CSW Cyber Security Glossary

Active Attack

This is a type of attack where a hacker exploits a weakness in a network and changes the data on the target. Different types of active attacks can be attempted by threat actors, such as masquerade, session replay, message modification attack, Denial of Service (DoS), Distributed Denial-of-Service (DDoS), etc.    In a masquerade attack, a threat actor might pretend to be a user of a system and unauthorized access privileges. A classic example of a masquerade attack would be stealing login ids and passwords through security gaps in programs and bypassing authentication mechanism.  Session replay is a kind of an attack where the threat actor steals an authorized user's log information and its session ID. Using this, the hacker gains access thereby has the authorization to do anything on the user’s account.  A message modification attack is a form of attack where a hacker can intercept a message and send it to an entirely different destination or modify the data on a target system.  In a Denial of Service (DoS) attack, the users are prevented from accessing a network or a web resource. This attack is achieved by hitting the target with more target than it can handle and thereby disrupting its normal function.  In Distributed denial-of-service (DDoS), multiple systems that are compromised will gang up to attack a single target. This is also known as the botnet or zombie army.

Advanced Persistent Threat

A dangerous threat for enterprises where the threat actor possesses a sophisticated level of expertise to continue for an extended period within the system or network without being identified. The target of this kind of threat would be data theft, so there is no damage to the company network. The typical modus operandi of advanced persistent threat is to access the network in several phases. The first is hacking into the network without being detected, planning the attack, mapping the data, and then stealing sensitive data. There is nothing accidental about this type of attack. It is highly customized and carefully planned.

Adware

Adware is the kind of malicious software that displays unwanted advertisements to users. On most occasions, these are pop-ups or ads that cannot be closed. Sometimes adware also strikes through browser redirects. Once the user clicks on this advertisement, new tabs will open on its own in your browser, your home page will change, and your search engine will be affected, and you might be led to websites that are not safe to be opened. Adware typically hijacks your system and presents you with advertisements of goods and services tailored to your location and behavior patterns. Adware is generally considered to be a nuisance, but it becomes potentially dangerous when its authors offer your information to a third party who will target you through customized ads and breach your security.

Attack Method

Techniques used by hackers and threat actors to gain access and infiltrate into your system. The attack method used by threat actors can vary according to the technology, the intent, and the motive behind the attack. The most common types of attacks that threat actors use are Phishing (Spear & Whale), Malware (Ransomware, Trojan, Drive-by-attack), Web Attacks (Injections, Cross-site Scripting, Malicious file upload), Distributed Denial-of-Service (DDoS), Password Attack, Eavesdropping Attack, Birthday Attack, Brute Force & Dictionary Network, Insider Threats, AI-powered, Man-in-the-middle, etc.

Attack Pattern

Approach or methodology used by threat actors and hackers to exploit a vulnerability. Attack patterns are as diverse as the vulnerabilities that exist within a system or network. They leverage the inherent weakness that exists within its architecture to attack, exploit, and breach security to steal data and gain access.

Attack Surface

An attack surface is the set of pathways in which an attacker attempts to enter or extract data from that system, system element, or environment to carry out a cyber-attack. This can be both a physical and digital attack surface. A physical attack surface covers access to all endpoint devices such as desktop, mobile devices, laptops, USB ports, and improperly disposed hard drives. A digital attack surface includes the entirety of all vulnerabilities that exist in connected hardware and software.

Authenticate

This is a security measure designed to verify the user, process, or device identity as a precondition to access confidential data or system. Basically, this is used to validate or to make someone authoritative.

Behavior Monitoring

Behavior monitoring continuously monitors the operating system’s unusual modifications or an installed program. It observes user’s activities, information systems, processes, and measures them against organizational policies and rules. Behavior monitoring defends the endpoints through Malware Behavior Blocking and Event Monitoring. Malware Behavior Blocking detects the system over a period and offers an essential layer of threat protection from programs that expose malicious behavior and blocks the associated programs. Event Monitoring is a fundamental approach to protect against unauthorized software and malware attacks by monitoring system areas for specific actions also allow administrators to control programs that trigger such actions.

