Home Tags Vulnerability

Tag: Vulnerability

In computer security, a vulnerability is a weakness which allows an attacker to reduce a system’s information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface.

Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. This practice generally refers to software vulnerabilities in computing systems.

A security risk may be classified as a vulnerability. The use of vulnerability with the same meaning of risk can lead to confusion. The risk is tied to the potential of a significant loss. Then there are vulnerabilities without risk: for example when the affected asset has no value. A vulnerability with one or more known instances of working and fully implemented attacks is classified as an exploitable vulnerability — a vulnerability for which an exploit exists. The window of vulnerability is the time from when the security hole was introduced or manifested in deployed software, to when access was removed, a security fix was available/deployed, or the attacker was disabled—see zero-day attack.

Security bug (security defect) is a narrower concept: there are vulnerabilities that are not related to software: hardware, site, personnel vulnerabilities are examples of vulnerabilities that are not software security bugs.

Constructs in programming languages that are difficult to use properly can be a large source of vulnerabilities.

Privacy Advocates Vow to Fight Rollback of Broadband Privacy Rules

Privacy activists say rolling-back ISP privacy rules means health, financial and browsing habits can be used, shared and sold to the highest bidder without...

Instagram Adds Two-Factor Authentication

Instagram became the latest in a long line of services over the years to offer users two-factor authentication.

Threatpost News Wrap, March 27, 2017

The latest Wikileaks dump of Apple hacking tools, the LastPass vulnerabilities, and a new Android security report are discussed.

Adware Apps Booted from Google Play

More than a dozen apps removed from Google Play store after it was determined they were overly aggressive adware.

WikiLeaks Dump Shows CIA Interdiction of iPhone Supply Chain

Today's WikiLeaks Vault 7 Dark Matter release shows the CIA's capabilities to attack and persist on Apple iPhone and Mac firmware and an apparent...

Cisco Patches Critical IOx Vulnerability

Cisco Systems patched a critical vulnerability that could give an attacker root privileges to software running on two of its IoT router models.

Malware That Targets Both Microsoft, Apple Operating Systems Found

A new strain of malware is designed to spread malware on either Mac OS X or Microsoft Windows, depending on where it’s opened.

Half of Android Devices Unpatched Last Year

Google said half of Android devices are unpatched and that percentage of potentially harmful apps on phones installed from all sources rose in 2016.

Paper Spells Out Tech, Legal Options for Encryption Workarounds

Bruce Schneier and Orin Kerr have written a paper that explains the technological and legal issues associated with six encryption workarounds available to law...

Google, Jigsaw Partner on Free Tools to Secure Elections

Jigsaw and Google said they would offer a free suite of security tools aimed at securing political elections.

Blank Slate Spam Campaign Spreads Cerber Ransomware

A spam campaign called Blank Slate is spreading Cerber ransomware and abusing hosting providers to register new domains as soon as they're taken down....

SAP Vulnerability Puts Business Data at Risk for Thousands of Companies

Researchers at ERPScan today disclosed details and a proof-of-concept exploit for a SAP GUI remote code execution vulnerability patched last week.