REDLEGG BLOG

SECURITY BLOG: ZERO-DAY VULNERABILITIES

10/31/22 11:54 AM  |  by RedLegg Blog

ABOUT

In recognition of Cyber Security Awareness Month, RedLegg’s 96 Bravo team will be providing security focused content for the Information Security community, in hopes of proactively fostering a security conscious mindset. In this week’s diary, we’ll highlight the importance of understanding Zero-Day Vulnerabilities.

ZERO-DAY VULNERABILITIES
Understanding Zero-Day Vulnerabilities

Ant from THEM

Vulnerabilities are defects found in hardware and software components, often referred to as “bugs”. As a consequence, vulnerabilities are frequently leveraged by threat actors and used as attack vectors to compromise systems. In an effort to counteract this class of threats, security researchers monitor and investigate vulnerabilities to produce reporting, mitigation, and fixes for these computational flaws.

In a perfect world, vulnerabilities are reported promptly and ethically, allowing vendors a reasonable timeframe to develop and release patching. The reality is vulnerabilities are practically inherent. Moreover, there is a distinct classification of vulnerabilities that are obscure to the general public, known as zero-day vulnerabilities. These vulnerabilities are disclosed to the public before security engineers have a patch developed. This gives the developers zero days to respond to the security flaw and allows attackers to exploit it at will.

 

Zero-Day Attacks

WAR OF THE WORLDS
 
Stuxnet Worm: The Stuxnet zero-day attack is regarded as one of the most compelling malware attacks carried out to date. The Stuxnet malware successfully exploited four separate zero-day vulnerabilities, coupled with multiple network infection routines, and a sophisticated Windows rootkit.

Log4J: Log4J is a more recent zero-day vulnerability that impacted Apache’s Log4J software library, specifically “Log4Shell”. Log4J is a critical remote code execution (RCE) vulnerability, commonly used in many applications, organizations, and technical products. The broad use of this software component facilitated a considerably more widespread attack. 


Defense

the thing from another world
 
Defending Against Zero-Day Vulnerabilities:
Security Monitoring – this is centered around the collection and analysis of potential security threats using automated processes and tools such as a SIEM.
  • Proactively defending against zero-day vulnerabilities begins with the collection of pertinent application logs and telemetry data via SIEM consumption.
  • Proper log analysis will adopt an agile characteristic by leveraging tabulated log management with effective triaging skills.
Vulnerability Management & Threat Intelligence – the primary objective is to enhance the visibility of the threat landscape by managing asset inventory and monitoring for trending attack patterns.
  • Enhanced visibility entails progressive reporting, management, and clarity on the systems/programs that are in operation and permitted across the network.
  • A robust approach will also include threat intelligence to aid in quickly responding to vulnerabilities and prioritizing incoming risks.
 

Open-Sourced Resources

lawnmower man
 

As Security Awareness Month draws to an end, consider ways you can #seeyourselfincyber! Listed below are open-sourced resources for the latest updates on vulnerabilities:

  • The NVD is a comprehensive publicly available database of reported known vulnerabilities.

  • o The Cybersecurity & Infrastructure Security Agency (CISA) publishes vulnerabilities that are actively being exploited in real-time.
RedLegg also shares security focused blog posts centered around emerging threats and vulnerabilities.

 

Get Blog Updates

Related Articles

Emergency Vulnerability Bulletin - 11/30/22 threat intel, 96bravo

Emergency Vulnerability Bulletin - 11/30/22

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Emergency Vulnerability Bulletin - 11/29/22 threat intel, 96bravo

Emergency Vulnerability Bulletin - 11/29/22

Oracle Fusion Middleware Unspecified Vulnerability Identifier: CVE-2022-35587 Exploit or POC: Yes (Actively Being ...
Critical Security Vulnerabilities Bulletin