Zero-day attacks will always be a serious issue for anyone involved in cyber security.
A zero-day cyber attack is one that happens in the gap between the hackers discovering a vulnerability in a system and putting an exploit out in the wild and the software vendors, discovering the same software flaw, developing a fix for it and getting it out to you.
This attack, which will get to you via a Qbot phishing email attack, exploits a Windows vulnerability and bypasses the usual warning that a file originates from an untrusted source such as the internet – a warning that many will be depending on to keep them protected.
New attacks use Windows security bypass zero-day to drop malware (bleepingcomputer.com)
I reported on another Qbot email phishing campaign last week:
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
QBot Malware: What Is It and How Does It Work (datto.com) – we use Datto for a variety of our services we supply to our cyber security clients.
Zero-day (computing) – Wikipedia