Most Zero-day vulnerabilities are only discovered after ... 1 year
The average life of a zero-day hole is 348 days before it is discovered or patched. Many holes are even more "alive", said security director Immunity.
Zero-day vulnerability is a term to refer to unpublished or unresolved vulnerabilities. Taking advantage of these vulnerabilities, hackers and cyber criminals can gain access to corporate and corporate computer systems to steal or change data.
As a result, there was a black market trading, buying and selling Zero-day holes which were very crowded and bustling on the Internet.
" Cybercriminals are willing to pay huge amounts of money to buy zero-day vulnerabilities ," Justine Aitel told the audience of the ongoing SyScan'07 Security Workshop in Singapore.
Nobody is absolutely safe!
Source: Techshout Immunity specializes in acquiring zero-day vulnerabilities, then carefully saving and tracking how long it will take for those vulnerabilities to be found or patched.
The average life expectancy of a zero-day hole is 348 days, although there are also holes that exist only for 99 days, it has been pulled into light. In the meantime, setting a record for "Seniors" is a flaw that existed for 1080 days, equivalent to nearly 3 years without being detected.
" Zero-day vulnerabilities" die "when they are widely publicized and closed, " explains Austin.
To protect important business data, the security team must regularly dig, check, and scan zero-day vulnerabilities within the system. "This is a very important task, but it is ignored by almost all companies."
If the internal IT force is incompetent, businesses should not hesitate to invite professional security firms. " Remember that anything has a gap. It is never absolutely safe, " Ms. Austin said.
Trong Cam
- Microsoft summed up the year with 11 vulnerabilities
- Two new vulnerabilities were discovered in Firefox
- The vulnerabilities of Apple, Microsoft, OpenOffice
- Trend of security vulnerabilities outstanding in 2006
- 2006: the year of security flaw
- Windows continues to be attacked
- 10 hacker attacks left the most serious consequences in 2015
- SSL security layer - new phishing tricks
- Appeared source code to attack Microsoft products
- Adobe harms users when announcing dangerous vulnerabilities?
- Firefox 'patch', IE again
- 5 common errors in managing security vulnerabilities