Zero-Day Vulnerabilities

最新推荐文章于 2023-12-08 08:39:19 发布
最新推荐文章于 2023-12-08 08:39:19 发布
阅读量566 收藏 1
点赞数 1
原文链接:http://www.cnblogs.com/softwindzy/archive/2013/04/15/3021685.html
版权

中文译为:零日漏洞攻击

Background

Zero-day vulnerabilities are vulnerabilities against which no vendor has released a patch. The absence of a patch for a zero-day vulnerability presents a threat to organizations and consumers alike, because in many cases these threats can evade purely signature-based detection until a patch is released. The unexpected nature of zero-day threats is a serious concern, especially because they may be used in targeted attacks and in the propagation of malicious code.

Methodology

Zero-day vulnerabilities are a sub-set of the total number of vulnerabilities documented over the reporting period. A zero-day vulnerability is one that appears to have been exploited in the wild prior to being publicly known. It may not have been known to the affected vendor prior to exploitation and, at the time of the exploit activity, the vendor had not released a patch. The data for this section consists of the vulnerabilities that Symantec has identified that meet the above criteria.

Figure D.4: Volume of Zero-day vulnerabilities 2006 – 2011. Source: Symantec

 

Figure D.5: Zero-day Vulnerabilities Identified in 2011. Source: Symantec

Commentary
2011 produced the lowest number of zero-day vulnerabilities in the past 6 years. There was a 43% drop in vulnerabilities seen in 2011 compared with 2010. However the number of vulnerabilities seen in 2010 was somewhat inflated due to W32.Stuxnet, which itself contributed to four 11 of the zero-day vulnerabilities seen in that year.

There was only one zero-day browser vulnerability seen in 2011, a drop of 3 from 2010. This corresponds with the overall drop in browser vulnerabilities seen in 2010. While browser vulnerabilities continue to be attractive for attackers, increased security built into browsers have made it more difficult for attackers to create reliable exploits. Examples of these security features are Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP)12 .

While the overall number of zero-day vulnerabilities is down, attacks using these vulnerabilities continue to be successful. The majority of these vulnerabilities are leveraged in targeted attacks. Adobe Flash and Reader vulnerabilities are widely used in targeted attacks and account for 50% of the zero-day vulnerabilities seen in 2011.

