A ubuthathaka obungenalo usuku yenye yezona ngozi zinkulu kukhuseleko lwe-intanethi. Yimpazamo ekungekho mntu uyaziyo de ibe sele isetyenziswa kakubi.
Xa abahlaseli beyifumana baze bayisebenzise, isiphumo siba usuku lwe-zero, iqhekeza lekhowudi okanye ubuchule obuguqula obo buthathaka bufihliweyo bube sisongelo sokwenyani. Kwisoftware kunye namaqela eDevSecOps, ezi ukuxhatshazwa kobuthathaka bemihla ngemihla yenza iindawo ezingabonakaliyo apho iiskena eziqhelekileyo, izixhobo ze-antivirus, kunye neepetshi zingenakunceda khona.
Abahlaseli ngoku bahamba ngokukhawuleza, bejolise kwikhowudi, ukuxhomekeka, kunye CI/CD pipelines.
Ukuqonda indlela a usuku lwe-zero isebenza, kunye nendlela yokuyifumanisa kwangethuba, ngoku yinxalenye ebalulekileyo yokugcina nayiphi na inkqubo yophuhliso lwanamhlanje ikhuselekile.
Yintoni Eyenza Ukuba Sesichengeni Kweentsuku Ezingenanto Kube Yingozi Kangaka?
A usuku lwe-zero isebenzisa ithuba lobuthathaka ngaphambi kokuba umthengisi azi nokuba bukhona.
Ngokungafaniyo neziphene ezaziwayo, akukho patch, akukho lungiso, kwaye ngokufuthi akukho ndlela inokuthenjwa yokuyifumana de kube emva kokuba uhlaselo lwenzekile.
Ezi ngxaki zihlala zifihlakala kwiilayibrari zesoftware, kwiibrowser, okanye kwiindawo zomntu wesithathu. Nje ukuba zifunyanwe, abahlaseli banokuzisebenzisa ngokukhawuleza baze basasaze ikhowudi enobungozi ngezixhobo ezithembekileyo kunye neendawo zokugcina idatha.
Ngenxa yale nto, ukuxhatshazwa kobuthathaka bemihla ngemihla ingahamba ngokukhawuleza kwiindawo ezithengisa izinto kunye neendawo ezisemafini.
Ukuxhomekeka okukodwa kwiprojekthi yomthombo ovulekileyo kunokuveza amawaka ezakhiwo ngaphambi kokuba nabani na aqaphele.
Ukuqonda ukuxhatshazwa kweZero-Day Vulnerability
Ukuze siqonde indlela abahlaseli abasebenzisa ngayo obu buthathaka, kuyanceda ukujonga ulandelelwano oluqhelekileyo lwe-zero-day exploit:
- Umphandi okanye umhlaseli ufumana isiphene esingaziwayo.
- Umhlaseli udala ikhowudi yokusebenzisa loo mpazamo.
- Olu xhatshazo lusetyenziswa kuhlaselo lokwenyani okanye kwabelwana ngalo kwi-intanethi.
- Abathengisi bayayichonga ingxaki baze bayikhuphe i-patch.
- Amaqela okhuseleko asebenza ngokukhawuleza ukuze asebenzise uhlaziyo kwaye anciphise ukuchatshazelwa.
Umzekelo, IBM X-Force baxele ityala apho abahlaseli basebenzise khona ubuthathaka obungenasuku kwisoftware yokudlulisa iifayile yeGoAnywhere kwiiyure ezingama-24 emva kokufunyanwa.
Oku kubonisa indlela elincinane ngayo ixesha phakathi kokufunyanwa nokuxhaphazwa, ngamanye amaxesha iiyure ezimbalwa kuphela.
Olu hlaselo alupheleli nje kwingcamango. Sele lubangele umonakalo omkhulu enterprise iinkqubo, isoftware evulelekileyo, kunye nemixokelelwane yokubonelela ngeenkonzo kwihlabathi liphela.
Imizekelo yokwenyani yoHlaselo lweZero-Day
Uhlaselo lwe-zero-day alusekho lungaqhelekanga. Luyenzeka kuzo zonke iileya zesoftware zanamhlanje, ukusuka kwiibrawuza ukuya ekwakheni iinkqubo kunye nezixhobo zabaphuhlisi.