Birthday Attack

A Birthday attack belongs to the class of Brute Force attacks, which is based on probability theory. The mathematics behind the birthday attack is intended to exploit the communication between two parties found among random attacks. According to probability theory, the birthday paradox or problem deems the probability that some paired individuals in a set of n (numbers) randomly selected of them will have the same birthday.

Black Hat

A black hat hacker penetrates the network maliciously to expose vulnerabilities in systems and networks to discover sensitive information for personal gain.

Blackbox

Blackbox is a method of testing performed without any knowledge of the system.

Blacklist

A blacklist is a list of blocked components like e-mail addresses, users, passwords, URLs, IP addresses, domain names, and file hashes in which the delivery of emails remains blocked. When this occurs, a user is restricted from sending messages to the intended recipient. An organization might blacklist peer to a peer file share on systems, specific websites, or applications. Contrary to a blacklist, a whitelist permits the components through whatever security gate is being used.

Block cipher

In cryptography, a block cipher encrypts/decrypts its input one block at a time instead of one bit at a time using a symmetric algorithm. During encryption, the shared key is used to convert its plaintext input into a ciphertext (encrypted text). Whereas in decryption, the same key is used to convert the ciphertext back to the original plaintext. 

Blue Team

A blue team is a bunch of defenders who run an analysis, detect security flaws in information technology, check the effectiveness of security measures and execute defensive measures for future attacks. They constantly strengthen the security around and within the organization's data systems and networks. Usually, the blue team indicates the internal security team of an organization against the real attackers.

Botnet

A Botnet is a set of internet-connected devices infected by malware that allow hackers to control them. Botnet owners can command and access many thousands of computers to carry out malicious activities. Some of the common Botnet actions are Email spam, DDoS attacks, targeted intrusions, etc.

Breach

A breach is a point where a hacker successfully exploits a vulnerability in a computer or device or intrudes on the system and gains access to its files and network.

Bug

A bug or software error is a security defect that causes a program to deliver unexpected outputs or crash entirely. A security bug can be exploited to gain unauthorized access to the system. These bugs may affect the performance of the application, wherein the developers ensure to correct them before the software is deployed.

Burp Suite

Burp Suite is a popular penetration testing tool and used for security testing of web applications. It is also one of the widely used web vulnerability scanners developed by a company named Portswigger. The initial mapping and analysis of an application's attack surface are done using the Burp Suite to find vulnerabilities. This tool can intercept HTTP and HTTPS requests and act as a mediator between the user and web pages.

Catfishing

Catfishing is a type of identity fraud where a cybercriminal creates a fake online identity. The catfish often uses personally identifiable information, photos, and posts of someone that make it real to the victim.

Clickjacking

Clickjacking is a user interface redress attack where vulnerability hijacks the clicks of a user on a website that efficiently transforms on something malicious or sharing confidential information and makes the user perform actions which they are unaware of. This is a type of online manipulation, where hackers hide malware or malicious code in a legitimate-looking control on a website.

Clone phishing

In this type of attack, email addresses are replicated from a legitimate user or organization and sent to the target along with malicious links or viruses as attachments. This email is ultimately used to spoof an authentic user’s email content and claim it is a simple resend. When you click on the attached link, it leads to the installation of malware or ransomware onto the systems. A Phisher can use clone phishing to gain a foothold to systems of the organization and infect other systems. 

Closed Source

Closed source is also known as proprietary software where the source code is hidden from the public.

Compliance

In cybersecurity, compliance involves various rules and regulations enacted by a regulatory authority to protect sensitive data. This will vary based on industry and sector, using an array of certain organizational procedures and technologies to safeguard data. Regulations come from sources including CIS, the NIST Cybersecurity Framework, and ISO 27001.

