This chapter covers the third objective of Domain 2.0, Threats, Vulnerabilities, and Mitigations of the CompTIA Security+ exam.

In this chapter, we look at the various types of cybersecurity vulnerabilities—namely, applications, operating systems, and web-based vulnerabilities, as well as different types of hardware and cloud-specific vulnerabilities. The final sections of this chapter will explore the potential dangers of using third-party suppliers and mobile devices within your organization.

This chapter will give you an overview of why companies rely on these processes to keep their environment safe, ensuring you are prepared to successfully answer all exam questions related to these concepts for your certification.

Note

A full breakdown of Exam Objective 2.3 will be provided at the end of the chapter.

Delving into the world of software vulnerabilities, we encounter memory injection, buffer overflow, and race conditions. These intricate weaknesses can be exploited by those with malicious intent. Time-of-check (TOC) and time-of-use (TOU) vulnerabilities add another layer of complexity, posing threats to the timing of operations. Additionally, the unsettling potential of a malicious update casts doubt on the very trust we place in software systems. Let’s look at each of these software vulnerabilities in turn:

• Memory injection: These attacks involve the secret insertion of malicious code into a program’s memory space, allowing attackers to exploit vulnerabilities to gain unauthorized access or execute arbitrary commands. Legitimate applications may be susceptible to exploitation and allow attackers to leverage vulnerabilities for unauthorized access, or the execution of arbitrary commands.

This vulnerability can be exploited by...

An OS-based vulnerability attack occurs when hackers exploit weaknesses within the core software that manages a device’s hardware and software resources. These vulnerabilities can emerge from flaws in the OS’s code, design, or configuration. Adversaries might target these weaknesses to gain unauthorized access, disrupt operations, or extract sensitive data from a system.

A prime example is the BlueKeep vulnerability that affected Microsoft Windows systems. This exploit allowed attackers to infiltrate unpatched systems remotely, compromising 1 million devices. The realm of OS-based vulnerabilities is one of both opportunity and risk—a place where defenders strive to fortify the foundation of our digital lives, while adversaries seek to exploit its hidden crevices.

In the interconnected world of the internet, web-based vulnerabilities serve as gateways for digital intruders. Among these vulnerabilities, two prominent threats stand out: Structured Query Language Injection (SQLI) and Cross-Site Scripting (XSS). These cunning exploits target the fabric of websites and online applications, allowing attackers to manipulate databases through flawed inputs in the case of SQLI or inject malicious scripts into websites with XSS. As we delve into the intricacies of these web-based vulnerabilities, we uncover the unseen dangers that can compromise our digital experiences:

• SQLI: SQLI is a type of cyberattack that occurs when an attacker exploits vulnerabilities in a website or an application’s input fields to manipulate the SQL queries executed on the backend database. These attacks can lead to unauthorized access, data breaches, and even the compromise of an entire system. SQLI works as follows:
  1. Input fields: Many...

Hardware vulnerabilities, despite their intricacies, can be mitigated through proactive measures. Rigorous testing during the design and manufacturing phases is crucial. Employing techniques, such as fuzz testing and vulnerability assessments, can help identify potential weaknesses before they are exploited. Regular firmware updates that address security flaws are essential, as they provide a line of defense against evolving threats. Collaborative efforts between hardware manufacturers and security experts can lead to stronger defenses.

These vulnerabilities can take several forms, including the following:

• Vulnerabilities in firmware: Firmware acts as the bridge between hardware and software, controlling the low-level operations of a device. Vulnerabilities in firmware can provide attackers with opportunities to manipulate or compromise a system’s functionalities. Attack vectors may include outdated firmware, inadequate security measures during...

Virtualization allows multiple virtual machines (VMs) to run on a single physical server, optimizing resource utilization, enhancing flexibility, and streamlining IT operations. However, like any technology, virtualization also introduces vulnerabilities that require careful consideration to ensure the security and stability of systems. This section explains the vulnerabilities associated with virtualization and the strategies to mitigate these vulnerabilities. These include the following:

• VM escape: While virtualization is designed to isolate VMs, the hypervisor (that is, the essential software managing these VMs) introduces an unexpected challenge. It can unintentionally create a path for lateral movement, known as moving east to west, and enable potential attackers to move from a secluded VM to the host system or other interconnected VMs. Vulnerabilities within the complex code of the hypervisor can serve as an avenue for unauthorized data...

As businesses harness the power of cloud computing, there is a risk of criminals exploiting the cloud for financial gain. This section covers cloud vulnerabilities, exploring their complexities and providing strategies to strengthen digital security by addressing these weaknesses, as follows:

• Risk of shared tenancy: When utilizing public cloud services, “shared tenancy” comes into play. This concept refers to multiple customers sharing the same physical infrastructure, where each customer operates within their own isolated virtual environment. If the customer does not secure its data properly, then that could lead to a side-channel attack where another tenant has access to their data inadvertently. If not managed carefully, security breaches or data leaks in one tenant’s environment could inadvertently impact others, underlining the importance of robust security measures and isolation mechanisms to maintain the integrity and...

A supply chain is a network of organizations, people, activities, and resources involved in producing and delivering goods or services to customers. Modern business operations often rely on a supply chain that encompasses service providers, hardware manufacturers, and software vendors. While this interconnected network enhances efficiency and innovation, it also introduces vulnerabilities that can have far-reaching consequences. This section covers the vulnerabilities associated with service, hardware, and software providers in the supply chain, highlighting potential risks and proposing strategies to fortify the foundation of business operations, as follows:

• Service provider vulnerabilities: As businesses increasingly outsource various functions to service providers, the reliance on external entities for critical services creates exposure. Poorly managed third-party relationships can result in lapses in security controls, leading to data breaches...

