Computer security exploits

type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code

ransomware cyberattack

Heartbleed is a security bug in some outdated versions of the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. It was introduced into the software in 2012 and publicly disclosed in April 2014. Heartbleed could be exploited regardless of whether the vulnerable OpenSSL instance is running as a TLS server or client. It resulted from improper input validation (due to a missing bounds check) in the implementation of the TLS heartbeat extension. Thus, the bug's name derived from heartbeat. The vulnerability was classified as a buffer

anomaly in computer security and programming that could be exploited as a security vulnerability

software, data or commands that use a bug or vulnerability to compromise a computer system

application designed to probe for open ports

Pharming is a cyberattack intended to redirect a website's traffic to another, fake site by installing a malicious program on the victim's computer in order to gain access to it. Pharming can be conducted either by changing the hosts file on a victim's computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving Internet names into their real IP addresses. Compromised DNS servers are sometimes referred to as "poisoned". Pharming requires unprotected access to target a computer, such as altering a customer's home computer, rather tha

situation in computer system that occurs when multiple processes try to access a common resource

content of a message excluding headers and metadata

a list of publicly known cybersecurity vulnerabilities

thumb|upright|A free public Wi-Fi access point in 2007

realization of a certain method or idea in order to demonstrate its feasibility

series of documents released by WikiLeaks in 2017

security bug in the Unix Bash shell

in programming, a condition that occurs when an arithmetic operation attempts to create a numeric value that is outside of the range that can be represented with a given number of digits

EternalBlue is computer exploit software developed by the U.S. National Security Agency (NSA). It is based on a zero-day vulnerability in Microsoft Windows software that allowed users to gain access to any number of computers connected to a network. The NSA was aware of this vulnerability but did not disclose it to Microsoft for several years, as it intended to use the exploit as part of its offensive cyber operations. In 2017, the NSA discovered that the software had been stolen by a group of hackers known as the Shadow Brokers. Microsoft might have been informed of this and released security

form of criminal phone fraud, using social engineering over the telephone system to gain access to private personal and financial information for the purpose of financial reward

thumb|An FBI SWAT team during training

Log4Shell (CVE-2021-44228) is a vulnerability reported in November 2021 in Log4j, a popular Java logging framework, involving arbitrary code execution and exploited as a zero-day vulnerability. The vulnerability had existed unnoticed since 2013 and was privately disclosed to the Apache Software Foundation, of which Log4j is a project, by Chen Zhaojun of Alibaba Cloud's security team on 24 November 2021.

computer security exploit technique that manipulates the call stack to hijack control flow

control character whose bits are all 0

cyberattack in which corrupt DNS data is introduced into the DNS resolver's cache, causing the name server to return an incorrect result record, e.g. an IP address, diverting traffic to the attacker

pointer that does not point to a valid object

KRACK ("Key Reinstallation Attack") is a replay attack (a type of exploitable flaw) on the Wi-Fi Protected Access protocol that secures Wi-Fi connections. It was discovered in 2016 by the Belgian researchers Mathy Vanhoef and Frank Piessens of the University of Leuven. Vanhoef's research group published details of the attack in October 2017. By repeatedly resetting the nonce transmitted in the third step of the WPA2 handshake, an attacker can gradually match encrypted packets seen before and learn the full keychain used to encrypt the traffic.

unintended download of computer software from the Internet, either ① which a person has authorized but without understanding the consequences or ② download that happens without a person's knowledge, often a computer virus, spyware, malware

backdoor discovered in 2024

state of being protected from memory access bugs

feature of an operating system that loads shared libraries and links them with a runnable software unit

thumb|Warchalking symbols Warchalking is the drawing of symbols in public places to advertise an open Wi-Fi network. Inspired by hobo symbols, the warchalking marks were conceived by a group of friends in June 2002 and published by Matt Jones who designed the set of icons and produced a downloadable document containing them. Within days of Jones publishing a blog entry about warchalking, articles appeared in dozens of publications and stories appeared on several major television news programs around the world.

POODLE (which stands for "Padding Oracle On Downgraded Legacy Encryption") is a security vulnerability which takes advantage of the fallback to SSL 3.0. If attackers successfully exploit this vulnerability, on average, they only need to make 256 SSL 3.0 requests to reveal one byte of encrypted messages. Bodo Möller, Thai Duong and Krzysztof Kotowicz from the Google Security Team discovered this vulnerability; they disclosed the vulnerability publicly on October 14, 2014 (despite the paper being dated "September 2014"). On December 8, 2014, a variation of the POODLE vulnerability that affected

type of computer exploit where an attacker abuses the functionality of a server causing it to access or manipulate information in the realm of that server that would otherwise not be directly accessible to the attacker

Computer security exploit

computer security attack in which a subroutine return address on a call stack is replaced by an address of a subroutine already present in executable memory, bypassing the no-execute bit

Mimikatz is both an exploit on Microsoft Windows that extracts passwords stored in memory and software that performs that exploit. It was created by French programmer Benjamin Delpy and is French slang for "cute cats".

type of buffer overflow

Wardialing (or war dialing) is a technique to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for modems, computers, bulletin board systems (computer servers) and fax machines. Hackers use the resulting lists for various purposes: hobbyists for exploration, and crackers—malicious hackers who specialize in breaching computer security—for guessing user accounts (by capturing voicemail greetings), or locating modems that might provide an entry-point into computer or other electronic systems. It may also be used by security personnel, for

computer security attack against language-processing systems

software anomaly

software bug in Android

computer security vulnerability

a possible danger that might exploit a computer vulnerability to breach security and therefore cause possible harm

type of software vulnerability

cyclical practice of identifying, classifying, prioritizing, remediating, and mitigating software vulnerabilities

type of computer security attack that creates a capability to transfer information objects between processes that are not supposed to be allowed to communicate

message warning the recipients of a non-existent computer virus threat

Standards for public safety digital mobile radio used in North America

software security technique

attack in which invalid entiries are placed into a cache

series of cyberattacks exploiting Microsoft's email and calendar server software

type of computer security exploit

thumb | right DoublePulsar is a backdoor implant tool developed by the U.S. National Security Agency's (NSA) Equation Group that was leaked by The Shadow Brokers in early 2017. The tool infected more than 200,000 Microsoft Windows computers in only a few weeks, and was used alongside EternalBlue in the May 2017 WannaCry ransomware attack. A variant of DoublePulsar was first seen in the wild in March 2016, as discovered by Symantec.

ethical vulnerability disclosure model in which a vulnerability or an issue is withheld from public disclosure until it has been patched or after a period of time

class of software bugs

BlueKeep () is a security vulnerability that was discovered in Microsoft's Remote Desktop Protocol (RDP) implementation, which allows for the possibility of remote code execution.

computer-related activity

Cloudbleed was a Cloudflare buffer overflow disclosed by Project Zero on February 17, 2017. Cloudflare's code disclosed the contents of memory that contained the private information of other customers, such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. As a result, data from Cloudflare customers was leaked to all other Cloudflare customers that had access to server memory. This occurred, according to numbers provided by Cloudflare at the time, more than 18,000,000 times before the problem was corrected. Some of the leaked data was cached by search engines.

Bluetooth vulnerability, an attack vector

security vulnerability in the way some versions of the Microsoft Windows operating system handled images in the Windows Metafile format

Cyber attack management for Metasploit

process by which potential threats, such as structural vulnerabilities can be identified, enumerated, and prioritized – all from a hypothetical attacker’s point of view