Le mizekelo ilandelayo ibonisa indlela abahlaseli abakhawuleza ngayo ukuxhaphaza ubuthathaka obungaziwayo ngaphambi kokuba abakhuseli bakwazi ukuphendula:
- Ukudluliselwa kweMOVEit (2023)Abahlaseli basebenzise i-zero-day SQL injection vulnerability (CVE-2023-34362) kwi-Progress MOVEit Transfer. Olu qhankqalazo lwenze ukuba kubekho ukubiwa kwedatha okukhulu kumakhulu emibutho, kuquka iibhanki kunye neearhente zikarhulumente, ngaphambi kokuba kukhutshwe i-patch.
- I-Google Chrome (2025): Ubuthathaka obungenazo iintsuku (CVE-2025-10585) kwinjini yeJavaScript ye-V8 yeChrome busetyenziswe ngokukhutheleyo endle. I-Google ikhuphe i-patch engxamisekileyo emva kokuqinisekisa ukuba uhlaselo luyaqhubeka.
- Uhlaselo loBonelelo lweSolarWinds (2020)Abahlaseli bafake ikhowudi enobungozi kuhlaziyo lwesoftware oluthembekileyo lweqonga le-Orion leSolarWinds, nto leyo ebeka emngciphekweni imibutho engaphezu kwe-18,000. Nangona ingazange ibe yinto enye, yayisebenza ngathi ayizukubakho kwikhonkco lokubonelela.
- I-Microsoft Exchange Server (2021, “iProxyLogon”): Iingxaki ezine zemihla ngemihla ezingenanto zivumele abahlaseli ukuba bafumane ukufikelela kwiiseva ze-Exchange kwihlabathi liphela. Iipatches zifike ngokukhawuleza, kodwa amawaka eenkqubo sele echaphazelekile.
- Iklayenti yeZoom (2022): Ukuxhaphaza okungengosuku olupheleleyo kwavumela abahlaseli abakude ukuba basebenzise ikhowudi ngexesha leefowuni zevidiyo kwiiklayenti zeWindows ezingafakwanga ipatch. Esi siphene satshintshiselwa ngasese ngaphambi kokuba sityhilwe esidlangalaleni.
Ityala ngalinye libonisa indlela ukuxhatshazwa kobuthathaka bemihla ngemihla inokusasaza kuzo zonke izinto ezixhomekeke kuzo, pipelines, kunye neendawo zamafu kwiiyure.
Yiyo loo nto ukubonakala, ukubhaqwa kwezinto ezingaqhelekanga, kunye nezilumkiso kwangethuba kubalulekile ukuze kuthintelwe ezi ngozi ngaphambi kokuba zisasazeke.
Ezi ziganeko zibonisa utshintsho kwisicwangciso sohlaseli, ukusuka kuhlaselo oluzimeleyo ukuya ekungeneni kweenkqubo zokwakha, ukuxhomekeka, kunye neDevOps pipelines.
Ukuxhatshazwa kweZero-Day kwiCandelo loNikezelo lweSoftware
Iindlela zanamhlanje zokusebenzisa isoftware zihlala zijolise kwikhonkco lokubonelela ngesoftware, kungekuphela nje kwiindawo zokugcina okanye iinkqubo zokusebenza.
Abahlaseli basebenzisa ukuxhomekeka okubuthathaka, izikripthi ezinobuthi, kunye CI/CD ulungelelwaniso olungalunganga lokuya phezulu kwinkqubo yophuhliso.
Ezinye zeendlela zokuhlasela eziqhelekileyo ziquka:
- Publishing iipakethi ezineentsholongwane kwiirejista ezivulelekileyo.
- Ukufaka imithwalo yemihla ngemihla engekhoyo kwizikripthi emva kokufakwa.
- Ukusebenzisa imisebenzi yokwakha engajongwanga okanye iziqinisekiso.
- Ukuqhaqha abagcini abasemthethweni okanye iiakhawunti zabo.
Izixhobo zesiqhelo zokugqibela azikwazi ukubona ezi zisongelo kuba ziyenzeka phambi kokuba isoftware isebenza, ngexesha lophuhliso, ulwakhiwo, okanye udibaniso.
Yiyo loo nto ukubonakala kweDevSecOps kunye nokuskena ngokuzenzekelayo kubalulekile.