Cryptographic vulnerabilities, specifically weaknesses within certificates and encryption, require thorough evaluation and scrutiny. This section will examine these vulnerabilities, highlight potential risks, and suggest strategies to bolster our defenses, as outlined here:

• Certificate authority (CA) compromise: The digital world relies on CAs to issue digital certificates. If a CA is compromised, attackers can generate fraudulent certificates, leading to the interception of encrypted communications and the potential for widespread breaches.
• Key compromise: Cryptographic systems are only as strong as their keys. A key can be compromised due to theft, weak generation, or poor key management, leading to unauthorized data access, manipulation, or decryption.
• Flawed implementation: Even the most robust cryptographic algorithms can be undermined by flawed implementation. Poorly coded encryption routines and weak key management can create openings...

As we are now in a world of interconnected devices, including firewalls, switches, routers, web servers, as well as handheld devices, laptops, computers, and firewalls, our reliance on interconnected systems has reached unparalleled heights. The vulnerabilities stemming from misconfigured IT systems, network devices, and firewalls can open doors for cybercriminals, leading to data breaches, financial losses, and reputational damage. These misconfigurations can stem from human oversight, the complexity of configurations, a lack of expertise, and pressure to deploy services quickly. In this section, we will delve into the intricacies of these vulnerabilities and highlight the importance of secure configuration practices. Here, we will look at each device and the vulnerabilities they throw up:

• Network devices: Network devices, such as routers, switches, and access points, play a critical role in managing data traffic within an organization’...

Mobile devices have seamlessly integrated into our modern lives, serving as essential conduits to communication, information, and entertainment. However, this convenience comes hand in hand with vulnerabilities that can compromise our digital security. This section addresses significant threats to mobile device security, which include the following:

• Jailbreaking: Jailbreaking applies specifically to Apple devices and allows users to bypass manufacturer or operating system restrictions, providing more control over the device. This is commonly known as unlocking a device. This freedom, however, exposes the device to significant security risks.
• Rooting: Rooting allows users to bypass manufacturer or operating system restrictions on Android devices, providing more control over a device. This is commonly known as unlocking a device. This freedom, however, exposes the device to significant security risks.
• Sideloading: Sideloading is generally...

A zero-day vulnerability is like a secret passage in computer software that hackers find before the software’s creators do. It gives hackers unrestricted access to break into systems because there are no defenses or fixes known yet. Because zero-day vulnerabilities are not known, there are no patches or security tools that can detect them.

An example of this type of vulnerability (and its exploitation) was the Stuxnet virus. The Stuxnet virus originated in 2005 but went completely unnoticed until 2007, and was only identified in 2010. In that time, the virus was propagated to 14 distinct locations without detection. Four zero-day viruses were introduced to disable part of an Iranian nuclear program, allowing the attackers (a joint US/Israel operation) to monitor program operations without detection and subsequently slow the program.

This chapter covered the various types of application vulnerabilities, including race conditions, buffer overflow, and the more heavily tested web-based vulnerabilities, such as SQLI and XSS. We then looked at hardware vulnerabilities, starting with firmware updates and then EOL systems, as well as cloud virtualization and supply chain vulnerabilities, before finally reviewing mobile device vulnerabilities and the use of an MDM solution for added security.

The knowledge gained in this chapter will prepare you to answer any questions relating to Exam Objective 2.3 in your CompTIA Security+ certification exam.

The next chapter is Chapter 8, Given a scenario, analyze indicators of malicious activity.

Explain various types of vulnerabilities.

• Application vulnerabilities:
  • Memory injection: Unauthorized code inserted into a program’s memory space
  • Buffer overflow: Data exceeding allocated memory, leading to potential exploits
  • Race conditions: Conflicts arise when multiple processes access shared resources
  • TOC and TOU: Timing mismatches exploited during checks and usage
  • Malicious update: Attackers introducing harmful code through software updates
  • Operating System (OS) Vulnerabilities Web-Based Vulnerabilities: Weakness in a website or web application
  • SQL Injection (SQLI): Attackers manipulating input to exploit database vulnerabilities
  • Cross-Site Scripting (XSS): Malicious scripts injected into web pages
• Hardware vulnerabilities:
  • Firmware: Low-level software controlling hardware
  • End-of-life: Security gaps due to discontinued hardware support
  • Legacy: Older hardware with outdated security measures
• Virtualization vulnerabilities:
  • VM escape: Unauthorized breakout...

The following questions are designed to check that you have understood the information in the chapter. For a realistic practice exam, please check the practice resources in our exclusive online study tools (refer to Chapter 29, Accessing the online practice resources for instructions to unlock them). The answers and explanations to these questions can be found via this link.

1. A user has reported to the security team that they left their laptop logged in and unattended. This laptop has a certificate that they use to access the payroll application. What should the security administrator do first?
   1. Revoke the certificate for the payroll application
   2. Get the user to make a statement
   3. Add the certificate to the CRL
   4. Report the user to their line manager
2. After some routine checks of a company’s virtual network, three rogue virtual machines were found connected to the network. These machines were overutilizing resources. What should be done to prevent this...