8. Identify cyber security vulnerabilities (AC 2.1)

There are countless number of different types of vulnerabilities. Let's look at four of the most common ones. Network vulnerabilities Unpatched Software: Software developers regularly release updates to fix security flaws. If organisations fail to update, attackers can take advantage of this and exploit known vulnerabilities. System misconfigurations: Default settings in systems and applications can be insecure. Attackers can easily exploit those. It's important to change the configurations of software to prevent unauthorised access. Weak credentials: Passwords like 'qwerty' or '123456' are too simple and are easy targets to attackers using automated tools such as Jack the Ripper. Strong password policy and multi factor authentication are a must in this age and age. Trust relationships: Systems often trust each other, if one is breached, other are usually compromised too. It's crucial to regularly review and manage these trust relationships. Missing/poor encryption: Data in transit or data at rest can be breached by attackers. Encryption ensures that even if the attacker find the data, they won't be able to read them. Zero-day attacks: Those happen to software or hardware after they are released to the public. The vulnerability isn't known to the vendor of the product and "there is no fix or patch to fix the problem. It is called zero-day because the people who make or sell the product have "zero days" to make a fix for it the problem." SQL Injection: This is done by inserting malicious code into queries, such as a search box. Through this, attackers can gain unauthorised access to databases, when there, they can alter data unlawfully. To avoid this, you need to use Input sanitation, this will ensure that applications properly validate and sanitise input. Cross-site scripting(XSS): Attackers inject malicious scripts into trusted websites, this then runs on other user's browsers. This can allow the attacker to steal sensitive information or manipulate website content. To prevent this, developers must anticipate this and when users type in text, it isn't malicious and that if it is malicious script, that the website doesn't execute it. Phishing, web, ransomware: These techniques are used to trick people into unknowingly helping them carry out harmful actions. Usually by running some malicious code, this will compromise a system, account or a session. Compromised credentials: If you're not using secure way of communicating, such as https, you risk an intercept by attackers. They can extract your username and password. Malicious insider: Trusted individual with access to critical system can misuse their privileges. Strict access controls and monitoring user activities are vital in detection and prevention of insider threats. System vulnerabilities Weak segmentation: You can divide a network into segments or subnets, this helps to control the flow of traffic and limits an attacker's movement, should they breach one segment. Each segment/subnet works as its own small network. The vulnerability part in this is when your network isn't segmented properly. Attackers can gain access to all of the system. Cloud vulnerabilities Account hijacking: This is when an attacker steals user's login details and gain control of their account. This can happen through various techniques like phishing, keylogging, buffer overflow attack, and XSS attacks. Insecure application user interfaces (APIs): APIs is like a messenger that handles communication between different software programs. APIs are a major component in cloud computing, as it allows various different applications and system to work together seamlessly. If an API isn't secured, attacker can exploit it. They can "compromise or steal sensitive and private data" On premises and physical vulnerabilities Attackers gaining access to you physical site can cause serious damage. The attacker can look for passwords, access computers or leave infected memory sticks lying about, hoping someone will pick them up and use them.