Vulnerabilities Flashcards
Cloud-based Vulnerabilities:
Data breaches: Unauthorized access to sensitive data stored in the cloud.
Insecure APIs: Vulnerabilities in APIs may expose data or allow unauthorized actions.
Shared resources: Misconfigurations leading to exposure of data or resources to unintended parties.
On-premises vulnerabilities:
Physical access: Unauthorized access to on-premises servers or infrastructure.
Local network vulnerabilities: Weaknesses in the internal network could lead to unauthorized access.
Zero-day
Exploitation before patching: Attackers can exploit vulnerabilities before developers release a patch.
Limited mitigation strategies: Lack of available fixes or workarounds increases the risk.
Weak Configurations
Open Permissions:
Unauthorized access and data exposure.
Potential for privilege escalation attacks.
Weak Configurations
Unsecure Root Accounts:
Unauthorized control and manipulation of critical systems.
Complete compromise of the system’s integrity.
Weak Configurations
Errors:
Bugs or misconfigurations leading to unintended vulnerabilities.
Exploitable loopholes for attackers.
Weak Configurations
Weak Encryption:
Exposure of sensitive data during transmission or storage.
Eavesdropping and data theft.
Weak Configurations
Unsecure Protocols:
Use of outdated or insecure communication protocols.
Potential for interception and manipulation of data.
Weak Configurations
Default Settings:
Use of default configurations that may have known vulnerabilities.
Easy targets for automated attacks.
Weak Configurations
Open Ports and Services:
Unauthorized access to systems through open ports.
Exploitable services leading to compromise.
Third-party Risks
System Integration:
Integration flaws leading to vulnerabilities in the overall system.
Compatibility issues that could be exploited.
Third-party Risks
Vendor Management:
Dependence on third-party vendors who may have their security vulnerabilities.
Lack of control over the security practices of external entities.
Third-party Risks
Lack of Vendor Support:
Unsupported or obsolete software with unpatched vulnerabilities.
Limited assistance in case of security incidents.
Third-party Risks
Supply Chain:
Compromised components introduced during the supply chain process.
Malicious modifications to hardware or software.
Third-party Risks
Outsourced Code Development:
Security vulnerabilities introduced by external developers.
Limited visibility and control over the development process.
Third-party Risks
Data Storage:
Insecure storage practices by third-party providers.
Potential for data exposure or leakage.
Improper or Weak Patch Management
Firmware, OS, and Applications:
Failure to apply patches promptly exposes systems to known vulnerabilities.
Increased risk of exploitation.
Legacy Platforms
Lack of Support:
Unsupported systems are not receiving security updates.
Proliferation of vulnerabilities with no resolution
Impacts
Data Loss:
Loss or corruption of sensitive data.
Financial and legal consequences.
Impacts
Data Breaches:
Unauthorized access to confidential information.
Reputational damage.
Impacts
Data Exfiltration:
Theft and unauthorized transfer of sensitive data.
Loss of intellectual property.
Impacts
Identity Theft:
Unauthorized use of personal information.
Financial and legal repercussions for individuals.
Impacts
Financial Impact:
Costs associated with addressing security incidents.
Loss of revenue due to downtime or reputational damage.
Impacts
Reputation:
Erosion of trust among customers and stakeholders.
Long-term damage to the brand.
Impacts
Availability Loss:
Disruption of services leading to downtime.
Impaired business operations.
