Google, Oracle surpass Microsoft in vulnerabilities, study shows

Google has replaced Microsoft as the number one software supplier for reported vulnerabilities, with a total of 82.

Google has replaced Microsoft as the software supplier with the most reported vulnerabilities, with a total of 82, due to existing vulnerabilities in Chrome as the browser grows in popularity.

Oracle had the second most vulnerabilities, with 63 , while Microsoft was third, with 58, according to Trend Micro’s Third Quarter Threat Report.

The security firm’s threat researchers also witnessed a significant shift from mass compromises to targeted attacks, particularly against large enterprises and government institutions.

The researchers’ work led them to uncover one of the most notable groups of targeted attacks during the third quarter: the LURID downloader.

These attacks, classified by Trend Micro as advanced persistent threats (APTs), targeted major companies and institutions in over 60 countries, including Russia, Kazakhstan, and the Ukraine.

The cybercriminals behind these attacks launched over 300 malware campaigns to steal confidential data by taking control of affected users’ systems over an extended period of time.

LURID was successful, says Trend Micro, because it was targeted by its nature. By zoning in on specific geographic locations and entities, LURID compromised up to 1,465 systems.

Other notable attacks, scams, breaches and exploits in the third quarter include a new DroidDreamLight variant with enhanced capabilities and routines. Disguised as battery-monitoring or task-listing tools or apps that allow users to see a list of permissions that installed apps use, copies of this new Android malware littered a Chinese third-party app store, Trend Micro researchers found.

In the first half of July,  researchers also found a web page that enticed users to click a link to get free invitations to Google’s Google+ social network. But instead of invitations to join the site, all the users got was an “opportunity” to take part in a survey that put them at risk.

In addition to the discovery of the LURID downloader, Trend Micro and other global security teams took down a SpyEye operation controlled by a cybercriminal in Russia and an accomplice in the US.

This botnet operation, which amassed more than $3.2m within six months, targeted large enterprises and government institutions in the US, as well as organisations in Canada, the UK, India, and Mexico.

Read more on Mobile apps and software