Information security space observers may have encountered a phrase born out of both frustration and levity in 2023: “Hot Zero Day Summer.” While nearly two months remain as of this writing for Summer 2023, anecdotal evidence suggests that adversaries increasingly leverage vulnerabilities in external-facing applications and appliances to drive intrusions. Certainly, other Read more…
While the end of 2020 was dominated by Nobelium’s supply chain intrusions, 2021 closes with continued worry and response over vulnerabilities in the widely-deployed Log4j library. Starting in earnest on 10 December 2021 with public disclosure of CVE-2021-44228, information security practitioners and security program managers have subsequently dealt with a Read more…
“Zero days” are popular items in cyber security discussions. They grab headlines, they often feature in high-profile conference presentations, they can even apparently spawn television shows. Yet for all the attention and frequent discussion in non-technical audiences, the term itself seems a bit slippery. Terms like “zero day attack” are Read more…