1. We used the National Vulnerability Database. Select a recent vulnerability from that Database and analyse it from the following aspects:
- Criticality level
- Impact including CVSS Score. Additionally, explain the purpose of using CVSS scores.
- Proposed Solution
- Which of the Australian DSD '35 Strategies can be applied to mitigate the vulnerability.
Include valid explanations for your answer.
Ensure that you also provide a detailed description of the vulnerability.
2. Search a number of antivirus companies' (e.g. Symantec, McAfee, Kaspersky, F-Secure, AVG, BitDefender, Webroot, ESET, G-Data, Avira) websites. Find at least four sites that offer malware listings, and compare the latest malware lists. Discuss how descriptive they are, which site is the most informative and up-to-date, what is the time difference between the sites' lists?
3. Select a recent vulnerability from an antivirus company's database, and analyse it from the same aspects as in question 1.
4. Select three recent, different threats from an antivirus company's database. Describe for each
(i) how it spreads (attack strategy)
(ii) The target of malicious activity (information, resource etc)
(iii) The way of hiding inside the victim's computer.
To support your arguments
- provide screen-dumps for each question (maximum four screen dumps per question; each screen dump must be large enough to read the text)
- provide references (URLs) when you use information from different sources.