An actor, usually a person, who may attempt to exploit a vulnerability of an exposed system.
Questions tagged [threats]
99 questions
1
vote
0 answers
Are there any methodology for malware in case of threat assessment?
Malware is a threat in security assessment. Are there any criteria to assess malware in case of threat assessment?
![](../../users/profiles/38148.webp)
khant
- 191
- 4
1
vote
2 answers
How to check if a software is legitimate
if I have a developer who wants to install a new software and he ask me to check this software security before installing it what shall I do
![](../../users/profiles/8385.webp)
P3nT3ster
- 877
- 7
- 10
1
vote
2 answers
Do we still refer to a threat as a threat once it has been realised?
A threat is defined as something that might do harm but once a threat happens do we still refer to it as a threat?
For instance, if malware infects our computer, do we still refer to the malware as a threat?
![](../../users/profiles/114146.webp)
yusuf
- 75
- 3
1
vote
2 answers
Is broadcasting your Windows computer name a vulnerability?
Some software I'm using sends out bug reports occasionally. The bug reports contain a fair bit of information. I'm concerned about some of the user identifiable information in the bug report. In particular:
>> computer name : JOHNSMITHCOMP
>>…
![](../../users/profiles/111916.webp)
Shannon Matthews
- 111
- 3
1
vote
2 answers
Threat Modelling Examples (Distributed Systems)
I have threat modelled applications in the past, but I'd like to threat model a distributed system. However for other people I'm with, who have never done it at all, I'd like to check out some examples somewhere but I can't find any online.
Does…
![](../../users/profiles/109017.webp)
user109017
- 11
- 2
1
vote
1 answer
Location/proximity based decryption using separate machine
I read a long thread where the whole issue was revolving around deriving decryption keys from GPS location. This has huge issues, as being present at a location is not needed to know the location. Maps can give us coordinates without getting near…
![](../../users/profiles/71955.webp)
ArekBulski
- 332
- 1
- 2
- 11
1
vote
1 answer
Possible threats on the memory buffer
If an adversary could identify a buffer's capacity, what would be the possible consequences?
![](../../users/profiles/41959.webp)
Michael
- 403
- 2
- 9
0
votes
1 answer
Service traffic hijacking, how does cloud make it worse?
I read an article from CSA that they rank service traffic hijacking as the #3 threat to cloud-services. Why is it worse for the user if an attacker hijacks its service traffic on cloud? What new exploits can the attacker take advantage of in a…
![](../../users/profiles/45438.webp)
Green_qaue
- 155
- 5
0
votes
1 answer
Which is considered the first Cyber Security incident?
No matter we are talking about Information Security, or cyber security or IT security... I always hear first about "the moth" being the first security threat. But I don't believe it is when talking about cyber security.
I believe that the infamous…
![](../../users/profiles/37373.webp)
kiBytes
- 3,450
- 15
- 26
0
votes
3 answers
HTTP/HTTPS on the same site
Suppose a site allows connection to be established with HTTP or HTTPS .If you establish a connection to http://www.example.com or https://www.example.com then all further link's on the page displayed will have HTTP or HTTPS correspondingly. I…
![](../../users/profiles/40239.webp)
justtrying123
- 181
- 2
- 13
0
votes
1 answer
Where can I find a list of Indicators of Compromise (IOC) conditions?
OpenIOC.org has several schemas defining Indicators of Compromise.
The Schema is defined here:
http://schemas.mandiant.com/2010/ioc/ioc.xsd
While under IndicatorItemContext/search says it is xs:string, the actual list of search terms is listed…
![](../../users/profiles/26533.webp)
A G
- 161
- 1
- 6
0
votes
3 answers
Security concept
How do we know that the systems that we are using are secure? At what point do we have to audit the software that we use? How do unknown security threats affect software over time?
![](../../users/profiles/26117.webp)
Sdey_Triple_S
- 41
- 1
0
votes
1 answer
Static react native app security issues
I am creating a react native mobile application using Expo. This app simply renders information - there is no data collection or entry, no user accounts, no database (other than JSON storage). There is not a single input box in the entire app, it is…
![](../../users/profiles/280396.webp)
server_unknown
- 103
- 6
0
votes
2 answers
What exactly is Application.Hacktool.AMZ?
I have been using Windows Product Key Viewer for ages to read current Windows' serial number. I had never any hack- or virus-related issue about this application.
A few days ago I have installed Bitdefender and one my OneDrive started to download a…
![](../../users/profiles/11996.webp)
trejder
- 3,329
- 5
- 23
- 33
0
votes
1 answer
How to use pre-existing threat catalogue to determine if a certain system is vulnerable?
There are many risk assessment guidelines such NIST800-30 and ISO 27005 that provide a catalogue of known threats as reference. Using a qualitative approach, I selected one threat events catalogue and I tried to select the threats that are…
![](../../users/profiles/269193.webp)
NoRel
- 1
- 5