Umsantsa woBomi kunye nokuQondwa
| Isigaba | Umsebenzi woMhlaseli | Umngeni woMkhuseli |
|---|---|---|
| Ukufunyanwa kunye nokusebenzisa izixhobo | Fumana isiphene esingaziwayo uze wakhe umsebenzi wokusebenzisa ngaphambi kokuba utyhile. | Akukho siginitsha okanye ipetshi eyaziwayo ekhoyo; abakhuseli ababonakali. |
| Ukusasazwa Kokuxhatshazwa | Thumela imithwalo yentlawulo ngokusebenzisa ubuqhetseba, iipakethe ezinentsholongwane, okanye uhlaziyo olunobungozi. | Ukufunyanwa kwenzeka kuphela emva kokuphunyezwa; ixesha lokuphendula lilinganiselwe. |
| Ipetshi kunye nokuVula | Umthengisi ukhupha uhlaziyo kwaye loo nto ixhaphakileyo iba selubala. | Iinkqubo zihlala zibonakala de kube kuvavanywa kwaye kusetyenziswa amabala. |
Umsantsa wokufumanisa yeyona mzuzu iyingozi kakhulu. Xa kukho ukuxhatshazwa kobuthathaka obungenazo iintsuku kwaye amaqela engenasiginitsha okanye ipetshi, abahlaseli banokuhamba ngokukhawuleza. Ukuvala lo msantsa kufuna ukubonwa kwangethuba, ukujongwa rhoqo, kunye nokuzikhusela okusekelwe ekuziphatheni.
Idatha Engasemva Kwezisongelo Zanamhlanje Zero-Day
Iingxelo zamva nje zibonisa indlela umsebenzi we-zero-day oye waqheleka kwaye wakhawuleza ngayo:
- The Google Threat Intelligence Group (GTIG) umbiko Ubuthathaka obungama-75 beentsuku ezingenanto ezisetyenziswa endle ngo-2024, ukwanda ngama-30 ekhulwini ukusuka kunyaka ophelileyo.
- malunga Iipesenti ezingama-44 zezo ntsuku zingenanto joliswe kuwo enterprise iinkqubo ezifana neeVPN, iifirewall, kunye nezixhobo zolawulo, nto leyo ebonisa ukuba abahlaseli ngoku bagxila kwiziseko zophuhliso ezixabisa kakhulu.
- The Isalathiso soBukrelekrele beNgxaki se-IBM 2025 zirekhodwe ngaphezu 65,000 ubuthathaka ngezenzo ezifumaneka esidlangalaleni, ezininzi ziphinde zasetyenziswa zaza zapakishwa kwakhona kuhlaselo olutsha lweentsuku ezingenanto.
La manani abonisa isizathu sokuba amaqela kufuneka abone iimpawu zokungakwazi ukusebenza kakuhle ngaphambi kokuba kuvele i-patch.
Oko Ukhuseleko Olungcono Lwemihla Engenanto Lufanele Luqukwe
Ukunciphisa impembelelo ye usuku lwe-zero, ukhuselo lufuna iileya ezininzi kunye nokubekwa kwangoko kuhambo lophuhliso. Indlela epheleleyo ibandakanya:
- Ukuskena ngexesha langempela kweerejista ezifana ne-npm kunye ne-PyPI ukuze kubonwe iipakeji ezikrokrelekayo ngaphambi kokuba zingene kwizakhiwo
- Iinkqubo zokulumkisa kwangethuba ezibonisa iipakeji ezintsha okanye utshintsho olukhawulezileyo lwabapapashi olunokubonisa ukuba akukho bungozi bosuku olupheleleyo endle
- Ii-firewall ezixhomekeke ekuthinteleni okanye ezivalela izinto ezinobungozi ngokuzenzekelayo
- Ukufunyanwa kwe-Anomaly kuyo yonke indawo CI/CD pipelineukufumana indlela yokuziphatha engaqhelekanga yokwakha ngexesha enokubonisa ukuxhomekeka okuxhaphakileyo
- Ukulandelela udumo lomdibanisi ukuze kufunyanwe iiakhawunti zomgcini ezibiweyo okanye ezingezizo ezinokuthi zipapashe ukukhutshwa okugcwele ukuxhaphaza
- Ukunyanzeliswa komgaqo-nkqubo okuqhubekayo ukuthintela ikhowudi engakhuselekanga ukuba idibane namasebe aphambili
NgokweNational Vulnerability Database, ii-CVE ezintsha ezingaphezu kwama-29,000 zarekhodwa ngo-2024. Nangona imiba ye-zero-day idweliswa kuphela emva kokutyhilwa, olu kukhula lubonisa indlela ubuthathaka obubonakala ngokukhawuleza ngayo kunye nesizathu sokuyekiswa usuku lwe-zero izinto zakuqala.