Computer Network Defense

A Computer Network Defense (CND) is a set of procedures and defensive measures that the system operates to identify, observe, analyze, and stand up against the intrusions. The primary objective of Computer Network Defense is to ensure that no unauthorized, illegitimate user or application has access to a confidential IT environment/network.

Computer Security Incident

An incident that results in prospective peril to the confidentiality, veracity, or accessibility of the information of the system processes, stores, transmit, or that comprises a breach, or imminent threat of violation of security guidelines, security procedures, or acceptable use policies. Attacks such as unauthorized access by someone who is not allowed to access a computer system is also deemed as a potentially threatening computer security incident. When an incident modifies a computer system, a computer security incident response team (CSIRT) must be activated to support and regain control by minimizing the damage.

Crypto jacking

Crypto-jacking is a type of cybercrime where hackers hijack the cryptocurrency by getting the victim to click on a malicious link in an online ad or an email or by infecting a website that auto-executes once loaded. These crypto-jacking scripts are usually deployed in web browsers.

Cyber Supply Chain Risk Management

Cyber Supply Chain Risk Management aims to find, evaluate, prevent, and mitigate the risk associated with the distributed and interconnected type of Information and Communications Technology product and service supply chains.

Data Breach

A data breach is a security intrusion in which secure and confidential data such as Personal Health Information (PHI), Personally identifiable information (PII), trade secrets of organizations, intellectual property, and financial data gets released to the unauthorized environment. The data leak or unauthorized access may be due to the incautious disposal of used computer equipment and data storage media.

Data Leakage

Data leakage is the illegitimate transmission of data from an organization to a peripheral recipient. These threats usually occur electronically or physically through mobile data storage devices such as optical media, USB keys, and laptops.

Data loss

Data loss occurs when sensitive information on a computer is exploited due to theft, human error, viruses, malware, or power failure. This includes laptop theft, accidental deletion, overwriting of files, power outages and surges, spilled liquids, and sudden failure of hard drives.

Data Loss Prevention

Data Loss Prevention (DLP) is a policy that ensures end users do not send confidential or sensitive information beyond the organization network. This strategy involves a combination of user, security policies, and security tools.

Deceptive phishing

Deceptive phishing attacks are scam emails sent in order to compromise information by requesting you to verify your account or request to change password. These attackers send scam emails on an extensive campaign and get lucky whenever someone gets fooled.

DevSecOps

DecSecOps is simply known as Development, Security, and Operations. It is the practice of implementing security decisions and actions at the same level and speed development and operations decisions. The main point in merging development, operations, and security is to speed up delivery and secure code.

DNS based Phishing

A DNS-based phishing attack is known as pharming, where the hackers use a duplicate of legitimate websites to acquire the users' IP addresses. The DNS in the system network is usually used to translate domain names into IP addresses for computer communications. In this type of attack, the user does not even know that they are entering their personal information in a redirected fraudulent website, giving long-term access to the attacker.

Encryption

Encryption is the process of converting information, or a message referred to as plaintext, into a problematic unreadable form called ciphertext by using an encryption algorithm

Enterprise Risk Management

Enterprise risk management (ERM) is a plan-based business strategy to detect, evaluate, and organize for any threats, vulnerabilities, and other possibilities for disaster that may intrude on an organization's operations and ideas. ERM handles the activities of an organization to reduce the influence of threat on financing and profits.

Event Monitoring

Event monitoring is a fundamental approach to protect against unauthorized software and malware attacks. It monitors system areas for specific events allowing administrators to control programs that trigger such events.

Exploit

An exploit is a piece of code that takes advantage of security flaws or vulnerabilities. This is written by security researchers as a proof of concept or by threat actors for their malicious use of operations. Exploits allow a threat actor to gain elevated access to a network and move deeper into the network. Some of the commonly known exploits are SQL injection, Cross-Site Scripting, and Cross-Site Request Forgery.

Exploit Kit

Exploit kits are toolboxes that are developed by hackers to automatically exploit known vulnerabilities in systems. They are one of the most popular methods of group malware or remote access tools due to their highly automated nature, which serves as a low barrier for attackers to enter the network.

Exploitation Analysis

Exploitation analysis is an activity where a person analyses are done by collecting information to identify vulnerabilities and gaps using resources and analytic techniques that are potential for exploitation.

Firewall

A firewall is a network security device that can be hardware and software that monitors incoming and outgoing network traffic. It works as a barrier between a trusted and untrusted network such as the Internet. This is also known as the first-line defense of network security. Based on the structure and functionality, there are different types of firewalls such as packet-filtering firewalls, next-generation firewalls, stateful multilayer inspection firewalls, and host-based firewalls.

Forensic

Forensic is a scientific test used in connection with the detection of crime. Cyber forensics is a technique used to determine and expose scientific criminal evidence.

Grey Hat

Grey hat or Gray hat is a computer security expert who violates laws or common ethical principles but does not have the malicious intent typical of a black hat hacker. They have similar intentions as white hats to maintain secure systems but without permissions.

Greylist

A greylist is a method of securing e-mail users against spams. Comprises of items such as e-mail addresses, users, passwords, URLs, IP addresses, domain names, and file hashes that are temporarily blocked or allowed until an additional retrieval step.

Hacker

A hacker is an individual who breaks through the security of a network or system to sneak data, corrupt systems or files, capture the environment or disrupt data-related activities by the phishing scam, spooking, trojan horse, vulnerability scanning, viruses, etc. Ethical hackers, on the contrary, are employed by organizations to prevent malicious infections.

Hashcat

Hashcat is a password-cracking tool that had a codebase until 2015 but was then released as open-source software. This performs brute force attacks with hash values of passwords that the tool is suggesting.

Honeypot

In cybersecurity terminology, a honeypot refers to a security system, a decoy for the attackers. It lures the hackers and wastes their time as they try to gain unauthorized access to the network.

ICT Supply Chain Threat

An Information and Communications Technology supply chain is a human-made threat where an adversary exposes the confidentiality, integrity, or accessibility of a system or the information the system handles, stores, or transmits. The threat can occur within the system development life cycle of the product or service. Cyber Supply Chain Risk Management is the method of finding, evaluating, preventing, and mitigating the risk associated with the distributed and interconnected type of Information and Communications Technology (ICT) product and service supply chains.

Identity cloning

Identity cloning is a type of identity theft where an individual attempt impersonates someone to hide their true identity.

Incident

An incident is an act of violating an organization's security policy to affect its integrity, information systems, services or networks, and sensitive information by unauthorized access. It results in adverse outcomes to the information that the system possesses, which requires a response action to mitigate the consequences. The incident can be security issues, application bugs, data issues, system down, server problems, etc.

Incident Management

Incident management is a service management region that gets activated when an incident has occurred. The key objective is to rebuild the normal service operations at the earliest possible time. Incidents include disruptions reported by users, by technical staff, or automatically detected and reported by event monitoring tools. When incidents are reported, the incident management process attempts to understand the impact and urgency of the incident to perform accordingly.

Java Serialization

Java serialization is a process of built-in feature where the Java code object is converted into a byte stream to transfer the object code from one Java virtual machine to another and reconstruct them using the process of deserialization. Java serialized data streams support encryption, compression, authentication, and secure Java computing.

Jump Bag

A Jump Bag is a container that contains the essential items to act in response to an incident and reduce the effects of delayed reactions.

Keylogger

Keylogger is a sneaky type of spyware that records and steals consecutive PC activity that the user enters on a device. They are not always illicit to install and use. It is a common tool for corporations wherein the information technology uses to troubleshoot technical problems on their systems and networks or to keep an eye on employees secretively. It can record online conversations, e-mails, password logins, screenshots, web pages that you view, as well as sensitive financial information.

Lateral Movement

Lateral movements are techniques used by high-tech cyber-attacker to gradually step laterally through a network seeking targeted critical data and assets. This methodology additionally requires the credentials of the user account. In this type of attack, the threat actors get access to the domain controller and provide control of windows-based infrastructure, which involves better strategies and evade detection. To mitigate lateral movement attacks, security analysts can create internal network intelligence to know which users and devices are on a network and standard login patterns to identify when credential misuse occurs.

