Software Flaws Used in Hacking More Than Double, Setting Record

The number of previously unknown software flaws used by hackers more than doubled last year, a new report says, in another sign of the increasing sophistication of cybercrime and online espionage.

Secret vulnerabilities in computer programs are especially prized by criminal gangs, law enforcement and spies because software vendors have not been warned and so cannot publish fixes 

In 2015, 54 such holes came to light and were deployed by hackers, according to a report published on Monday by the largest security software vendor, Symantec Corp. That is up dramatically from 24 the year before and 23 the year before that; the next-highest total over the past 10 years was 15 in 2007.

Symantec's total of "zero-day" or unknown vulnerabilities includes both flaws that were discovered because they were used by top-flight hackers who left tracks and those that were revealed to the public at the same time as the software maker.

In 2015, electronic files named "Hacking Team" were dumped on the Internet, including six zero-days that criminals quickly made use of.

Thousands of other flaws were identified as usual last year by vendors, outside researchers, and government agencies. The vendors develop and issue patches, either announcing the flaws or pointing to them by virtue of the fixes.