With cybercrime hitting more than 500 million victims globally and costing $100 billion annually, it's clear that security breaches are a problem very far from being solved. One particularly dangerous threat that doesn't seem to be getting its fair share of attention is zero-day attacks.
True, zero-days are just one part of the overall threat landscape. However, virtually everyone is at risk from a zero-day attack. And the threat from zero-day vulnerabilities occurs long before vendor or public discovery, and remains active long after patches are released.
[ Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to stop them in "Fight Today's Malware," InfoWorld's Shop Talk video. | Keep up with key security issues with InfoWorld's Security Adviser blog and Security Central newsletter. ]
Kasper Lindgaard, head of research at Secunia, explains that "a zero-day vulnerability is a vulnerability that has only been discovered by hackers. The vendor does not yet know of the vulnerability and therefore has not developed a patch for it. In contrast, a general vulnerability is disclosed by the vendor who typically has a patch ready.''