Attacks/Encryptions/Regs CEH 2.5

Hacker intercepts communications between a user's web browser and a server and is able to decrypt the information.

An attacker making a computer talk to another computer very, very slow to draw out a conversation.

Leverages weaknesses in web servers that accepts deprecated SSL protocols, allowing an attacker to decrypt sensitive information.

Targets an LTE network and intercepting information between a mobile device and the network tower.

Attacker gains access to Hard Coded Keys used in a Random Number generator (RNG) and can use them to compromise communications.

Android application that is known for its use in demonstrating security vulnerabilities rather than for malicious purposes

Attacker collects information by sending a deauthentication message that will cause a device to send a reauthentication request to a server.

A malicious software program that attempts to replicate itself onto other programs.

an attacker uses a cryptographic attack that exploits information gained from padding errors in an encryption system.

A vulnerability that allows and attacker to jailbreak an IOS device and install Pegasus Software.

Medium

Critical

High

None

Low

U.S. law that addresses the protection of consumers' personal financial information held by financial institutions. It requires institutions to establish privacy and security programs to safeguard sensitive financial data.

a set of security standards designed to ensure the secure handling of credit card information during transactions. It applies to organizations that process, store, or transmit credit card data and aims to prevent data breaches and theft of cardholder information.

U.S. federal law enacted to enhance corporate governance and financial reporting transparency. It establishes requirements for financial reporting, internal controls, and the accountability of corporate officers to prevent fraudulent activities.

U.S. government program that standardizes the security assessment, authorization, and continuous monitoring processes for cloud products and services. It aims to ensure that cloud solutions used by federal agencies meet specific security standards.

federal law that defines a comprehensive framework to protect government information, operations, and assets. requires Federal agencies to develop and maintain security programs.

attacker sends unsolicited messages or business cards to Bluetooth-enabled devices within range, typically appearing as pop-up messages on a device.

attack that involves unauthorized access to a device's data, such as contacts, calendars, emails, and other stored information.

exploits vulnerabilities in the Bluetooth protocol to gain control over the targeted device allowing unauthorized monitoring and control features.