It sure seems like 0-Days are now an every day occurrence. Headlines containing, 'breach,' 'attack,' 'hack,' 'vulnerability,' 'passwords,' 'compromised,' and 'you' are commonplace in the media these days. Typically a 0-day is described as a threat or an attack on a (previously) unknown vulnerability - this is day zero of enlightenment. Often, the developer themselves are not even aware of the vulnerability. 0-days can command multiple zeros after the dollar sign since malicious folks can exploit it immediately. From plug-ins to extensions to browsers to web apps to SCADA systems, 0-days used to be an every-so-often occurrence yet now, it's almost a once a day adventure. I propose that we re-define '0-day' to mean when zero vulnerabilities found and exploited or no breaches occur that day. 0-days would instantly become a rare happening. I should have titled this blog, Eliminate 0-Day Attacks! ...with a Simple Definition Adjustment. Now that would be a headline.
March Madness, the NCAA Men's Division 1 Basketball Championship, is also a ripe time for attacks. As the tournament heats up so do phishing attacks, 0day exploits and malware madness. From fake wagering sites to score tickers to simple bracket apps, internet scams are all over. Be on high alert for web sites and emails asking you to enter your predictions, download brackets or any activity that involves clicking a suspicious link and entering info. Be especially wary of those that ask for your social media credentials to 'share' your predictions.
While 0-days can ruin any day, be especially cautious during these times of the year when internet traffic surges and websites are fighting for your attention - the holidays are another example. The web app might be the target but you may become the victim. F5 certainly has solutions that can help organizations protect their critical infrastructures, systems, web apps and visitors. And with the agility of iRules, organizations can defend against 0-days in a matter of minutes. Stay secure and smile all the way through the madness.
ps
Related:
- What 420,000 insecure devices reveal about Web security
- March Madness Means More Malware
- Data breaches in higher education
- eEye Zero-Day Tracker
- New Java 0-Day Attack Echoes Bit9 Breach
- SCMag Threat of the month: Java zero-day
- Digital universe riddled with holes
- APT Dot Gov: Protecting Federal Systems from Advanced Threats | SANS White Paper
- F5 Application Delivery Firewall
- F5 Friday: Zero-Day Apache Exploit? Zero-Problem
Connect with Peter: | Connect with F5: |
No comments:
Post a Comment