Cybersecurity Glossary

Zero-day defence, also known as zero-day protection or zero-day mitigation, refers to the measures and strategies employed to defend against zero-day vulnerabilities and associated attacks. Zero-day vulnerabilities are security flaws in software or systems that are unknown to the vendor or developer and do not have an available patch or fix. Zero-day attacks take advantage of these vulnerabilities before they are discovered or patched, making them particularly dangerous. To defend against zero-day attacks, organisations can implement various strategies, including network and host-based intrusion detection systems, behaviour-based analysis, threat intelligence feeds, sandboxing, and vulnerability management practices. Timely security updates, threat monitoring, and proactive security measures are essential in mitigating the risks posed by zero-day vulnerabilities.

A zero-day exploit refers to the exploitation of a previously unknown vulnerability in software or systems. Zero-day exploits are called "zero-day" because developers or vendors have zero days to fix or patch the vulnerability before it is exploited. Attackers discover and exploit these vulnerabilities before the affected organisation or software developer becomes aware of them. Zero-day exploits can cause significant damage, enabling unauthorised access, data breaches, or the installation of malware. Protecting against zero-day exploits requires a multi-layered security approach, including regular software updates, network monitoring, intrusion detection systems, and behaviour-based analysis to detect and block suspicious activities or exploit attempts.

A zero-day patch refers to a security update or patch released by a software vendor or developer to fix a previously unknown vulnerability that is being actively exploited or has the potential to be exploited. Zero-day patches are developed and released under emergency circumstances to provide a swift resolution to zero-day vulnerabilities. Organisations and users are advised to apply zero-day patches as soon as they become available to mitigate the risk of exploitation. Promptly applying patches can help close the security gap and protect systems and data from the potential harm caused by zero-day vulnerabilities and associated attacks.

A zero-day vulnerability, also known as a zero-day exploit or zero-day flaw, is a software vulnerability or security weakness that is unknown to the software vendor or developer. It refers to a security flaw for which there is no available patch or fix. Zero-day vulnerabilities are highly valuable to attackers because they are not yet known by the affected organisation or software developer, giving them a significant advantage in launching targeted attacks. These vulnerabilities can be exploited to gain unauthorised access, execute malicious code, or perform other nefarious activities. Detecting and mitigating zero-day vulnerabilities require proactive security practices, such as vulnerability research, threat intelligence, penetration testing, and close collaboration between security researchers, vendors, and affected organisations.

In the context of cybersecurity, a zombie refers to a compromised computer or device that is under the control of a remote attacker, typically as part of a botnet. Zombies, also known as bots, are often infected with malware, such as a Trojan horse or a botnet agent, that allows the attacker to remotely control and manipulate the compromised system. Attackers use zombie computers to launch coordinated attacks, distribute spam emails, perform distributed denial-of-service (DDoS) attacks, or engage in other malicious activities without the owner's knowledge. Preventing and mitigating zombie infections require robust security measures, including regular software updates, antivirus software, and network intrusion detection and prevention systems.

Zombie malware, also known as bot malware, is a type of malicious software (malware) that infects computers or devices and turns them into zombies or bots under the control of a remote attacker. Zombie malware is typically designed to establish a botnet, which is a network of compromised devices, to carry out coordinated attacks or other malicious activities. Once infected, the compromised devices can be used to distribute spam, launch DDoS attacks, steal sensitive information, or participate in other nefarious activities. Protecting against zombie malware requires up-to-date antivirus software, regular security patching, and user awareness about safe computing practices.

A zombie network, also known as a botnet, is a collection of compromised computers or devices that are under the control of a remote attacker. These compromised devices, often referred to as zombies or bots, are typically infected with malware that allows the attacker to control them remotely. The attacker can use the zombie network to carry out various malicious activities, such as launching DDoS attacks, spreading spam emails, distributing malware, or stealing sensitive information. Zombie networks can be vast and include thousands or even millions of compromised devices. Detecting and mitigating zombie networks require collaboration between security researchers, internet service providers (ISPs), and law enforcement agencies to identify and neutralize the command-and-control infrastructure used by attackers.