Vulnerability
From MgmtWiki
Contents
Full Title
A Vulnerability is a weakness in a design or implementation that might lead to an Exploit.
Context
There is some ambiguity between the terms:
- Vulnerability as it is commonly referred to the the STRIDE threat model, and
- Attack as is commonly referred to the the ATTACK threat model.
Where vulnerability generally is a broader scope (more abstract) that attack.
List
This is basically just a list of some known vulnerabilities of interest to Identity Management. There is no claim this is complete.
- OWASP Top 10 in the web
- From ransomware attack to double extortion and ever triple extortion:
- Ransomware: criminals ask a ransom to give back access to data
- Double extortion: in addition, criminals threaten to release publicly hijacked data
- Triple extortion: launch a DDoS attack; inform victim's partners & customers about the stolen data.
- Smishing:
- Phishing via text
- Messages that create a sense of urgency are sent to your phone via text with malicious links attached.
- The messages are usually framed like a past due payment notice from your bank, an unexpected prize won or an unusual login notice prompting you to login **to verify your identity.
- QR Code Swapping:
- Legitimate QR codes at establishments such as restaurants are being swapped out with ones that redirect to malware or malicious phishing sites.
- Although they are very convenient, it's advisable to type out the exact URL into your browser.