Security News > 2022 > March > The not so scary truth about zero-day exploits
We don't know what we don't know; this is the quintessential problem plaguing security teams and the primary reason that zero-day exploits can cause such damage.
With the element of surprise on an attacker's side, it can feel like security teams are at a total loss when it comes to these types of threats, but that doesn't mean there aren't steps that can be taken to prepare for such an attack.
The truth is that these attacks aren't much different than more well-known tactics and shouldn't require special treatment - so long as the right security fundamentals are in place.
Essential security practices and tools such as an emergency response plan, inventory of systems and software, constant scanning and monitoring, segmentation and tabletop exercises are all key elements a security team should already be implementing.
Organizations need to shift from a prevention mindset to a resilience philosophy, because at the end of the day it is impossible to stop every attack from happening, especially when it comes to zero-days.
Attackers already have the upper hand in a zero-day attack, that's why strong incident response procedures can help teams utilize resources effectively and efficiently to minimize damage.
News URL
https://www.helpnetsecurity.com/2022/03/22/zero-day-exploits/
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)