Home Tags Vulnerability

Tag: Vulnerability

In computer security, a vulnerability is a weakness which allows an attacker to reduce a system’s information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface.

Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. This practice generally refers to software vulnerabilities in computing systems.

A security risk may be classified as a vulnerability. The use of vulnerability with the same meaning of risk can lead to confusion. The risk is tied to the potential of a significant loss. Then there are vulnerabilities without risk: for example when the affected asset has no value. A vulnerability with one or more known instances of working and fully implemented attacks is classified as an exploitable vulnerability — a vulnerability for which an exploit exists. The window of vulnerability is the time from when the security hole was introduced or manifested in deployed software, to when access was removed, a security fix was available/deployed, or the attacker was disabled—see zero-day attack.

Security bug (security defect) is a narrower concept: there are vulnerabilities that are not related to software: hardware, site, personnel vulnerabilities are examples of vulnerabilities that are not software security bugs.

Constructs in programming languages that are difficult to use properly can be a large source of vulnerabilities.

Apple said it is working on a fix for the latest text bomb bug that crashes a number of iOS and Mac apps that display specific Telugu language characters.   
Intel will pay up to $250,000 to researchers who identify bugs more severe than 9.0 on the CVSS scale.
Avecto researchers say removing admin rights from users would mitigate many of the threats.
Malicious e-mail attachments used in this campaign don’t display any warnings when opened and silently install malware.
Attacks include a hard-coded password vulnerability that could give attackers unauthorized access to systems.
Researchers now believe attackers may have had prior access to networks and that malware was more sophisticated than originally believed.
One of the bugs could allow a successful attack simply by a user viewing an email in Outlook's Preview pane.
It's just the latest reported vulnerability for the secure messaging application.
The malware's sole purpose was to take down systems, not steal data, Cisco Talos researchers say.
Emails try to get recipients to share revealing photos of themselves so scammers can later extort them later.
The attack could have been averted through a technique called subresource integrity, according to researcher Scott Helme.
Cisco has issued patches for the vulnerability, which could be up to seven years old.