Dec 16, 2020
A zero-day (or 0-day) vulnerability is a software vulnerability that hasn’t been publicly disclosed or was recently discovered due to a successful attack. Once the threat is discovered, the race is on to patch the vulnerability before it can be exploited. In other words, the software developers have zero days to fix the vulnerability.
Software vulnerabilities are flaws in computer applications or operating systems. They can also be caused by improper configurations or coding. Vulnerabilities are the security holes that cybercriminals take advantage of by using exploits to gain access to valuable information or enact destructive goals.
To put it simply, an exploited vulnerability can be catastrophic. Three metrics used to analyze the impact of a successful exploit, i.e. a malware package that has compromised its target, are Confidentiality, Integrity, and Access.
So far in 2020, there have been a few major zero-day attacks on the likes of Microsoft and Sophos. These zero-day attacks have the potential to shut down businesses and lead to massive losses. So how can you protect your organization from falling victim to vulnerabilities that don’t yet have a patch?
The best place to start is with security policy within your organization. Make a plan and stick to it. Invest in a robust cybersecurity team that works to keep your organization protected through prioritization and mitigation of high-risk security vulnerabilities.
Invest in an all-in-one vulnerability management platform like TOPIA. Keep track of the tens, hundreds, or thousands of different assets seamlessly within your organization. You can also make sure their respective software is updated on a routine basis. This will help mitigate vulnerabilities and ensure a workstation isn’t overlooked.
Utilize tools like TOPIA’s Patchless Protection to protect vulnerable applications until a patch is available.
Establish a culture of security best practices. A zero-day vulnerability might require an unaware individual to open an attachment containing malware, like in the zero-day attack on Microsoft’s Adobe Type Manager. Documents containing malicious software were downloaded by unsuspecting users. Train users to identify and report suspicious activity.
February 2021 Patch Tuesday RundownKent Weigle March 03, 2021
Could the Vulnerability Fujiwhara Effect Be the New Normal?Kent Weigle January 18, 2021
Six Ways to Improve Your Patch Management PracticesKent Weigle January 05, 2021
Top Trending CVEs of January 2021Kent Weigle February 01, 2021
So I Really Have to Update Chrome?Kent Weigle February 08, 2021