Common Vulnerabilities and Exposures (CVE)

Common Vulnerabilities and Exposures (CVE) is a publicly listed catalog of

known security threats. The catalog is sponsored by the United States Department
of Homeland Security (DHS), and threats are divided into two categories:
vulnerabilities and exposures.

Its cumbersome name notwithstanding, the CVE is simply a list of known

cybersecurity vulnerabilities. To qualify for addition to the CVE, a vulnerability or
flaw must be fixable independently of other flaws, acknowledged by a vendor to
have a negative impact on security (currently or sometime in the future) and it
must affect only one codebase (i.e., one product).

The list, which is maintained by the MITRE Corporation and supported by DHS's
Cybersecurity and Infrastructure Security Agency (CISA), identifies, defines and
publicly discloses cybersecurity vulnerabilities. This information can help
enterprise security teams to better understand their organization's threat landscape
and implement appropriate controls to mitigate known threats.

All publicly known cybersecurity vulnerabilities in the CVE contain an

identification number (CVE ID), a description and one or more public references.
Hundreds or thousands of CVE IDs are issued every year to account for the
number of new vulnerabilities that are discovered each year.
Security Configuration Management

Security configuration management identifies misconfigurations of a system’s

default settings. Misconfigurations can lead to a host of problems, including poor
system performance, noncompliance, inconsistencies, and security vulnerabilities.

In routers or operating systems, for example, manufacturers often set the default
configurations with predefined passwords or pre-installed applications. Accepting
easily exploitable default settings can make it easy for attackers to gain
unauthorized access to an organization’s data and has the potential to cause
catastrophic data loss.

Specialized configuration management tools allow security teams to understand

what’s changing in their key assets and detect a breach early. These tools typically
perform the following tasks:

• Classify and manage systems

• Modify base configurations

 • Roll out new settings to applicable systems

• Automate patches and updates

• Identify problematic and noncompliant configurations

• Access and apply remediation

• Planning. This step involves developing policies and procedures for

incorporating security configuration management into existing IT and other
security programs and then disseminating this guidance throughout the
organization.

• Identifying and implementing configurations. Creating, reviewing,

approving, and implementing a secure baseline configuration for the system
is critical. The approach may address configuration settings, software loads,
patch levels, the physical or logical arrangement of data, security control
implementation, and documentation.

• Controlling configuration changes. Organizations ensure that changes are

formally analyzed for their impact on security — and later tested and
approved prior to implementation. Organizations may employ a variety of
restrictions on making changes to limit unauthorized or undocumented
updates to the system.

• Monitoring. This phase identifies previously undiscovered or

undocumented system components, misconfigurations, vulnerabilities, and
unauthorized changes — all of which can expose organizations to increased
risk. Automated tools help organizations to efficiently identify when the
system is not consistent with the approved baseline configuration and when
remediation actions are necessary.

What is Virtualized Security

Virtualized security is a software which refers to the implementation of security

measures and policies within a virtual environment or infrastructure, such as
virtual machines, servers, and networks. It involves using of software-based
security solutions that can monitor and protect these virtual systems from threats
and attacks, much like physical security does for traditional hardware-based
environments. This approach allows for more flexible and scalable security
management in cloud and virtualized data centers.

Working of Virtualized Security

Virtualized security is like a digital guard for the virtual world, such as cloud
services and virtual machines. It blends into the virtual setup, acting like an
invisible shield that keeps each part safe. Instead of watching over just one
computer or server, it oversees the whole virtual landscape, spotting and stopping
dangers.
This security type is smart and can handle lots of virtual spaces at once. It watches
the data moving around in these spaces to catch any harmful activity, like viruses
or hackers. When it finds something bad, it acts quickly to block it, keeping every
part of the virtual environment safe.
Virtualized security is also flexible, growing or shrinking to match the size of the
virtual area it needs to protect. It’s always on duty, ensuring that even as the virtual
world changes, safety is a constant. Also, it helps keep the stored data safe, using
tools like encryption to lock away information so only the right people can see it.
Types of Security Virtualization
Security virtualization can come in different forms, vecurity virtualization is a type
of sandboxing technique where VMs are isolated from each other and are
individually guarded against viruses, external malware and other threats. The types
of virtualization include:
• Server virtualization
• Desktop virtualization
• Storage virtualization
• Network virtualization
• Application virtualization

Server Virtualization
This splits one physical server into several virtual servers. Each one acts like a
separate computer, running its own operating system and applications. This setup
increases efficiency, saves space, and reduces costs.
Desktop Virtualization
It separates the desktop environment from the physical device. You can access
your desktop, with all its apps and files, from any device, like a PC, laptop, or
tablet. This offers flexibility and secure remote access.
Storage Virtualization
This combines multiple physical storage units into one virtual storage device. It’s
like putting different hard drives together to make a single, big storage space. This
makes managing storage easier and can improve performance and data backup.
Network Virtualization
This type creates a virtual version of a physical network. It allows you to split one
physical network into many separate, independent networks. This can enhance
security, speed up data transfer, and help manage network resources better.
Application Virtualization
This lets you run applications on a device without actually installing them on that
device. The application runs on a server, and you can use it on your device like it’s
right there. This method makes application management and deployment easier
and more secure.

