the-largest-cybersecurity-conference-of-the-year

Gen Z Facing Increased Cybersecurity Threats

, ,

Gen Z, digital natives, face significant cybersecurity risks despite tech familiarity. Studies reveal overconfidence in recognizing threats, with 52% using vulnerable passwords. The rise of AI complicates matters, as 46% share sensitive data with AI tools unchecked. Training gaps persist, with many lacking access to education, and those offered abandon important security tools. Psychological stress about job security due to breaches is notable. However, growing awareness among Gen Z could foster stronger cybersecurity defenses in the future.

https://www.pandasecurity.com/en/mediacenter/gen-z-facing-increased-cybersecurity-threats/

The Digital Illusion: Millennials and Online Safety Risks

,

TLDR: 70% of millennials rarely verify online identities, risking exposure to identity fraud and misinformation. Despite digital savviness, many still trust misleading online interactions, highlighting a gap in cybersecurity awareness. Oversharing personal information increases vulnerability to attacks. Millennials need to adopt critical thinking and verify sources to strengthen their online safety.

https://www.kaspersky.com/blog/the-digital-illusion/53137/

LatAm Orgs Face 40% More Attacks Than Global Average

Due to weaker security, political instability, and rapid tech adoption, Latin American organizations experience 40% more cyberattacks than the global average. Check Point found that Latin America faces 2,569 attacks weekly, impacting critical industries and vulnerable citizens, particularly in countries like Brazil, Mexico, and Colombia. Cybercriminals exploit these conditions, often collaborating with local cartels, while law enforcement struggles to control the surge in cybercrime.

https://www.darkreading.com/cybersecurity-analytics/latin-american-orgs-more-cyberattacks-global-average

Scroll to Top