Akshaya, S., & G, P. (2019). A study on Zero-Day attacks. Social Science Research Network. https://doi.org/10.2139/ssrn.3358233
Samuel, D. (2023). Zero-day Vulnerabilities: An In-depth analysis. ResearchGate. https://doi.org/10.13140/RG.2.2.12775.01445
Walshe, T., & Simpson, A. (2020). An Empirical Study of Bug Bounty Programs. 2020 IEEE 2nd International Workshop on Intelligent Bug Fixing (IBF). https://doi.org/10.1109/ibf50092.2020.9034828
Akgul, O., Eghtesad, T., Elazari, A., Gnawali, O., Grossklags, J., Votipka, D., & Laszka, A. (2020). The hackers’ viewpoint: Exploring challenges and benefits of bug-bounty programs. In Proceedings of the 2020 Workshop on Security Information Workers (WSIW) (Vol. 20).
Sivagnanam, A., Atefi, S., Ayman, A., Grossklags, J., & Laszka, A. (2021). On the Benefits of Bug Bounty Programs: A Study of Chromium Vulnerabilities. https://www.semanticscholar.org/paper/On-the-Bene%EF%AC%81ts-of-Bug-Bounty-Programs%3A-A-Study-of-Sivagnanam-Atefi/cd5260de3e18acc98f4291ffe0128f38c70b027a
Maulani, I. E., & Anggraeni, R. (2023). Bug Bounty Hunting: A case study of successful vulnerability discovery and disclosure. Devotion, 4(8), 1735–1740. https://doi.org/10.59188/devotion.v4i6.486
Zaib, R., & Zhou, K.-Q. (2022). Zero-Day Vulnerabilities: Unveiling the Threat Landscape in Network Security. Mesopotamian Journal of Cybersecurity, 57–64. https://doi.org/10.58496/mjcs/2022/007
Mahajan, J. S. (2023). Identification of Zero-Day exploits. ScholarWorks. http://hdl.handle.net/20.500.12680/xw42ng79r
Deshpande, A., Patil, I., Bhave, J., Giri, A., Sable, N. P., & Chavan, G. T. (2023). Detection and Notification of Zero-Day attack to Prevent Cybercrime. 2023 4th International Conference for Emerging Technology (INCET). https://doi.org/10.1109/incet57972.2023.10170141
Williams, T. L. (2021). Cybersecurity: Zero-Day Vulnerabilities and Attack Vectors (Order No. 28315877). Available from ProQuest Dissertations & Theses Global. (2508000298). http://eserv.uum.edu.my/dissertations-theses/cybersecurity-zero-day-vulnerabilities-attack/docview/2508000298/se-2
Singh, U. K., Joshi, C., & Kanellopoulos, D. (2019). A framework for zero-day vulnerabilities detection and prioritization. Journal of Information Security and Applications, 46, 164–172. https://doi.org/10.1016/j.jisa.2019.03.011
Roumani, Y. (2021). Patching zero-day vulnerabilities: an empirical analysis. Journal of Cybersecurity, 7(1). https://doi.org/10.1093/cybsec/tyab023
Radhakrishnan, K., Menon, R. R., & Nath, H. V. (2019). A survey of zero-day malware attacks and its detection methodology. TENCON 2019 - 2019 IEEE Region 10 Conference. https://doi.org/10.1109/tencon.2019.8929620
Bompos, K. (2020). Development time of Zero-Day cyber exploits in support of offensive cyber operations. https://apps.dtic.mil/sti/pdfs/AD1126359.pdf
Kukutla, T. R. (2023). Exploring the depths of Zero-Day vulnerabilities. ResearchGate. https://www.researchgate.net/publication/376271277_Exploring_the_Depths_of_Zero-Day_Vulnerabilities
Teodorescu, C. A. (2022). Perspectives and reviews in the development and evolution of the Zero-Day attacks. Informatică Economică, 26(2/2022), 46–56. https://doi.org/10.24818/issn14531305/26.2.2022.05
Cuppah, D., & Hanumanthappa, M. (2020). Design and analysis of a hybrid security framework for Zero-Day Attack. ResearchGate. https://www.researchgate.net/publication/341423830
Regi, S., Arora, G., Gangadharan, R., Bathla, R., & Pandey, N. (2022). Case study on detection and Prevention methods in zero day attacks. 2022 10th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO). https://doi.org/10.1109/icrito56286.2022.9964873
Marbukh, V. (2023). Towards Security Metrics Combining Risks of Known and Zero-day Attacks: Work in Progress. NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium. https://doi.org/10.1109/noms56928.2023.10154439
Ķinis, U. (2018). From Responsible Disclosure Policy (RDP) towards State Regulated Responsible Vulnerability Disclosure Procedure (hereinafter – RVDP): The Latvian approach. Computer Law & Security Review, 34(2), 416-428. https://doi.org/10.1016/j.clsr.2017.11.003
Stone, M., Semrau, J., & Sadowsk, J. (2024). We’re All in this Together: A Year in Review of Zero-Days Exploited In-the-Wild in 2023. Retrieved from https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Year_in_Review_of_ZeroDays.pdf.
Cen, M., Deng, X., Jiang, F., & Doss, R. (2024). Zero-Ran sniff: A zero-day ransomware early detection method based on zero-shot learning. Computers & Security, 142, 103849. https://doi.org/10.1016/j.cose.2024.103849
Roumani, Y. (2021). Patching zero-day vulnerabilities: an empirical analysis. Journal of Cybersecurity, 7(1). https://doi.org/10.1093/cybsec/tyab023
Ding, A. Y., Limon, D. J. G., & Janssen, M. (2019). Ethical hacking for boosting IoT vulnerability management. ICTRS ’19: Proceedings of the Eighth International Conference on Telecommunications and Remote Sensing. https://doi.org/10.1145/3357767.3357774
Lenarduzzi, V., Pecorelli, F., Saarimaki, N., Lujan, S., & Palomba, F. (2023). A critical comparison on six static analysis tools: Detection, agreement, and precision. Journal of Systems and Software/the Journal of Systems and Software, 198, 111575. https://doi.org/10.1016/j.jss.2022.111575
Sihwail, R., Omar, K., Ariffin, K. Z., & Afghani, S. A. (2019). Malware detection approach based on artifacts in memory image and dynamic analysis. Applied Sciences, 9(18), 3680. https://doi.org/10.3390/app9183680
Hanif, H., Nasir, M. H. N. M., Razak, M. F. A., Firdaus, A., & Anuar, N. B. (2021). The rise of software vulnerability: Taxonomy of software vulnerabilities detection and machine learning approaches. Journal of Network and Computer Applications, 179, 103009. https://doi.org/10.1016/j.jnca.2021.103009
Cheng, H., Li, D., Zhao, M., Li, H., & Wong, W. E. (2024). A Comprehensive Review of Learning-based Fuzz Testing Techniques. 2024 10th International Symposium on System Security, Safety, and Reliability (ISSSR). https://doi.org/10.1109/isssr61934.2024.00024
Shen, M., Ye, K., Liu, X., Zhu, L., Kang, J., Yu, S., Li, Q., & Xu, K. (2023). Machine Learning-Powered Encrypted Network Traffic Analysis: A Comprehensive survey. IEEE Communications Surveys and Tutorials/IEEE Communications Surveys and Tutorials, 25(1), 791–824. https://doi.org/10.1109/comst.2022.3208196
Olubudo, P. (2024). Advanced Threat Detection Techniques in IT Security: Exploring machine learning algorithms for identifying ResearchGate. https://www.researchgate.net/publication/380938538_Advanced_Threat_Detection_Techniques_in_IT_Security_Exploring_Machine_Learning_Algorithms_for_Identifying_Sophisticated_Cyber_Threats
Arfeen, A., Ahmed, S., Khan, M. A., & Jafri, S. F. A. (2021). Endpoint Detection & Response: A Malware Identification Solution. 2021 International Conference on Cyber Warfare and Security (ICCWS). https://doi.org/10.1109/iccws53234.2021.9703010
Pauley, E., Barford, P., & McDaniel, P. (2023). The CVE Wayback Machine: Measuring Coordinated Disclosure from Exploits against Two Years of Zero-Days. IMC ’23: Proceedings of the 2023 ACM on Internet Measurement Conference. https://doi.org/10.1145/3618257.3624810
Ma, C., Bosack, M., Rothschell, W., Davis, N., & Garg, V. (2023, November). Wanted hacked or patched: bug bounties for third party OpenSource software components. Usenix. https://www.usenix.org/sites/default/files/opensourcebugbounty_login_final.pdf
NVD - CVE-2021-44228. (n.d.). https://nvd.nist.gov/vuln/detail/CVE-2021-44228
Narang, S. (2021, March 2). Day vulnerabilities in Microsoft Exchange server exploited in the wild. tenable. https://www.tenable.com/blog/cve-2021-26855-cve-2021-26857-cve-2021-26858-cve-2021-27065-four-microsoft-exchange-server-zero-day-vulnerabilities
Mitigate Microsoft Exchange Server vulnerabilities | CISA. (2021, July 19). Cybersecurity and Infrastructure Security Agency CISA. https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-062a
The Hacker News. (2024). Update Chrome Browser now: 4th Zero-Day exploit discovered in May 2024. https://thehackernews.com/2024/05/google-detects-4th-chrome-zero-day-in.html
Smith, M. (2024, May 15). New Chrome Zero-Day vulnerability CVE-2024-4761: What you need to know and how to stay safe. Cyber and Fraud Centre - Scotland. https://cyberfraudcentre.com/new-chrome-zero-day-vulnerability-cve-2024-4761
- Abstract viewed - 236 times
- Pdf downloaded - 161 times
Affiliations
Idah Pindai Zengeni
School of Computing, Universiti Utara Malaysia
Mohamad fadli Zolkipli
School of Computing, Universiti Utara Malaysia
How to Cite
Zero-Day Exploits and Vulnerability Management
Vol 7 No 3 (2024): September
Submitted: Jul 16, 2024
Published: Sep 1, 2024
Abstract
Zero-day vulnerabilities pose significant threats to enterprise cybersecurity, exploiting unknown weaknesses in software before patches are available. This paper explores the lifecycle of zero-day exploits, from discovery through exploitation, disclosure, and patching, emphasizing the critical need for proactive vulnerability management. Case studies such as the Log4Shell and Microsoft Exchange vulnerabilities illustrate the devastating impact of these exploits on enterprise systems and data security. The discussion underscores the importance of early detection, swift response, and collaboration with software vendors to minimize exposure and mitigate risks effectively. Initiatives like bug bounty programs and responsible disclosure policies are highlighted as essential strategies for leveraging global expertise in identifying and addressing vulnerabilities. By embracing advanced detection technologies and continuous monitoring, organizations can enhance their resilience against evolving cyber threats and safeguard their digital assets. Ultimately, proactive cybersecurity measures and a collaborative approach are essential for mitigating the risks associated with zero-day vulnerabilities in today's dynamic threat landscape.