Word of the Day: zero-day

Word of the Day Daily updates on the latest technology terms | December 27, 2018 zero-day Zero-day is a flaw in software, hardware or firmware that is unknown to the party responsible for patching or otherwise fixing the flaw. The term zero-day may refer to the vulnerability itself, or an attack that has zero days between the time the vulnerability is discovered and the first attack. Once a zero-day vulnerability has been made public, it is known as an n-day or one-day vulnerability. Since zero-day vulnerabilities aren't known in advance, there is no way to guard against such exploits before they happen. Ordinarily, when a researcher detects that a software program contains a potential security issue, he or she will notify the software vendor so they can fix the code and distribute a patch or software update. The hope with a zero-day vulnerability is that even if an attacker hears about the vulnerability, it will take time to figure out how to exploit it without being detected -- and meanwhile, the fix will have been made available.   Antimalware software, intrusion detection systems (IDSes) and intrusion prevention systems (IPSes) are often ineffective against zero-day attacks because the attacks do not yet have a known signature. One of the best ways to detect a zero-day attack is simply to monitor network logs. Activities falling outside of the normal scope of operations could be an indicator of a zero-day attack.   Other suggestions for mitigating the effects of a zero-day attack include:   Keep all systems patched and up to date. Perform regular vulnerability scanning. Apply encryption and authentication controls to network traffic. Isolate sensitive traffic flowing between servers. Use network access control to prevent rogue machines from gaining access. Lock down wireless access points. Stay on top of security news. Quote of the Day "Zero-day vulnerabilities are presumably unknown by the software creator, so there is no way to patch the software to defend against the vulnerability." - Russ White Trending Terms exploit advanced persistent threat vulnerability scanner Stuxnet Google Project Zero Patch Tuesday   Learning Center New Walmart CISO discusses protecting the world's largest retailer In part two of a wide-ranging interview, Walmart CISO Jerry Geisler, who stepped into the role in January, talks about evaluating the Fortune 1 retailer's security posture, 'three big buckets' the company is focused on right now and advances in its cloud strategy. Zero-day Telegram vulnerability exploited for cryptomining A zero-day Telegram vulnerability discovered by Kaspersky Lab was used by Russian cybercriminals to spread cryptomining malware. Microsoft patches Internet Explorer zero-day 'Double Kill' For May 2018's Patch Tuesday, Microsoft fixed an Internet Explorer zero-day vulnerability that was actively exploited in the wild by an advanced persistent threat group. Understanding the exploit market: How data breaches happen Quickly upgrading software with the latest patches is essential when you understand how data breaches happen and how the exploit market can work against you when you have network and system vulnerabilities. Our expert walks you through how attackers take advantages of vulnerabilities. Adobe zero-day fix precedes June Patch Tuesday An Adobe zero-day exploit stole the attention of administrators before Microsoft addressed about 50 security updates this June Patch Tuesday. Find out which vulnerabilities to prioritize this month and how to address the updated advisory for the Spectre vulnerability. Quiz Yourself Ransomware hasn't been in the news for _______ but it seems to be making a comeback. a. a while b. awhile Answer Stay in Touch For feedback about any of our definitions or to suggest a new definition, please contact me at: mrouse@techtarget.com Visit the Word of the Day Archives and catch up on what you've missed! FOLLOW US About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Whatis.com, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget, Whatis, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2018 TechTarget. All rights reserved.