As of October 2023, more than 42 thousand potentially dangerous vulnerabilities have been discovered in GitHub and other open source software repositories. Kaspersky Lab reported this to socialbites.ca after analyzing more than 20 thousand products.
Of all the vulnerabilities discovered, the largest share (29%) were vulnerabilities that could lead to security restrictions being bypassed. In second place, with 22%, are vulnerabilities that could potentially cause denial of service. The top 3 included vulnerabilities that allow arbitrary code to be executed on devices.
This was followed by vulnerabilities such as UI spoofing (7%), privilege escalation (6%), theft of confidential information (6%), and malware (6%). The remaining 12% divided smaller problem groups among themselves.
Kaspersky Lab experts classified 43% of all detected vulnerabilities as high-danger threats and 11% as critical-danger threats. For comparison: the analytical section in December 2022 showed that 35% of threats were at high danger level, while about 10% were at critical level. That is, during the 10 months of 2023, the share of high-danger vulnerabilities increased by 8%.
To check software based on open source code for vulnerabilities and malicious bookmarks, Kaspersky Lab recommended that Russian companies use special tools offered by domestic and foreign information security vendors.
scammers before came with A new way to extort money from Russians using Telegram.