Week 10: Zero Day Attacks

 Zero-day vulnerabilities are security flaws that are discovered by hackers before developers even know they exist. This leads us to how it got its name, zero-day attack, where they have literally zero time to fix them before an attack happens, since they do not know about the bug. These vulnerabilities are extremely valuable to hackers because they can be exploited silently for long periods of time, whether that is weeks, months, even years, it takes a long time for people to notice these types of attacks. Even fully updated systems can fall for these types of attacks if the flaw hasn't been discovered. I found this topic interesting because it goes to show that not every system is truly secure. This highlights the fact that investing in cybersecurity is a must in our industry today.

Source:

Ibm. “What Is a Zero-Day Exploit?” IBM, 19 May 2025, www.ibm.com/think/topics/zero-day.

Comments

Post a Comment

Popular posts from this blog

Week 1: Enhancing Security with Multi-Factor Authentication (MFA)

 Multi-Factor Authentication which is also known as MFA, is a security process that requires users to verify their identity using two or more factors. As explained by the article I read this week, OneLogin explains factors as something they know such as a password, something they have which could be a smartphone. It can also be a security token or something they are, which can be a person's face or fingerprint. The way Multi-Factor Authentication works is in layers, and since it works in such a layered approach, it makes it significantly harder for attackers to gain unauthorized access. Even if one factor is compromised by attackers, as long as the other ones hold up attackers will not have access. As cybersecurity threats continue to grow, MFA stands in front of it as a simple yet powerful counter to enhance digital protection. It is best for all if not most companies to adopt Multi-Factor Authentication, as not only is it simple to implement, but it will help companies and busine...
Read more

Week 2: Defending Against Phishing Attacks

 Phishing attacks to this day remain as a great threat in the cybersecurity world, it often exploits human vulnerabilities in order to gain unauthorized access to sensitive data. The article I read today, NCSC, outlines a comprehensive, multi layered defensive strategy that companies and corporations can implement to reduce such risks The approach discussed includes implementing anti-spoofing controls in order to prevent attackers from impersonating legitimate email addresses. While also educating users to recognize and report any suspicious email they may come across. The NCSC also recommends deploying technical measures such as filtering or blocking incoming phishing attempts. Ensuring that everyone is made aware of the necessity for incident response planning, making all the individuals in the company capable of acting quickly if any breaches are likely to occur. If the layers were to be enforced within an organization, then they would be capable of significantly enhancing their...
Read more

Week 6: How Cloud Security Keeps Our Stuff Safe

 We see, as we browse online, how everything companies and individuals do involves the cloud. That is from saving photos to running entire businesses on the cloud. The question is, how safe is the cloud really? We see many people using it, are they right to trust their apps and businesses to cloud security? To answer this question, I read an article by CrowdStrike, which talks about how cloud security is all about protecting data, apps, and servers that live on the internet instead of on your local computer. Cloud providers have strong protections that were made for users, but security will always be a shared job between the provider and the user. Leaving storage open to the public and weak access controls are something that comes from the user, and the provider cannot do much if that's how attackers access the Cloud. However, tools like encryption, multi-factor authentication, and constant monitoring all work together in order to ensure that cloud environments are secure. It goes ...
Read more