Disadvantages Virtualized Security (Risks)

• Shared Resources: In a virtualized environment, resources like CPU, memory,
and storage are shared among multiple virtual machines. If one VM is
compromised, it can potentially impact the security of others sharing the same
physical host.
• Complexity: The complexity of virtualized systems can increase the risk of
configuration errors, making the environment more vulnerable to attacks.
Properly securing a virtualized environment requires a thorough understanding
of both virtualization technology and security principles.
• Hypervisor Vulnerabilities: The hypervisor, which creates and runs virtual
machines, is a critical component in virtualization. If the hypervisor has
vulnerabilities, it can be exploited to gain control over the entire virtualized
environment.
• Visibility and Control: Traditional security tools may not have full visibility
into the virtualized components, leading to gaps in monitoring and control that
attackers can exploit.
• Insider Threats: With virtualization, administrative access is more powerful.
Insiders with malicious intent or negligent actions can cause significant damage
or breaches.
• Dynamic and Elastic Nature: The ability to quickly spin up and down virtual
machines can be exploited by attackers to create transient attack vectors that are
hard to trace and mitigate.
 What is Mobile Security

Mobile security, which refers to the protection of mobile devices against

cybersecurity threats, is a top-of-mind concern for today’s companies due to the
growing use of mobile devices for business purposes. As remote workers access
corporate data and applications using untrusted mobile devices, companies require
an easy-to-use solution that protects their data without negatively impacting
employee productivity.

Components of a Mobile Security Solution

Mobile security is complex because of the large number of potential attack vectors
– devices can be targeted at multiple levels:

• Applications: Malware can be developed and deployed as malicious apps that

users unwittingly install on their devices. Mobile security solutions should be able
to detect and block downloads of these malicious apps.

• Network: Mobile devices and the legitimate apps that run on them can be targeted
at the network level. Man-in-the-Middle, phishing, and other attacks take
advantage of network connectivity to steal data or deliver malicious content.
Mobile security involves blocking these network-level attacks.

• OS: Both iOS and Android operating systems can contain exploitable
vulnerabilities, which are used for jailbreaking/rooting devices either by users or
by malware. This provides an attacker with advanced permissions on the device,
breaking its security model. Mobile security incorporates real-time risk
assessments, configuration monitoring, and other tools to detect exploitation of
device vulnerabilities.
 Top Threats to Mobile Security

Mobile devices suffer from a number of potential cyber threats. Some of the most
common and impactful include:

• Malicious Apps and Websites: Mobile devices can have mobile malware
installed on them and access malicious online content.

• Mobile Ransomware: Mobile ransomware is one type of malicious app that is

becoming more common and impactful as more valuable and sensitive data is
stored on mobile devices.

• Phishing: Mobile devices have access to a number of different communications

media – email, SMS, social media, etc. – making them an ideal platform for
performing phishing attacks that steal data or carry malicious content.

• Man-in-the-Middle Attacks: Mobile communications do not always use secure

technologies, making them vulnerable to interception for eavesdropping or
modification of data.

• Advanced Jailbreaking and Rooting Techniques: Jailbreaking and rooting

provide elevated permissions on a mobile device, enabling an attacker to take a
greater range of malicious actions.

• OS Exploits: Like any other software, mobile operating systems can contain
exploitable vulnerabilities that place them and their users at risk.

Effective Mobile Security

• Protection vs. Productivity? The belief that business productivity and security are
at odds is a common misconception. As a result, some organizations may choose
not to implement strong mobile security in an attempt to protect business
productivity.
• Protection vs. Privacy? Strong cybersecurity requires visibility into potential
threats, but mobile devices can also carry personal data, such as photos, videos,
and more. The need to balance privacy and security can make finding a mobile
security solution difficult.

• Can MDM Really Protect? Mobile device management (MDM) solutions are a
tool designed to enable remote monitoring and management of mobile devices.
However, they do not offer robust cybersecurity protections. The common
misconception that MDM is sufficient for security decreases mobile protection and
can block deployment of strong mobile security solutions.

Android security features

Use the features described in this section to make the Android devices you develop
as secure as possible.
Application Sandbox

The Android platform takes advantage of the Linux user-based protection to

identify and isolate app resources. To do this, Android assigns a unique user ID
(UID) to each Android app and runs it in its own process. Android uses this UID to
set up a kernel-level Application Sandbox.
App signing

App signing allows developers to identify the author of the app and to update their
app without creating complicated interfaces and permissions. Every app that runs
on the Android platform must be signed by the developer.
Authentication

Android uses the concept of user-authentication-gated cryptographic keys that

requires cryptographic key storage and service provider and user authenticators.
On devices with a fingerprint sensor, users can enroll one or more fingerprints and
use those fingerprints to unlock the device and perform other tasks. The
Gatekeeper subsystem performs device pattern or password authentication in a
Trusted Execution Environment (TEE).
Android 9 and higher includes Protected Confirmation, which gives users a way to
formally confirm critical transactions, such as payments.
Biometrics

