A zero day is a security flaw for which the vendor of the flawed system has yet to make a patch available to affected users. You can’t patch these holes—but you can still protect yourself. The name ultimately derives from the world of digital content piracy: if pirates were able to distribute a bootleg copy of a movie or album on the same day it went on sale legitimately (or maybe even before), it was dubbed a “zero day.”. By Josh Fruhlinger.
Borrowed into the world of cybersecurity, the name evokes a scenario where an attacker has gotten the jump on a software vendor, implementing attacks that exploit the flaw before the good guys of infosec are able to respond. Once a zero day attack technique is circulating out there in the criminal ecosystem—often sold by their discoverers for big bucks—the clock is ticking for vendors to create and distribute a patch that plugs the hole.
The content of the article:
- Zero day vulnerability vs exploit vs attack
- Why are zero day exploits dangerous?
- Defense against zero day attacks
- Practice defense in depth
- Keep an eye out for intrusions
- Lock down your networks
- Be sure to back up
- Zero day attack examples
But fighting off zero day attacks isn’t something that you need to do on your own. In fact, the broader security ecosystem—which consists of everyone from independent white-hat hacker researchers to security teams at big software and hardware vendors—has an interest in uncovering and fixing zero day vulnerabilities before malicious hackers can exploit them.
The march of zero day vulnerabilities and attacks is relentless. You wil find links to further reading in the article as well. Very good!
[Read More]