Vulnerability

From MgmtWiki
Revision as of 12:47, 14 November 2022 by Tom (talk | contribs) (Context)

Jump to: navigation, search

Full Title

A Vulnerability is a weakness in a design or implementation that might lead to an Exploit.

Context

There is some ambiguity between the terms:

  • Vulnerability as it is commonly referred to the the STRIDE threat model, and
  • Attack as is commonly referred to the the ATTACK threat model.

Where vulnerability generally is a broader scope (more abstract) that attack.

List

This is basically just a list of some known vulnerabilities of interest to Identity Management. There is no claim this is complete.

  • OWASP Top 10 in the web
  • From ransomware attack to double extortion and ever triple extortion:
    • Ransomware: criminals ask a ransom to give back access to data
    • Double extortion: in addition, criminals threaten to release publicly hijacked data
    • Triple extortion: launch a DDoS attack; inform victim's partners & customers about the stolen data.
  • Smishing:
    • Phishing via text
    • Messages that create a sense of urgency are sent to your phone via text with malicious links attached.
    • The messages are usually framed like a past due payment notice from your bank, an unexpected prize won or an unusual login notice prompting you to login **to verify your identity.
  • QR Code Swapping:
    • Legitimate QR codes at establishments such as restaurants are being swapped out with ones that redirect to malware or malicious phishing sites.
    • Although they are very convenient, it's advisable to type out the exact URL into your browser.

References

Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=Vulnerability&oldid=16255"