7. Complete zeroing of zero-day vulnerabilities

rakhirhif8963 · Post by **rakhirhif8963** » Thu Feb 06, 2025 6:58 am

How can you protect yourself? As a risk mitigation measure, it is recommended to “build” security into the DevOps process by continuously monitoring for configuration errors, image integrity, and administrator privileges. Use the Mitre ATT&CK Matrix for Containers to identify weaknesses in your cloud security architecture.

Developing exploits for vulnerabilities now takes hours and there is nothing you can do about it... The only solution is patches.

When 17,000 SolarWinds customers had their data stolen in 2020, and about 40 of them were subsequently hacked, many were shocked by the scale of the breach. Unfortunately, the total number of compromised users has increased significantly in 2021, amid the slow response of companies to the cybercriminals. Case in point: two weeks after Microsoft released a patch for ProxyLogon, 30,000 Exchange servers were still vulnerable (other estimates put the number at 60,000).

That same year, a second major problem was iceland mobile database in Exchange: ProxyShell. In August, the day after Blackhat's presentation on Exchange Server vulnerabilities, a proof-of-concept exploit (POC exploit) was released for all the holes patched by Microsoft in April and May. According to a Shodan report, a week after the exploit appeared, more than 30,000 Exchange servers remained unprotected - and this data does not provide a complete picture of what was happening (Shodan specialists did not have time to scan the entire Internet). In short, the patches were released in the spring, but the corresponding vulnerabilities could be exploited in the fall.

What can we conclude from the above information? Both hackers and security professionals will continue to hone their skills to create malicious and proof-of-concept exploits within hours of a vulnerability being disclosed. However, mainly due to the increasing severity of a breach, companies must increase their vigilance and optimize resource and patch management. They must identify publicly available assets and implement patches as quickly as possible, regardless of the possible disruption to business operations. Prompt application of patches should be a priority. While exploitation of vulnerabilities with serious consequences cannot be completely eliminated, it should be understood that the more organizations that strictly follow basic rules, the smaller the scale of cyber-attacks will be.