Zero Day Attacks
Introduction
Zero-day attacks or threats refer to attacks that exploit
previously unknown software vulnerabilities.
Software vendors do know about theses vulnerabilities in
their software and hackers use this to their advantage to gain access to an
application. Hackers exploit the vulnerabilities before the vendor become aware
of it this is known as a zero-day attack.
Zero day attacks can include the following attacks such as
malware, spyware or allowing unwanted access to user information. These attacks
can lead to a person or company losing money or data and their clients and them
not trusting them or their products.
Vulnerabilities can come from simple mistakes such as a network or
application not programed in the correct manner.
Today many zero day attacks are on web browsers.
FireEye Research Labs identified a new Internet Explorer (IE) zero-day exploit used in targeted attacks. The vulnerability affects IE6 through IE11, but the attack is targeting IE9 through IE11. Microsoft is warning Internet Explorer users about active attacks that attempt to exploit a previously unknown security flaw in every supported version of IE. The vulnerability could be used to silently install malicious software without any help from users, save for perhaps merely browsing to a hacked or malicious site.
FireEye Research Labs identified a new Internet Explorer (IE) zero-day exploit used in targeted attacks. The vulnerability affects IE6 through IE11, but the attack is targeting IE9 through IE11. Microsoft is warning Internet Explorer users about active attacks that attempt to exploit a previously unknown security flaw in every supported version of IE. The vulnerability could be used to silently install malicious software without any help from users, save for perhaps merely browsing to a hacked or malicious site.
There a various way in which users can protect
themselves from these attacks and limit the vulnerabilities.
Users can install anti-virus software and have it
perform scans regularly and update it frequently. Look for software patches at
the software vendor website and setup your operating system to automatically
receive updates for all your software. Users should also allow approved
software to run on the operating system this also limits they vulnerability. A
zero-day threat is also known as a zero-hour attack or day-zero attack.
Bibliography
Anon., 2013. Software Vulnerability Control. [Online]
Available at: http://www.comptechdoc.org/independent/security/recommendations/secsoftwarev.html
Available at: http://www.comptechdoc.org/independent/security/recommendations/secsoftwarev.html
Bradley, T., 2014. Free
Vulnerability Scanner Software. [Online]
Available at: http://netsecurity.about.com/od/freesecuritytools/a/aafreevulnscan.htm
Available at: http://netsecurity.about.com/od/freesecuritytools/a/aafreevulnscan.htm
FireEye , 2014. Internet
Explorer Versions 9 through 11. [Online]
Available at: http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html
Available at: http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html
krebsonsecurity,
2014. Microsoft Warns of Attacks on IE Zero-Day. [Online]
Available at: http://krebsonsecurity.com/2014/04/microsoft-warns-of-attacks-on-ie-zero-day/
Available at: http://krebsonsecurity.com/2014/04/microsoft-warns-of-attacks-on-ie-zero-day/
Norton, 2014. Vulnerabilities.
[Online]
Available at: http://us.norton.com/security_response/vulnerabilities.jsp
Available at: http://us.norton.com/security_response/vulnerabilities.jsp
Techopedia, 2014. Zero-Day
Threat. [Online]
Available at: http://www.techopedia.com/definition/27451/zero-day-threat
Available at: http://www.techopedia.com/definition/27451/zero-day-threat
No comments:
Post a Comment