Vehicular cloud computing (VCC) is an improvement from conventional cloud computing to new revolutionized computing services including intelligent transportation, autonomous driving and vehicle control, Internet browsing, online documentation, and infotainment. It enables vehicles to autonomously share heterogeneous computational resources while solving unanticipated critical problems dynamically. However, in a world of black hats, technology often has a dark side as well. Therefore, the VCC is limited by considerable security and privacy challenges. The special characteristics of VCC, including the multitenancy nature of clouds, intermittent wireless communications, high mobility of vehicles, and rapid resource elasticity with decentralized operations, have promoted security solutions used in vehicular ad hoc networks and conventional cloud computing to be revised. This paper first presents a state-of-the-art study of VCC that focuses on VCC architecture, its features analysis, and extensive VCC applications. Second, the proposed threats identification taxonomy and an exhaustive survey on security and privacy issues in VCC are presented under a layered approach: physical resource layer, vehicle-to-anything (V2X) network layer, and vehicular cloud layer, as well as at a complete system level. Finally, we highlight and discuss challenges and open research issues that can be considered as future research directions.