Difference between revisions of "Vulnerability"
From MgmtWiki
(→List) |
|||
| Line 6: | Line 6: | ||
* [https://owasp.org/www-project-top-ten/ OWASP Top 10] in the web | * [https://owasp.org/www-project-top-ten/ OWASP Top 10] in the web | ||
| + | *From ransomware attack to double extortion and ever triple extortion: | ||
| + | **Ransomware: criminals ask a ransom to give back access to data | ||
| + | **Double extortion: in addition, criminals threaten to release publicly hijacked data | ||
| + | ** Triple extortion: launch a DDoS attack; inform victim's partners & customers about the stolen data. | ||
| + | *Smishing: | ||
| + | **Phishing via text | ||
| + | **Messages that create a sense of urgency are sent to your phone via text with malicious links attached. | ||
| + | **The messages are usually framed like a past due payment notice from your bank, an unexpected prize won or an unusual login notice prompting you to login **to verify your identity. | ||
| + | *QR Code Swapping: | ||
| + | **Legitimate QR codes at establishments such as restaurants are being swapped out with ones that redirect to malware or malicious phishing sites. | ||
| + | **Although they are very convenient, its advisable to type out the exact URL into your browser. | ||
==References== | ==References== | ||
Revision as of 12:19, 14 November 2022
Full Title
A Vulnerability is a weakness in a design or implementation that might lead to a Exploit.
List
This is basically just a list of some known vulnerabilities of interest to Identity Management. There is no claim this is complete.
- OWASP Top 10 in the web
- From ransomware attack to double extortion and ever triple extortion:
- Ransomware: criminals ask a ransom to give back access to data
- Double extortion: in addition, criminals threaten to release publicly hijacked data
- Triple extortion: launch a DDoS attack; inform victim's partners & customers about the stolen data.
- Smishing:
- Phishing via text
- Messages that create a sense of urgency are sent to your phone via text with malicious links attached.
- The messages are usually framed like a past due payment notice from your bank, an unexpected prize won or an unusual login notice prompting you to login **to verify your identity.
- QR Code Swapping:
- Legitimate QR codes at establishments such as restaurants are being swapped out with ones that redirect to malware or malicious phishing sites.
- Although they are very convenient, its advisable to type out the exact URL into your browser.