Macro virus

A Macro virus is a system virus that is in a programming language used to infect software applications (Excel, Word) that cause malicious programs to run as soon as the documents are opened because macro viruses change prompt commands. There are two types of macro viruses - such as the Concept virus that targets the Microsoft Word and the Melissa virus that spreads through e-mails. A macro virus can generate new files, corrupt data, move text, send files, format hard drives, and insert pictures. One of their standard operations is delivering destructive viruses and malware.

Malicious Applet

An applet is an application program that is small, which attacks the local system of a web surfer. Any applet that performs an action against the will of the Java user should be considered as a malicious applet. Malicious applets include Denial of Service, invasion of privacy, annoyance, and damage to Java users. In this applet's attacks, issues like play sound files continuously, set up threads that monitor your Web use, and display unwanted graphics on your screen are caused

Malicious Code

Malicious code is a system code or web script intended to cause undesired vulnerabilities, application backdoor, security breaches or damage to a system, and potential data loss. Unfortunately, all types of codes cannot be detected by anti-virus applications on their own. Malicious code takes the form of Java Applets, ActiveX Controls, Scripting languages, Browser plug-ins, and Pushed content. Malicious code can give a user remote access to a computer known as an application backdoor.

Malware

Malware is used to hide the hacker's footprints within the system, and it also aids the attacker control their access remotely and identify the data they wish to steal.

Malware based Phishing

Malware-based phishing is where an attacker utilizes the duplicated email or a website to click downloadable links or software that installs malware on the system. The installed malware can use keylogger and screen loggers to record the keyboard strokes and track the user’s actions. Then, the recorded actions are transmitted to the attacker’s location.

Malware Behavior Blocking

Malware Behavior Blocking detects the system over a period and offers an essential layer of threat protection from programs that expose malicious behavior and blocks the associated applications.

Network Resilience

Network resilience is the capability of the network to defend, maintain a level of service in rapid recovery when failures occur, and meet unpredictable demands. To increase resilience, the possible challenges and risks must be identified, and proper resilience measures should be defined.

NOP Sled

A NOP sled, NOP slide, or NOP ramp stands for No-operation, a sequence of instructions to direct the CPU's execution actions to its desired destination. This technique is commonly used in software exploits, which directs program execution when a branch instruction target is not known precisely. A branch instruction is a program instruction that causes a system to execute an unusual instruction sequence, which differs from its default behavior of execution.

Obfuscation

Obfuscation is the process of transforming a program code into a complicated form, while the program's function remains the same. The purpose of obfuscation is to secure data and anonymize cyberattacks as well as defend them from the threat actors. This makes hackers challenging to detect and analyze the program.

Outsider Threat

An outsider threat is an unauthorized group or individual who seeks and obtains access to sensitive information of the organization rather than the security team. The rate of external attackers is high to an organization that includes well-funded hackers, organized crime groups, etc. The primary objective of outsider threat is cyber espionage, where they spy the protected data and confidential information.

OWASP

Open Web Application Security Project (OWASP) is an organization that provides a regularly updated list of the most persistent web application security concerns. Security experts around the world are members of this project and they contribute their knowledge of threats, weaknesses, and countermeasures and help the industry by building awareness.

Packet Sniffing

When data is transmitted over the network, it breaks into smaller units at the sender’s node called data packets and gets reassembled at the receiver's node in the original format. The process of capturing the data packets intercepting the traffic on a network is called packet sniffing. A packet sniffer can also be called a packet analyzer or network analyzer.

Passive Attack

A passive attack is a type of cyber-attack where the threat actor simply observes the network activity as a part of surveillance. A passive attacker aims to obtain information that is transmitted. They are not easily detected because threat actors do not actively attack any target machine or participate in network traffic. They can also monitor every single message or data that is sent or received in the communication, but they cannot modify the original message.

Pentesting

Penetration testing (or pen testing) is a cybersecurity test performed by the security team to attack against your computer system to analyze for exploitable vulnerabilities. It is best to have a pen test done by security experts because they may be able to expose blind spots undetected by the developers who built it. The pen test is performed by the contractors referred to as ethical hackers. The pen tester runs several tests based around network penetration, penetration methods, and complete assessment reports about what they have revealed.

Phone phishing

Phone phishing is one of the widely used phishing attacks nowadays. In this type of attack, the attacker tricks the user with messages that gain their attention. Typically these messages are designed to encourage the user to share their personal details with them. The messages trick the user into believing that they have won a certain amount of money and by paying registration or by sharing personal information they get to claim the money. These days, threat actors have resorted to voice messages as well to steal private information.

Privilege Escalation

Privilege escalation increases the level of access to system resources attained by exploiting a vulnerability in the system. The exploitation of a programming error, vulnerability, flaw, access control in an operating system, or application to gain unauthorized access that is restricted from the application or user is described as privilege escalation. There are two types of privilege escalation, such as horizontal privilege escalation and vertical privilege escalation. Horizontal privilege escalation – a threat actor develops privileges by taking over another account and misusing the legal privileges granted to the other user. Vertical privilege escalation- a threat actor attempts to acquire more permissions or access with an existing account that has been compromised.

Ransomware

Ransomware is a malicious virus that disrupts the user's computer or server by installing itself and then accessing the sensitive information. Once installed, it displays a message that demands a ransom for the retrieval. There are several different categories of ransomware, including: 1. The encryptors that block access to data and applications by encrypting devices. 2. Lockers are the ones that block access to a computer system. 3. Scareware claims to discover other malware like viruses on your computer and then demands money to get rid of them. 4. Doxware that robs sensitive information from your computer and threatens to release it.

RBVM (Risk-Based Vulnerability Management)

RBVM (Risk-Based Vulnerability Management) is a cybersecurity strategy in which a risk-based approach is adopted to prioritize remediation and reduce vulnerabilities across the attack surface. Through this platform, companies and organizations can track their cyber resilience and get solutions to improve their security posture

This process eases the workload for security teams allowing them to focus on those vulnerabilities that pose a high risk to the enterprise.

Risk-based vulnerability management uses machine learning to map asset criticality, vulnerability severity, and threat actor activity, understanding vulnerability risks with threat context and provide insight about the potential business impact for each threat identified.

Recovery

Recovery is the process of restoration of data after an incident or event in the short or long term. The incidents can be a natural disaster or cyber-attacks.

Red Team

A red team is a group of ethical hackers who attack your layered security controls while your blue team defends it. Their objectives are to discover and exploit the weakness in the organization's security. A red team emulates the adversary's attack against the organization's security posture.

Security Automation

It is the machine-based execution of security tasks with the power to detect, investigate, and remediate cyber threats with or without human intervention by identifying incoming risks, triaging and prioritizing alerts as they emerge, and responding to them a timely fashion.

Security Testing

Security Testing is a technique where all potential loopholes and weaknesses of the software system are identified, preventing malicious attacks from intruders. It works by examining the existing known vulnerabilities and exploiting those using manual and automated security testing tools. Penetration testing is a typical example of security testing.

Security testing works under six basic principles -

•    Confidentiality
•    Integrity
•    Authentication
•    Authorization
•    Availability
•    Non-repudiation

Server-side request forgery (SSRF)

Server-side request forgery (SSRF), a web security vulnerability in which the attacker induce the server to create a connection back to itself, or to other web-based services within the organization's infrastructure, or to external third-party systems. The target application is capable of importing data from an URL, deploying data to a URL, or otherwise interpreting data from a URL that can be tampered with.

Session hijacking

A session hijacking attack is a type of mechanism where the session of the user is controlled, (which is usually managed by a session token). In this type of attack, the attacker uses the web session controller to trick the user and leverage the web server. For example, an attacker can record a user’s banking application's web session and gain privileged access.

