"Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant"

Security researchers at Mandiant have analyzed the zero-day vulnerabilities disclosed in 2022 and found that over a dozen of them were used in attacks believed to have been carried out by cyberespionage groups.  The researchers noted that the cybersecurity community cannot reach an agreement on the definition of a zero-day vulnerability.  Some define as zero-day as any vulnerability whose details are made public before a patch is released, while others only assign a zero-day classification to flaws that were actually exploited in attacks before a fix was made available.  The researchers stated that only vulnerabilities that were exploited in the wild before a patch was released were included in their zero-day analysis.  According to the researchers, 55 zero-day vulnerabilities came to light last year.  While this is a significant drop from the 81 discovered in 2021, it’s still more than in any other previous year.  The researchers noted that many of the zero-days found last year were not publicly attributed to a known threat actor.  Of the ones that were attributed, 13 were linked to cyberespionage groups, including seven believed to have been exploited by Chinese state-sponsored groups.  Chinese hackers targeted vulnerabilities such as CVE-2022-30190 (the Windows flaw known as Follina), CVE-2022-42475, and CVE-2022-41328 (Fortinet product vulnerabilities).  The researchers stated that two of the zero-days attributed to state-sponsored threat actors were linked to North Korea, and two were tied to Russia.  Three vulnerabilities were exploited by commercial spyware vendors such as Candiru and Variston. One flaw was seen being exploited by both China and Russia and spyware vendors as well.  The researchers stated that four of the zero-days spotted in 2022 were likely exploited by financially motivated threat actors, including CVE-2022-29499 (by Lorenz ransomware), and CVE-2022-41091 and CVE-2022-44698 (by Magniber ransomware).  Of the 55 zero-days that emerged in 2022, 18 impacted Microsoft products, 10 impacted Google products, and 9 were found in Apple products.  Other affected vendors included Fortinet, Mozilla, Sophos, Trend Micro, Zimbra, Adobe, Atlassian, Cisco, Mitel, SolarWinds, Zoho, QNAP, and Citrix.  As for product types, 19 flaws impacted desktop operating systems, followed by browsers (11), security, IT, and network management products (10), and mobile operating systems (6). 

SecurityWeek reports: "Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant"