---
title: "Recent Zero-Day Attacks: Top Examples and How To Prevent It | Phish Protection"
description: "Recent Zero-Day Attacks: Top Examples and How To Prevent It:"
image: "https://phishprotection.com/images/og-default.png"
canonical: "https://phishprotection.com/recent-zero-day-attacks/"
---

#  Recent Zero-Day Attacks: Top Examples and How To Prevent It 

## **Recent Zero-Day Attacks: Top Examples and How To Prevent It.**

_‘Zero-Day’ or ‘Day Zero’ is an attack that exploits serious software security vulnerability that the developer of the vendor might not be aware_ of. As soon as one discovers it, the software developer needs to rush to resolve the vulnerability to limit its threat to software users. A software patch is a solution to this. The likes of recent zero-day attacks could be used for attacking the internet of things, too.

![Anti Pshing](https://media.mailhop.org/phishprotection/images/2019/12/anti-pshing.png) 

### Recent Zero-Day attacks

#### Attack On Microsoft Windows, June 2019

_The attack on Microsoft Windows that has targeted Eastern Europe was identified by a group of researchers from ESET in June 2019_. The attack was regarding the local escalation privileges that were a vulnerable part of Microsoft Windows.

_Since releasing a patch is the only option in such scenarios, once the threat was identified, the security center from Microsoft took the responsibility of rectifying it._

It can also be assumed similar to a **phishing attack** where the hackers attack people that are vulnerable to fall for scam emails as well as messages. Microsoft inadvertently left one point in favor of the attackers, and the attackers took advantage of the same.

The attack started via malware, which is also a type of phishing attack.

#### CVE-2019-0797

Another [Zero-Day attack example](/content/zero-day-protection/zero-day-attack-example/) is the one that infiltrated Microsoft Windows in Feb 2019 by (AEP) Automatic Exploit Prevention. It happened before the June 2019 exploit mentioned above. _It was the fourth time that the vulnerability of win32k.sys was exploited_, after which it was again attempted in June of the same year.

With the help of advanced technologies such as AEP for end-point products as well as BDE (Behavioral detection engine), the discovery of the attack was possible.

To identify if this was also a phishing attempt, technology such as an **anti-malware engine** was also used.

A patch was released immediately following the same; however, even after fixing it, the attack was attempted again.

#### CVE-2019-2215

This attack affected the android devices from Google due to the vulnerability known as [Kernel privilege escalation](https://www.scmagazine.com/home/security-news/vulnerabilities/kernel-privilege-escalation-bug-actively-exploited-in-android-devices/). The TAG team from Google was the first to identify the same. It occurred via malicious apps that the hackers were using, who then sent out emails about downloading the same in the form of phishing.

_Google will be releasing a patch this November to resolve the issue._

#### The DNC Hack

It was one of the most popular Zero-Day attacks. The data released about DNC or the Democratic National Committee was due to the [recent Zero-Day attacks-2019](/content/zero-day-protection/recent-zero-day-attacks-2019/). _There have been about **six zero-day** exploited vulnerabilities_, which are included in the [zero-day vulnerability list, 2019](/content/zero-day-protection/zero-day-vulnerability-list-2019/), for gaining access to the stolen data. The state backed these discovered vulnerabilities by Russian hackers in Adobe Flash, Microsoft Windows, and Java. To operate on the vulnerabilities, the hackers got involved in a campaign of spear-phishing.

Unlike the phishing campaign, this spear-phishing campaign targeted specific individuals rather than the general public. The Russian hackers had sent out several emails containing booby-trapped links to phishing pages that stole passwords to people related to the DNC. People who clocked on tiny.cc and bit.ly concealed URLs surrendered the control of their personal computer and also the DNC network to the hackers.

#### Aurora

Operation Aurora had been a series of cyber-attacks that aimed at several organizations such as Juniper Networks, Adobe Systems, and Rackspace. As per the media reports, there were other organizations among the targets like,

- Dow Chemical
- Yahoo
- Morgan Stanley
- Northrop Grumman
- Symantec

Elderwood Group conducted the advanced level persistent threat that is based in Beijing and had an association with the People’s Liberation Army. The attacks had started in 2009 and had been disclosed for the first time by Google through a blog post on January 12, 2010\. The discovery was related to the main goal of the attack. _The principal aim was to gain access to and modify the source code repository at these defense, security, and high-tech contractor enterprises_.

### **Zero-Day Attack Prevention**

[Zero-Day protection](/content/zero-day-protection/) is necessary as these exploits are unexpected. To protect your vulnerable programs and software, below are some [zero-day attack prevention](/content/zero-day-protection/zero-day-attack-prevention/) tips.

- Update every software and application as soon as the security patches are released.
- Implement Web Application Software for protecting the website. It enables you to identify the attacks accurately.
- Install an Internet Security suite. It usually comes with sandboxing techniques, smart anti-virus, heuristic file analysis, and default-deny protection.
![Antiphishing](https://media.mailhop.org/phishprotection/images/2019/12/antiphishing.png) ![Cash Or Trade Phish](https://media.mailhop.org/phishprotection/images/2019/12/cash-or-trade-phish.png) 

### **Conclusion**

_Just as ransomware attacks, the Day-Zero attack is not going anywhere_. The question of ‘[how are the zero-day attacks discovered](/content/zero-day-protection/how-are-zero-day-attacks-discovered/)’ has also been answered by the experts by identifying the above threats. _Cybercriminals are always looking for CVEs for exploiting the hardware or software programs_. As per the [CVE details website](https://www.exploit-db.com/), there are about 185 CVEs that register over 9 according to its scale. A score above 9 shows that the hacker can expose the vulnerability in the hardware or software program and get complete control. So, make sure you are attentive with cybersecurity and do not let your inquisitiveness get the better of you.

### Enterprise-class email protection without the enterprise price

For flexible per-user pricing, PhishProtection’s integrated email security solution protects your employees from business email compromise (BEC) and many other email threats. 24×7\. On any device. With features you’d expect in more expensive solutions:

**All Plans Come With**

- Stops business email compromise (BEC)
- Stops brand forgery emails
- Stop threatening emails before they reach the inbox
- Continuous link checking
- Real-time website scanning
- Real time alerts to users and administrators
- Protection with settings you control
- Protection against zero day vulnerabilities
- Complete situational awareness from web-based console

### Join 7500+ Organizations that use Phish Protection

[ 60-Day Free Trial ](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection)

Phish Protection works with System Administrators, IT Professionals and IT Executives in thousands of companies worldwide. Sign up and protect your organization from phishing attacks in less than 5 minutes

![Sys Admin1](https://media.mailhop.org/phishprotection/images/2020/03/sys-admin1.jpg) ![Itprofessional1 E1585030432965](https://media.mailhop.org/phishprotection/images/2020/03/itprofessional1-e1585030432965.jpg) ![Directorofit1](https://media.mailhop.org/phishprotection/images/2020/03/directorofit1.jpg) 

## Protect your inbox from phishing attacks

Start your 60-day free trial - no credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"21","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/phish-protection/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"Article","headline":"Recent Zero-Day Attacks: Top Examples and How To Prevent It","description":"Recent Zero-Day Attacks: Top Examples and How To Prevent It: 'Zero-Day' or 'Day Zero' is an attack that exploits serious software security vulnerability that.","url":"https://phishprotection.com/recent-zero-day-attacks/","dateModified":"2023-08-01T11:36:10.000Z","author":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection"},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/phishprotection-logo.png"},"description":"Enterprise-grade email security that protects businesses from phishing, ransomware, and email fraud with real-time threat detection and multi-layered protection.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://phishprotection.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138897912","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Ransomware Protection","Business Email Compromise","Time of Click Protection","Advanced Threat Defense","Email Fraud Prevention","Phishing Awareness Training","Office 365 Email Security"]},"image":"https://media.mailhop.org/phishprotection/images/og-default.png"}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Recent Zero Day Attacks","item":"https://phishprotection.com/recent-zero-day-attacks/"}]}
```