Android 9 and higher includes a BiometricPrompt API that app developers can use
to integrate biometric authentication into their apps in a device- and modality-
agnostic fashion. Only strong biometrics can integrate with BiometricPrompt.
Encryption

Once a device is encrypted, all user-created data is automatically encrypted before

committing it to disk and all reads automatically decrypt data before returning it to
the calling process. Encryption ensures that even if an unauthorized party tries to
access the data, they can't read it.
Keystore

Android offers a hardware-backed Keystore that provides key generation, import

and export of asymmetric keys, import of raw symmetric keys, asymmetric
encryption and decryption with appropriate padding modes, and more.
Security-Enhanced Linux

As part of the Android security model, Android uses Security-Enhanced Linux

(SELinux) to enforce mandatory access control (MAC) over all processes, even
processes running with root or superuser privileges (Linux capabilities).

What is a digital wallet and how does it work?

A digital wallet is an app that stores your credit, debit and gift card information so
you can make purchases with your mobile device. You can use digital wallet apps
like PayPal™, Google Pay™, Samsung Pay™ or Apple Pay® on phones and smart
watches. The cards uploaded to your device will still have the same reward points
and capabilities as your physical cards, so don't worry about being short-changed.
To make an in-store purchase, check for your digital wallet's logo at the point-of-
sale (POS) system, open your wallet app, choose a card and then tap your device at
the POS terminal. That's it, you're done.
 Are digital wallets safe
In short, digital wallets are safe, offering multiple layers of protection for every
transaction.

At the first level, each transaction made using a digital wallet is protected through
a technology called tokenization. This process encodes your debit and credit card
details, so the numbers are never shared with a merchant. So if a retailer gets
hacked, your credit or debit card number won't be compromised. This saves you
the hassle of having to cancel your cards and get new account numbers in the event
of a data breach.
At the next level, digital wallets have an additional layer of payment permission
required when you want to make a transaction. Some wallets use biometric data
like a fingerprint or facial recognition to confirm it's really you making the
transaction.

Finally, digital wallet apps are designed to only interact with specific apps on your
phone. This isolation can prevent malware that may affect other apps on your
phone from infiltrating your wallet and stealing your financial information.

5 Simple steps to use a digital wallet

It's easy to set up a digital wallet and start using one for your day-to-day
transactions. To demonstrate how simple the process is, here's how to add your
Citizens debit and credit card to a digital wallet and make a transaction:

1. Log in to the Citizens mobile app. If you don’t have the Citizens app yet, you can
find it in the app store or download it here.
2. Go to Manage Cards
3. Choose the card you want to add
4. Click Manage Digital Wallets
5. Add your card to a digital wallet
You’re ready to use your digital wallet at checkout!

When shopping in-store, you'll open your app, select your Citizens debit or credit
card and hold your phone close to the payment terminal or card reader. When
prompted, you'll complete the security steps to finalize your payment.

If you've enabled transaction alerts within your mobile app, you'll get a banner
notification showing your recent purchase and amount.
Pros and cons of using a digital wallet
Digital wallets put purchasing power in your pocket — even if you leave your
wallet at home. However, they have drawbacks in some situations.

Digital wallet pros

Safety: Digital wallets protect your account information, making it difficult for
fraudsters to access your sensitive financial information.

Convenience: Digital wallets give you access to multiple ways to pay with the
touch of a button.

No more "I forgot my wallet": Whether your bag is in the car or your debit card
or credit card is in your other pants, mobile wallets make it possible to pay if you
have your phone.

Get cash without your card: Most ATMs now have a cardless transaction option,
making it easy to get cash or make a deposit by authenticating using your digital
wallet.

View recent digital wallet card transactions: Easily see your transactions right in
your digital wallet! Just click on your card and your most recent digital wallet
transactions will appear.

Digital wallet cons

Merchant availability: Your ability to use a digital wallet depends on whether a

retailer offers contactless payment methods as an option.

User frustrations: To use the digital wallet, you need to validate your identity
using your phone's biometric ID verification features, which could slow down your
payment efforts.

Secure co-processors
the primary motivation for using a secure coprocessor is to create a protected
environment, separate from the operating system's CPU, in which applications
requiring high security can operate. Not only does this approach allow the use of
hardware-based encryption, encapsulated keys, and the protection of data and
program information from external observation or interference, but it also relieves
some of the demand for computing cycles that would otherwise be placed on the
host system's CPU. Moreover, such a secure coprocessor must be able to
authenticate the applications that it is using and authenticate itself to the outside
world. It must operate with the additional constraint that the only time that the
coprocessor is in a completely known state and environment is at the time of
manufacture. It must employ a trust-inheritance process that builds upon the initial
conditions and adds authentication information about the user, the applications that
it is using, and the platform on which it is operating.

A secure coprocessor is a separate physical device, so applications that operate

external to it must be able to authenticate any data or results obtained from the
coprocessor, thereby assuring that the results have not been tampered with as they
travel from the coprocessor back out to the external environment.