are security vulnerabilities found in systems and software that have not yet been patched. This means developers don't know it exists, giving attackers the opportunity to exploit it before an update is released to plug it
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Zero-day Vulnerabilities
1. Zero-day vulnerabilities
KIRKUK UNIVERSITY COLLEGE OF COMPUTER
SCIENCE & INFORMATION TECHNOLOGY
PERPETRATE
BY: ALI H. AHMED
SUPERVISOR
DR. AHMED CHALAK SHAKIR
26 MARCH 2024
2. Outline
What is a Zero-day Vulnerabilities
Reasons for the appearance of zero-day vulnerabilities.
Impacts of zero-day exploits on cybersecurity
Life cycle of a zero day
Practical examples of attacks that took advantage of zero-day vulnerabilities
Recognition and prevention techniques
Conclusion
References
2
3. What is a Zero-day Vulnerabilities?
3
• are security vulnerabilities found in systems and software that
have not yet been patched. This means developers don't know it
exists, giving attackers the opportunity to exploit it before an
update is released to plug it.
• Zero-day means "zero day", meaning that there are "zero" days
between the discovery of the vulnerability and its exploitation.
• Developers do not have any information about this vulnerability,
which makes it difficult for users to protect themselves from
attacks that exploit it.
4. Reasons for the appearance of zero-day vulnerabilities.
4
zero-day
vulnerabilities
Errors in design or programming
The vulnerability was not discovered by the developers
Exploitation of the vulnerability by hackers
Not updating software
Software complexity
5. Impacts of zero-day exploits on cybersecurity
5
zero-day
Data theft
Disable systems
Access to sensitive infrastructure
Undermining trust in digital systems
High costs
6. Life cycle of a zero day
6
Discovery
Weaponization
Exploitation
Disclosure
Patching
User Update
Decline
7. Practical examples of attacks that took advantage
of zero-day vulnerabilities
7
T Attack Target attack The attack exploited a vulnerability
1 Stuxnet Iranian nuclear facilities in 2010 In Windows to access facility control systems
2 Heartbleed OpenSSL servers in 2014 The attack allowed attackers to steal sensitive
data from affected servers
3 WannaCry Windows PCs in 2017 In Windows to spread ransomware
4 SolarWinds Software vendors in 2020 In Orion infrastructure management software
to provide attackers with access to customer
networks.
5 Log4j Many companies and governments in 2021 In the Log4j scripting library to provide
remote access to attackers
8. Recognition and prevention techniques
8
Recognition
•Penetration
testing
•Gap
analysis
•Network
monitoring
•Malware
analysis
tools
prevention
•Use anti-virus
and anti-
malware
software
•Be careful
when using
the Internet
•Update
software
regularly
•Educate users
about the dangers
of Zero-day
vulnerabilities
•Develop an
incident
response plan
9. Conclusion
A good understanding of Zero-Day Vulnerabilities is vital to data security.
Let us encourage more research and awareness in this area.
Together, we can build a safer and more reliable digital environment.
9