Ep 26 Zero Days

26 Zero Days

Hello and welcome to USB our Guest, Cyber Security Tips.

Today's episode covers Zero Days. What are they, why you should know about them and what you should do when you hear about them. FireEye has a great article on the ZeroDays that I will include in the show notes.

Recent Windows Zero day - https://www.darkreading.com/vulnerabilities---threats/microsoft-fixes-windows-zero-day-in-patch-tuesday-rollout/d/d-id/1340114

FireEye definition - https://www.fireeye.com/current-threats/what-is-a-zero-day-exploit.html

What is a Zero Day? From the FireEye Website, a ZeroDay vulnerability is a flaw. An unknown exploit in the wild that exposes a vulnerability in software or hardware that can cause problems before anyone even knows something is wrong.

Here is a Zero Day Timeline. 1st a company creates the software that contains the vulnerability and they don't know it yet. The software could be a game, a browser or an audio recorder but it could be anything.

2nd The vulnerability is found by a researcher who reports it, an employee who patches it or a threat actor/bad guy who writes code that exploits it before anyone else has the chance to fix it.

If the threat actor finds the exploit first, it is called a ZeroDay. A ZeroDay attack happens when the vulnerability is exploited and released before a developer has a chance to create a fix also called a patch.

What you should do when you hear about a Zero Day? Update your system or software as soon as a patch is released. Large organizations may wait a period of time but for your consumer machine, update as soon as possible.

For instance, If you haven't seen it yet, there was a Recent Windows Zero day found. There is a link in the show notes. If you haven't updated windows recently or don't know if Windows has updated, Pause me, and check. Windows makes it simple to check now. Press the windows key, type 'update', press enter or click on 'Check for updates'.

Making the case for updates, again. In case you missed it, I did a whole episode on this. Just scroll up or down to episode 22 - Software Updates.

That's all for this episode. If you have a topic you'd like me to cover drop a line at https://anchor.fm/usbog or email me at usbourguest@gmail.com . If I helped you at all please consider supporting the podcast by telling your friends and family. Or, Follow, Rate and review the show on whatever platform you use to listen. Thank you for listening and have a great day.