A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on "day zero" of awareness of the vulnerability.
Questions tagged [zero-day]
105 questions
6
votes
2 answers
Known security vulnerabilities in JBoss 4.x.x?
We just had a breach of one of our servers, where an intruder got access using the JBoss account and started running exploit scripts. The server has been taken offline and is being investigated, but I'm curious about how he got in.
Are there any…
mikek
- 163
- 1
- 5
6
votes
2 answers
Can Google Docs be used to “sanitize” a Word or Excel document?
Sometimes I have to download some Word or Excel documents from uncredible sites. I need not only to read but also to edit them. I heard that the Microsoft Office suite is a very popular attack vector. Although I patch my Windows and Office regularly…
user129187
6
votes
2 answers
Cost of finding vulnerabilities vs developing exploits
From the perspective of someone who wants to develop a zero-day exploit against some software application or target, there are broadly speaking two tasks that the attacker must do: (1) find a new exploitable vulnerability in the software; (2)…
D.W.
- 98,420
- 30
- 267
- 572
5
votes
1 answer
What is the "Moose" worm and how can I protect myself from it?
I have heard from others that there is a new worm called "moose". This actively targets and exploits home routers.
What are the effects of this exploit?
How can I protect myself from this?
Can I check if my router is vulnerable?
George
- 257
- 1
- 2
- 13
5
votes
2 answers
Zero-Day Exploit targeting Internet Explorer Versions 9 through 11
Few days ago, FireEye has found a vulnerability, which affects all versions of IE (even the latest 11). Microsoft has official statement regarding this issue.
FireEye wrote a technical article on their blog which explains details:
The exploit…
Salvador Dali
- 1,745
- 1
- 19
- 32
5
votes
1 answer
What is the procedure for selling a zero- day?
I read this question recently What does it mean to “burn a zero-day”?
I then researched on Google and read a few articles, this one "Shopping For Zero-Days" was particularly interesting because there are people that have companies that are in the…
0siris
- 91
- 8
5
votes
3 answers
How come iOS exploits/jailbreaks are worth so much in the "0-day trade"?
Zerodium, a "premium exploit acquisition platform", bought an iOS jailbreak vulnerability from a child in UK for around 1.5 million USD. They are offering the same amount on their website currently, but my question is, why are they worth so much?…
noodles
- 83
- 4
5
votes
2 answers
Is there an estimation of the number of zero-days out there?
A zero day vulnerability refers to a hole in software that is unknown
to the vendor.
Since, zero day vulnerabilities are unknown can any estimation of amounts be made? What are possible scenarios to estimate the amount of zero-days? For example,…
Bob Ortiz
- 6,234
- 8
- 43
- 90
5
votes
3 answers
How often do high-end attackers actually use zero-day exploits?
Earlier this week the head of the NSA's Tailored Access Operations unit rather remarkably gave a presentation at the USENIX Enigma security conference. (News coverege here and here; video of the talk here). The topic of the talk: how to defend…
mostlyinformed
- 2,715
- 16
- 38
4
votes
2 answers
How do honeypots remain secure to 0days and newer exploits?
If honeypots are designed for a specific set of exploits, such as SQL injection and XSS, how do they protect themselves against other exploits? For instance, if I created a honeypot a few months ago, and still had it running, would it be safe from…
Dylan Katz
- 243
- 1
- 3
- 9
4
votes
4 answers
How should I defend against zero-day attack on SSH?
Vulnerabilities are discovered everyday. The recent Heart bleed attack caught many people off guard. I was wondering if a serious flaw was to be discovered that allows unfettered access to SSH, how should I defend myself and minimize my exposure to…
Question Overflow
- 5,220
- 6
- 27
- 48
4
votes
2 answers
How does Java 7 update 11 fix the security vulnerability?
There is a new Java released a couple days ago to resolve a hole that was recently discovered.
(Oracle, US-CERT, NVD/NIST)
In my initial reading about this update 11, I saw clearly where it by default partially disabled the run-without-asking…
700 Software
- 13,807
- 3
- 52
- 82
4
votes
2 answers
What to do if you think you discovered a zero day vulnerability? (white hat style)
Does anybody discovered a zero day vulnerability?
I know some black hat hackers sell that kind of info on deep web. But if you are a white hat...
Which steps to perform?
How to assure a CVE is released with your name? Who is in charge of this…
OscarAkaElvis
- 5,185
- 3
- 17
- 48
4
votes
3 answers
What is a Zero Day attack?
Can anyone explain to me what is a zero day attack with a very simple example? Also, how can it be prevented?
B. Bakshi
- 73
- 2
4
votes
3 answers
I want to start learning fuzzing windows applications, where should I start?
I got my B.Sc. in computer science and I am familiar with basic assembly language. I want to start learning about how to find vulnerabilities in Windows applications, e.g. buffer overflows, use-after-free, etc. I am looking for a path, i.e.,…
Moe
- 43
- 1
- 5