Did you know that freeware packages don't have access to databases or update for 30 days, so if a 0day hits, people with quality PAID protection get immediate protection but the tightwads could be 30 days behind...
NOT GOOD!
You don't seem to have the slightest clue of what - zero-day - actually means.
And all it took was a simple google search:
"Zero-Day" Definition
The term "Zero-Day" is used when security teams are unaware of their software vulnerability, and they’ve had “0” days to work on a security patch or an update to fix the issue. “Zero-Day” is commonly associated with the terms
Vulnerability,
Exploit, and
Threat. It is important to understand the difference:
- A Zero-Day Vulnerability is an unknown security vulnerability or software flaw that a threat actor can target with malicious code.
- A Zero-Day Exploit is the technique or tactic a malicious actor uses to leverage the vulnerability to attack a system.
- A Zero-Day Attack occurs when a hacker releases malware to exploit the software vulnerability before the software developer has patched the flaw.
And here's some examples -
where even premium enterprise protection wasn't enough:
Zero-Day Examples
Below are just a few known vulnerabilities that were discovered over the past couple of years:
Kaseya Attack
On Friday, July 2, REvil ransomware operators managed to compromise Kaseya VSA software, used to monitor and manage Kaseya customer’s infrastructure. REvil ransomware operators used zero-day vulnerabilities to deliver a malicious update, compromising fewer than 60 Kaseya customers and 1,500 downstream companies, according to Kaseya’s public statement.
Read On>
SonicWall VPN Vulnerability
On Feb. 4, 2021, SonicWall’s Product Security Incident Response Team (PSIRT) announced a new zero-day vulnerability, CVE-2021-20016, that affects its SMA (Secure Mobile Access) devices. Within the documentation, SonicWall stated this new vulnerability affects the SMA 100 series product, and updates are required for versions running 10.x firmware. SonicWall did not state if or how this newest exploit affects any older SRA VPN devices still in production environments.
Read more>
MSRPC Printer Spooler Relay (CVE-2021-1678)
On Patch Tuesday, January 12, 2021,
Microsoft released a patch for CVE-2021-1678, an important vulnerability discovered by CrowdStrike® researchers. This vulnerability allows an attacker to relay NTLM authentication sessions to an attacked machine, and use a printer spooler MSRPC interface to remotely execute code on the attacked machine.
Zerologon
On August 11, 2020 Microsoft released a security update including a patch for a critical vulnerability in the NETLOGON protocol (CVE-2020-1472) discovered by Secura researchers. Since no initial technical details were published, the CVE in the security update failed to receive much attention, even though it received a maximum CVSS score of 10.
This vulnerability allows an unauthenticated attacker with network access to a domain controller, to establish a vulnerable Netlogon session and eventually gain domain administrator privileges. The vulnerability is especially severe since the only requirement for a successful exploit is the ability to establish a connection with a domain controller.
Read our Zerologon Technical Analysis
NTLM Vulnerability
On June 2019 Patch Tuesday, Microsoft released patches for CVE-2019-1040 and CVE-2019-1019, two vulnerabilities discovered by Preempt (now CrowdStrike) researchers. The critical vulnerabilities consist of three logical flaws in NTLM (Microsoft’s proprietary authentication protocol). Preempt researchers were able to bypass all major NTLM protection mechanisms.
These vulnerabilities allow attackers to remotely execute malicious code on any Windows machine or authenticate to any HTTP server that supports Windows Integrated Authentication (WIA) such as Exchange or ADFS. All Windows versions which did not apply this patch are vulnerable.
Learn more about how this vulnerability was discovered
Stuxnet
One of the most well-known zero-day attacks is
Stuxnet, the worm believed to be responsible for causing considerable damage to Iran’s nuclear program. This worm exploited four different zero-day vulnerabilities in the Microsoft Windows operating system.
