Section 18.170 Zero-day Vulnerabilities Flashcards
Objectives 2.2 Explain common threat vectors and attack strategies. Objectives 2.3 Explain various types of vulnerabilities Objectives 2.4 Given a scenario, you must be able to analyse indicators of malicious activity. Objectives 2.5 Explain the purpose of mitigation techniques used to secure the enterprise. Objectives 2.6 Given a scenario, you must be able to apply common security techniques to computing resources.
Zero-day Vulnerabilities
Any vulnerability thats discovered or exploited before the vendor can issue a patch for it because they are unaware of it
e.g flaw in the Microsoft system that Microsft are unaware of but the attackers figure it out
Zero-day Exploits
Any unknown exploit in the wild that exposes a previously unknown vulnerability in the software or hardware
Zero-day
Refer to the vulnerability, exploit, or malware that exploits a zero day vulnerability
Zero day will refer to either the…
Vulnerabiliuty
Explot
Malware
Any mention of Zero Day in the exam just be careful as it may refer to one of 3 aspects above. Read questions carfeully
Zero-Day Exploits and Value
■ Zero-day exploits are significant in the cybersecurity world and can be lucrative
■ Bug bounty hunters can earn money by discovering zero-day vulnerabilities
■ Zero-days are also sold to government agencies, law enforcement, and criminals
■ Threat actors save zero-days for high-value targets, using generic malware for initial attempts
■ An up-to-date antivirus can detect known vulnerabilities’ exploitation
■ Countries and nation states may stockpile zero-days for espionage and strategic operations