Difference between revisions of "Vulnerability"

From MgmtWiki
Jump to: navigation, search
m (List)
(Context)
 
(6 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
==Full Title==
 
==Full Title==
 +
A [[Vulnerability]] is a weakness in a design or implementation that might lead to an [[Exploit]].
 +
==Context==
 +
There is some ambiguity between the terms:
 +
*Vulnerability as it is commonly referred to the the [[STRIDE]] threat model, and
 +
* Attack as is commonly referred to the the ATTACK threat model.
 +
Where vulnerability generally is a broader scope (more abstract) that attack.
 +
 +
==List==
 +
 
This is basically just a list of some known vulnerabilities of interest to [[Identity Management]]. There is no claim this is complete.
 
This is basically just a list of some known vulnerabilities of interest to [[Identity Management]]. There is no claim this is complete.
  
==List==
 
 
* [https://owasp.org/www-project-top-ten/ OWASP Top 10] in the web
 
* [https://owasp.org/www-project-top-ten/ OWASP Top 10] in the web
 +
*From ransomware attack to double extortion and ever triple extortion:
 +
**Ransomware: criminals ask a ransom to give back access to data
 +
**Double extortion: in addition, criminals threaten to release publicly hijacked data
 +
** Triple extortion: launch a DDoS attack; inform victim's partners & customers about the stolen data.
 +
*Smishing:
 +
**Phishing via text
 +
**Messages that create a sense of urgency are sent to your phone via text with malicious links attached.
 +
**The messages are usually framed like a past due payment notice from your bank, an unexpected prize won or an unusual login notice prompting you to login **to verify your identity.
 +
*QR Code Swapping:
 +
**Legitimate QR codes at establishments such as restaurants are being swapped out with ones that redirect to malware or malicious phishing sites.
 +
**Although they are very convenient, it's advisable to type out the exact URL into your browser.
  
 
==References==
 
==References==
  
 +
[[Category: Glossary]]
 
[[Category: Vulnerability]]
 
[[Category: Vulnerability]]

Latest revision as of 11:47, 14 November 2022

Full Title

A Vulnerability is a weakness in a design or implementation that might lead to an Exploit.

Context

There is some ambiguity between the terms:

  • Vulnerability as it is commonly referred to the the STRIDE threat model, and
  • Attack as is commonly referred to the the ATTACK threat model.

Where vulnerability generally is a broader scope (more abstract) that attack.

List

This is basically just a list of some known vulnerabilities of interest to Identity Management. There is no claim this is complete.

  • OWASP Top 10 in the web
  • From ransomware attack to double extortion and ever triple extortion:
    • Ransomware: criminals ask a ransom to give back access to data
    • Double extortion: in addition, criminals threaten to release publicly hijacked data
    • Triple extortion: launch a DDoS attack; inform victim's partners & customers about the stolen data.
  • Smishing:
    • Phishing via text
    • Messages that create a sense of urgency are sent to your phone via text with malicious links attached.
    • The messages are usually framed like a past due payment notice from your bank, an unexpected prize won or an unusual login notice prompting you to login **to verify your identity.
  • QR Code Swapping:
    • Legitimate QR codes at establishments such as restaurants are being swapped out with ones that redirect to malware or malicious phishing sites.
    • Although they are very convenient, it's advisable to type out the exact URL into your browser.

References