Keeping up with 0-days is a losing battle

From Ars Technica:

The number of attacks that exploited previously unknown software vulnerabilities more than doubled in 2015 as hackers raced against security defenders to find effective ways to infect end users with malware, according to a recently released report.

The number of “zero-day” exploits—a term that was coined because affected software developers have zero days to release a patch that keeps users protected—reached an unprecedented 54, according to researchers at security firm Symantec. That number compared with 24 in 2014, 23 in 2013, and 14 in 2012. The increase was partly caused by the breach of Italy-based zero day broker Hacking Team, which spilled six closely guarded zero days into the public domain. It also came as Adobe and other developers significantly reduced the time it took to release patches that plugged zero-day holes.

Compensating controls, such as full packet logging and access audits, are absolutely critical.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s