Cyber Security – What is a Zero-day?

Zero-day also known as Zero-hour or 0-day vulnerabilities are frequently mentioned in the news. A 0-day vulnerability is an uncorrected flaw in software that can be exploited to adversely affect computer programs or operating systems. The term 0-day is used because the vendor has 0 days to correct the issue.

Security researchers (aka white hats) and malicious hackers (aka black hats) spend their time looking for vulnerabilities in software. White hats report these vulnerabilities to the vendor so the vendor can create a patch for the product; hopefully before the criminals find a way to exploit the bug. Black hats do not typically report vulnerabilities; they design exploits. Exploits are a means of using bugs (typically security flaws) to either damage or steal data. Exploits that allow the attacker to grant themselves full administrative control of a computer, phone, tablet or even an entire network are among the most critical.

The following 0-day vulnerabilities were revealed and patched in the month of July 2015:

Multiple updates were issued for 3 0-day vulnerabilities in Adobe Flash Player including a patch on July 14, 2015 after Mozilla blocked all previous version of Flash in Firefox.

The cyberespionage group known as Pawn Storm exploited a 0-day in Java version 8. The latest update to Java (Java 8 Update 51) was released July 14, 2015

Perhaps the most dangerous bug was patched on July 20, 2015. The bug exists in all editions of Windows and affects the way that Windows displays text. Before the bug was patched criminals were using the bug to remotely execute code on susceptible computers. Successful attempts to remotely execute code using the flaw meant that compromised systems were completely controlled by the attacker. The attack allowed the criminal to do anything they wanted to the system including but not limited to: installing key-loggers (used to steal passwords), add new administrative users to a system, use the compromised computer to infect other computers on a network, steal data, damage data, and cover-up evidence of the break-in.

Jackson Kahl Insurance Services, LLC. can help you assess your systems. Please give us a call at 800-524-5467 to schedule a consultation. We can help find a solution that meets your needs.

Tags :