Link:zero-day vulnerabilities

转载于:https://www.cnblogs.com/softwindzy/archive/2013/04/15/3021685.html

weixin_34192993
关注
安全基础:0-day漏洞
知行合一 止于至善
06-09 5801
这篇文章以阿里巴巴的FastJSon来介绍一下Zero-day(0-day)漏洞的基础常识。
New IE Zero-Day Vulnerability (CVE 2010-3962)
瞎几把学
12-11 691
http://blog.bkis.com/en/new-ie-zero-day-vulnerability-cve-2010-3962/
【网络安全】零日漏洞(0day)是什么?如何防范零日攻击?
最新发布
par@ish的博客
12-08 9597
零日攻击是利用零日漏洞(0day)对系统或软件应用发动的网络攻击,近年来,零日攻击威胁在日益增长且难以防范,零日攻击已成为企业网络信息安全面临的最严峻的威胁之一。
Ethical.Hacking.2021.10:FUZZING FOR ZERO-DAY VULNERABILITIES
lm19770429的专栏
12-14 347
This type of attack is called a buffer over-read, as we can read beyond the bounds of the designated memory buffer. Similarly, in a buffer overflow attack, a hacker uses a bug to write beyond the bounds of a designated buffer. Hackers often use buffer o...
pvs-stdio ue4_PVS-Studio静态分析仪作为防止零日漏洞的工具
cullen2012的博客
09-07 374
pvs-stdio ue4 A Zero-day (0-day) vulnerability is a computer-software vulnerability introduced during the development process and not yet discovered by the developers. Zero-day vulnerabilities can be...
藏经阁-Zero-Days-Thousands-Of-Nights-The-Life-And-Times-Of-Zero-Day
08-26
一、Zero-Day Vulnerabilities(零日漏洞) * 定义:零日漏洞是指尚未公开或未被修复的软件漏洞。 * 特点:零日漏洞具有很高的攻击价值,因为它们尚未被公开或修复,攻击者可以利用这些漏洞来攻击目标系统。 * 生命...
Ablon-Zero-Days-Thousands-Of-Nights-The-Life-And-Times
08-21
Lillian Ablon的研究揭示了零日漏洞(Zero-Day Vulnerabilities)及其利用的罕见深度洞察,这些漏洞在公众领域鲜有研究,因此关于它们的存在状态、生命周期以及独立发现与披露的碰撞率等问题一直困扰着决策者。...
Ablon-Zero-Days-Thousands-Of-Nights-The-Life-And-Times-Of-Zero-D
10-25
Ablon-Zero-Days-Thousands-Of-Nights-The-Life-And-Times-Of-Zero-Day-Vulnerabilities-And-Their-Exploits
Improving the Routing Security in Software-Defined Networks
02-08
In this letter, we model the dynamic instance switching problem based on the fact that some routing instances could have common vulnerabilities. We propose the correlation-aware dynamic instance ...
2016年iOS公开可利用漏洞总结_EN1
08-08
3. Trident Exploit Chain: The infamous Trident exploit chain, disclosed by the NSO Group, consisted of three zero-day vulnerabilities: a kernel memory corruption issue (CVE-2016-4657), a WebKit ...
ProFuzzer: On-the-fly Input Type Probing for Better Zero-day Vulnerability Discovery
zhang14916的博客
04-27 1005
目录 摘要 介绍 动机 总览 设计与实施 类型探测 探测 类型指导突变 摘要 现有的基于变异的模糊器倾向于在不了解其底层语法和语义的情况下随机变异程序的输入。在本文中,我们提出了一种新颖的即时探测技术(称为ProFuzzer),该技术可自动恢复并了解在模糊过程中对漏洞发现至关重要的输入字段,并智能地调整突变策略以增加击中零日目标的机会。由于这种探测透明地背负于常规的模糊测试,因...
什么是Zero-day Exploit?
weixin_33887443的博客
05-24 209
什么是零日***?什么是Zero-day Exploit?下面是定义: A zero-day exploit is one that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known. 当然了,不...
4个开源 TCP/IP 栈被曝33个漏洞,数百万智能和工业设备受影响
smellycat000的专栏
12-09 404
聚焦源代码安全,网罗国内外最新资讯!编译:奇安信代码卫士团队Forescout 公司的安全研究员披露了150多个厂商产品固件中当前所使用的四个开源 TCP/IP 库中的33个安全缺陷,...
信息安全工程师笔记-网络安全漏洞防护技术原理与应用
IT1995的博客
09-14 497
网络安全漏洞概念 根据漏洞的补丁情况,漏洞分为: ①普通漏洞:相关漏洞信息已经广泛公开,安全厂商已经有了解决修补方案; ②零日漏洞(zero-day vulnerability):指系统或软件中新发现的、尚未提供补丁的漏洞。零日漏洞常被用来实施定向攻击。 网络信息系统漏洞的来源: ①非技术性安全漏洞:涉及管理组织结构、管理制度、管理流程、人员管理; ②技术性安全漏洞:涉及网络结构、通信协议、设备、软件产品、系统配置、应用系统。 网络安全漏洞扫描 网络安全漏洞扫描是一种用于检测系统中漏
不祥的2016年网络安全统计表明需要保持警惕
culin0274的博客
08-12 290
Security firm, Symantec’s 2016 Internet Security Threat Report has revealed some startlingly ominous statistics about the increased threat faced by businesses with websites and online applications. Al...
刚刚公布的 Log4J 的史诗级安全漏洞 CVE-2021-44228 你处理了吗?
weixin_45987961的博客
12-15 5346
发生什么事了 Log4J 是一个应用非常广泛的Java库,就在前两天的2021年12月10日,Log4J的一个安全漏洞被公布了。那天正好是周五,很多程序员都在计划着怎么度过一个愉快的周末,不料这个安全漏洞的公开,使得全世界很多程序员不得不周末加班,有的甚至通宵达旦紧急应对。 漏洞编号为CVE-2021-44228 ,攻击者利用这个新的零日漏洞,可以远程执行恶意代码。 零日漏洞( zero-day )通常是指还没有补丁的安全漏洞。零日漏洞利用(zero-day exploit)的程序对网络安全具有..
Web Application Vulnerablities
weixin_34292959的博客
12-31 144
1、 File inclusion berfoe start this caption i make a conclusion for install third-part as follow I not include the sequence decoder and Comparer tabls in this blogs ,because i think their u...
微软 Office 中的零日漏洞: “ Follina”将在宏被禁用时工作
qzt961003的博客
05-31 315
信息安全网的研究人员在微软无处不在的 Office 软件中发现了一个零日代码执行漏洞。
《0day安全:软件漏洞分析技术》学习笔记·1(需要补充节部分)
黑夜黎明
06-13 537
基础知识 漏洞概述   通常把这类能够引起软件做一些“超出设计范围的事情”的bug称为漏洞(vulnerability)。   功能性逻辑缺陷(bug):影响软件的正常功能,例如,执行结果错误,图标显示错误   安全性逻辑缺陷(漏洞):通常情况下不影响软件的正常功能,但被攻击者成功利用后,有可能引起软件去执行额外的恶意代码,常见的漏洞包括软件中的缓冲区溢出漏洞、网络中的跨站脚本漏洞(XSS)、SQ...
零日漏洞下的网络弹性:流行病学视角与系统动力学建模
本文的标题“一种针对零日漏洞的高级网络弹性的系统动力学,流行病学方法”揭示了研究的核心议题,即利用系统动力学(System Dynamics)和流行病学模型来提升网络对抗零日漏洞(Zero-day Vulnerabilities)的能力。...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值