Recent zero-day attacks
Several attackers have been observed targeting their victims via zero-day attacks.
A few days ago, some hackers had reset passwords for admin accounts on WordPress sites via abusing a zero-day vulnerability in Easy WP SMTP 1.4.2.
Additionally, the Pegasus spyware was used to exploit a zero-day in the iMessage feature of iPhones.
Zero-day for access-as-a-service
Cybercriminals have been observed selling Zero-day vulnerabilities on the dark web for money, which is then used as an access-as-a-service, for deploying ransomware, malware, or for creating a botnet network.
Recent zero-day vulnerabilities
In the past two months, several well-known software and hardware vendor products have been found impacted by zero-day vulnerabilities. Most of these products belonged to Microsoft, WordPress, Apple, Hewlett Packard Enterprise, and D-Link.
Conclusion
Zero-day attacks usually abuse publicly unknown vulnerabilities, making it harder for organizations to detect them. Thus, experts suggest deploying a reliable web application firewall, always updating and patching software, using only essential applications, and having a multi-layered security architecture to protect their enterprise environment.
Support the originator by clicking the read the rest link below.