Cyber Security News

Zero-Day Exploits Defined and Explained

by

Zero-Day Exploits Defined

“Zero-day” is a loose term for a recently discovered vulnerability or exploit for a vulnerability that hackers can use to attack systems. These threats are incredibly dangerous because only the attacker is aware of their existence.

These exploits can go unnoticed for years and are often sold on the black market “The Dark Net” for large sums of money.

Kaspersky defines Zero-Day Exploits:

A zero day exploit is a cyber attack that occurs on the same day a weakness is discovered in software. At that point, it’s exploited before a fix becomes available from its creator.

Initially when a user discovers that there is a security risk in a program, they can report it to the software company, which will then develop a security patch to fix the flaw. This same user may also take to the Internet and warn others about the flaw. Usually the program creators are quick to create a fix that improves program protection, however, sometimes hackers hear about the flaw first and are quick to exploit it. When this happens, there is little protection against an attack because the software flaw is so new.

Organizations at risk from such exploits can employ several means of detection, including using virtual local area networks (LANs) to protect transmitted data, by making use of a firewall, and using a secure Wi-Fi system to protect against wireless malware attacks. Also, individuals can minimize the risk by keeping their operating systems and software up to date or by using websites with SSL (Security Socket Layer), which secures information being sent between the user and the site.

Google fixes exploited Chrome zero-day dropped on Twitter

Google has released Chrome 90.0.4430.85 to address an actively exploited zero-day and four other high severity security vulnerabilities impacting today’s most popular web browser.

The version released on April 20th, 2021, to the Stable desktop channel for Windows, Mac, and Linux users will be rolling out to all users over the coming weeks.

“Google is aware of reports that exploits for CVE-2021-21224 exist in the wild,” the company’s announcement reads.

Read More

Source: BleepingComputers

Here is a Link to a full descriptive article:  Zero-Day Exploits Defined and Explained