IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [zero-day]

A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on "day zero" of awareness of the vulnerability.

105 questions
1
vote
2 answers

what does 0day vulnerability specifically mean?

is any unknown vulnerability from any type considered as 0 day vulnerability ? as example if i discovered xss vulnerability in a website which is unknown for users and developers, then does that mean i have discovered a 0-day vulnerability ? or it…
user132778
1
vote
2 answers

Is there a practical way to identify security vulnerabilities that were published following a full disclosure policy?

I am conducting a study about the different vulnerability disclosure policies in an effort to determine how long it takes for a given vendor to issue a fix/patch, depending on how a given vulnerability was disclosed. The problem is, I have a hard…
AleVe
  • 11
  • 1
1
vote
1 answer

Which Rogers internet compatible router is most secure?

Without telling you which specific Rogers-provided router, version, nor the terrible but verified security bug that exists for it (them), would any dear somewhat security conscious Rogers customer here please provide an alternative, and hopefully…
foamroll
  • 113
  • 4
1
vote
0 answers

How many accounts are affected by the vBulletin breach? At risk?

vBulletin hack(s) have affected vBulletin, itself (security questions and answers, salts, and hashes of more than 300,000 users of the 345k known to be registered), and Foxit Software (some data for 260k users -- but 535k are known to be…
BillR
  • 219
  • 1
  • 8
1
vote
1 answer

Reliable Sources for Software Vulnerability Patch Release dates

I have searched in NVD and realized that patch release dates are not published with the specific vulnerability information of an application. Other information like the "update date" do not necessarily map to the day a patch is released. Can…
SyCode
  • 200
  • 8
0
votes
3 answers

My Mom's Flash Player

So I am slightly more than a dilettante when it comes to security but hardly an expert. I have been reading up on the recent Adobe Flash issues and I wanted to ask a couple of questions: My Mom uses Mozilla on her computer and they have all but…
ford prefect
  • 235
  • 1
  • 2
  • 9
0
votes
3 answers

What sites give the latest information on security threats especially zero day malware

What websites give the latest information on zero day malware or other exploits newly introduced.
Brahmabull
  • 19
  • 2
0
votes
2 answers

Why is always possible to discover and exploit new zero-day vulnerabilities?

Couldn't an updated server/computer be completely sealed against attacks? Why can't you block any incoming request for running something in your server? For example, in my naiv view, a mail server could be getting emails (text files) sending…
james preston
  • 1
0
votes
2 answers

Tracing root compromises

In regards to the following: 0day Linux/CentOS SSHd Spam Exploit — libkeyutils.so.1.9 SSHD Rootkit There apparently seems to be a bunch of redhat server being backdoored via a library. Does anyone have advice on how to track and find the initial…
C0de r3d
  • 1
  • 1
0
votes
0 answers

Zero day vulnerabilities & Cybersecurity Supply Chain Risk Management - how to move from a reactive posture to a proactive posture?

I refer to the Log4j logging framework vulnerability - Source: https://www.wired.com/story/log4j-flaw-hacking-internet/ Since software vulnerabilities is an inevitable part of life, and speed is of an essence when it comes to patching…
Nathan Aw
  • 1
  • 7
  • 12
0
votes
3 answers

Instead of waiting until zero-day exploits to happen, how to preemptively find zero-day vulnerabilities in order to deter zero-day exploits?

Instead of waiting until zero-day exploits to happen, how to preemptively find zero-day vulnerabilities in order to deter zero-day exploits? There has to be a better way.
Nathan Aw
  • 1
  • 7
  • 12
0
votes
0 answers

How to identify the usage of the tcp/ip Trek Stack

In order to mitigate the potential exposure to ripple20 zero-day, I must identify the device/s that have the Trek TCP/IP stack installed. Can I do this with software like LanSweeper? Or must I check every single device router etc.?
Ion Stirba
  • 107
  • 6
0
votes
0 answers

Remote Desktop compromised

So roughly 2 weeks ago my Remote Desktop was compromised whilst I was actively interacting with my server via Rdp I was prompted with a disconnect status equal to “ Another user has connected to remote server “ which obviously raised alarms so I…
user213965
  • 1
0
votes
1 answer

Zero Day Policies implementation

I'm new here, and sorry if my english is a little bit broken it's not my main language. I'm trying to put together a document/ppt for my startup with a Zero Day policy structure. But I'm not finding real implemented flows, information, or something…
Saikios
  • 103
  • 2
0
votes
0 answers

How should security patches be managed in public versioning systems (like Github, etc.)?

There's a thing I don't understand. I found a project on Github. Looking at the list of commits, you can see stuff like "fixed XSS in file whatever, etc". But that commit is part of a long list of commits that were made after the latest public…
reed
  • 15,398
  • 6
  • 43
  • 64
1 2 3 4 5
6
7