Indlela iXygeni enceda ngayo ekunciphiseni ukuxhatshazwa kweZero-Day
I-Xygeni ubeka ukufunyanwa kwangethuba kunye nokukhuselwa ngokuzenzekelayo kwi-DevOps yakho ukuze kuncitshiswe ithuba lokuvezwa kwi-zero day exploit. Izakhono eziphambili ziquka:
- Ukubeka esweni rhoqo iiphakheji ezintsha nezikhoyo ukuze kubonwe iimpawu zokuqala zokuziphatha okuyingozi
- An Inkqubo yesilumkiso kwangethuba ekwazisa amaqela xa kuvela iphethini yokuxhaphaza enokubakho kwiirejista
- Ukuvimba ngokuzenzekelayo okanye ukuvalelwa kwabantu abaxhomekeke kubo ngendlela engaqondakaliyo ukuze ukuxhaphazwa kwe-zero day kungabi nako ukungena kwizinto zakho zokwakha
- Ukufunyaniswa okungaqhelekanga ngexesha lokwakha okubonisa utshintsho lwefayile olungalindelekanga okanye iifowuni ezikude ezihambelana nokuziphatha kokuxhaphaza
- Ukulandelela udumo lwabagcini kunye nabapapashi ukuze babone utshintsho olukhawulezileyo olunokubonisa isivumelwano
- Ukubeka phambili izinto ngokuqonda imeko oko kunceda amaqela ukuba ahlole ukuba ingxaki efunyenweyo inokuba yinto engaqhelekanga na kwindawo yawo
I-Xygeni idibana neenkqubo ze-CI eziqhelekileyo kunye nolawulo lwemithombo ukuze ufumane ezi zikhuselo ngaphandle kwezikripthi ezongezelelweyo okanye ukuseta okunzima.
Iindlela ezilungileyo zokulungiselela usuku olulandelayo lwe-Zero-Day
- Londoloza SBOMs ukwazi ukuba yeyiphi ikhowudi kunye neepakeji ezikwisakhiwo ngasinye
- Iinguqulelo zokuxhomekeka kwi-Pin kwaye uphephe ii-wildcards ezivumela iphakheji engaziwayo ukuba ingene kwaye isebenze ngaphandle kosuku
- Sebenzisa iiskeni ezinee-layered: iitshekhi ezingashukumiyo, iimvavanyo ezitshintshatshintshayo, kunye nokubeka esweni ukuziphatha
- Zenzekela iinkqubo zokulungisa nokubuyisela umva ukuze kuncitshiswe ukubonakaliswa xa ukusetyenziswa kwe-zero day kusenziwa esidlangalaleni
- Nciphisa iimfihlo kunye neemvume kwimisebenzi yokwakha ukuze ukuxhaphaza kungabi nokwanda ngokulula
- Qeqesha amaqela ukuba abone iingozi ze-supply-chain kwaye aphendule ngokukhawuleza xa kuvela izibonakaliso zokuxhaphaka kwe-zero day
Izixhobo ezifana neXygeni zinceda ukwenza uninzi lwezi ndlela zizenzekeleyo kwaye zinciphise umsebenzi wezandla ngelixa ziphucula ukubonwa kokusetyenziswa kwe-zero day.
Iingcinga Zokugqibela: Ukuhlala Inyathelo Elinye Ngaphambi Kwezinto Ezingalindelekanga
Izisongelo ze-zero-day ziya kuhlala zitshintsha. Yiyo loo nto ukhuselo kufuneka lutshintshe. Ukukhusela ii-endpoints zodwa akwanelanga. Amaqela adinga ukubonakala kunye nokukhuselwa okuqala ngaphakathi kwikhowudi, ukuxhomekeka, kunye pipelines.
Ngokudibanisa ukuskena ngexesha langempela, izilumkiso zangaphambi kwexesha, kunye nokuvala ngokuzenzekelayo, unganciphisa amathuba okuba imveliso ifikelele kwi-zero day exploit. Fumana kwangethuba, vimba ngokukhawuleza, kwaye ugcine uthotho lwakho lwesoftware luphambili.