Shift-Left

This is a concept that brings the testing  phase earlier in the  Software Development Life Cycle and is referred to as “Shift left.” The primary intention of this is to detect security defects or vulnerabilities in the initial stages, which ideally improves the quality, security, and reduces the negative outcome by deploying the deliverables at a scheduled time.

Spear Phishing

Spear phishing is an attempt to obtain sensitive information such as financial documents or credentials to access a specifically targeted individual’s computer system. Through spear phishing, threat actors acquire personal details of the victim and then disguise themselves as trustworthy entities through email or other online messaging.

Spoofing

Spoofing is a kind of forgery or falsifying in which the person fabricates the sending address of transmission to obtain illegal entry into a secure system. IP and e-mail spoofing are commonly used techniques. In the case of technology, the e-mails which appeared from the bank or any other source that the user believes can be made and sent by black hats.

Spyware

Spyware is software that collects information about an individual or organization without their knowledge. Using spyware, sensitive or confidential information can be sent to another destination for malicious purposes.

SQL Injection

An SQL injection (Query Injection) stands for Structured Query Language, a web hacking technique where the attacker injects SQL statements that can read or modify the database. With advanced SQL Injection attacks, the hackers use SQL commands to write arbitrary files to the server and even execute operating system commands. Therefore, a successful SQL injection leads to serious business outcomes, involving data loss, information disclosure, and significant financial implications.

Threat

A threat is a possible event or circumstance that might exploit a vulnerability to violate an organization’s security protocols. A threat can be intentional (individual hacker or an illegal organization) or accidental (malfunctioning or of a natural disaster).

Trojan Horse

A Trojan horse code is malware that deceives users of its real intent. They penetrate your network to gain access to your system in the future. They sit silently in your computer, gathering information or setting up holes in your security, or they may seize your computer and lock you out.

Tunneling

Tunneling is a technology that enables the network to send data through another network's connections. It works by capturing a network protocol within packets supported by the second network.

Unauthorized Access

Unauthorized access refers to a person who obtains access to a website, program, server, service, or any confidential information of any other user without their concern. Some set up alarms when authorized access attempts to interrupt, which helps prevent hackers from gaining access.

Virus

A virus is a malicious software which consists of codes attached to the legitimate programs. When the program starts to run, the virus begins to spread all over the computer files without user knowledge. Viruses also circulate through shared media, such as Universal Serial Bus (USB) drives. Installing anti-virus software prevents to stop or eliminate previously installed viruses.

Vulnerability

Vulnerability is a weakness or flaw or fault in the system which can be exposed to an attacker. Vulnerabilities can allow attackers to gain unauthorized access and run code, enter a system's memory, install malware, steal, destroy, or modify sensitive data. Employees can protect computer systems from vulnerabilities by updating software security patches up to date. Vulnerabilities can be exploited by methods such as SQL injection, buffer overflows, and cross-site scripting (XSS).

Vulnerability Assessment

A vulnerability assessment is an organized analysis of security weaknesses in computer networks, systems, hardware, applications, and other parts of the IT network. It usually leverages tools like vulnerability and protocol scanners to identify threats and flaws within an organization's IT infrastructure and prioritize risks for potential remediation in the proper context. Types of Vulnerability assessment includes: 1. Host assessment 2. Network and wireless assessment 3. Database assessment 4. Application scans

Vulnerability Management

Vulnerability management is a set of processes that help identify and classify all weaknesses in your software, systems, and networks and then mitigate them by implementing security measures. Vulnerability scanning is a proactive process under the vulnerability management of software, to analyze the possible vulnerabilities such as insecure configurations.

Web trojans

Web trojans phishing are attacks executed through pop-ups while the user surfs a website which makes the session available to the attacker. When a user clicks on the pop-ups while performing bank transactions, it records all private information and transmits it back to the attacker.

White Hat

The white hat is an individual who intrudes into systems and networks at the demand of their organization or with explicit permission to determine how secure it is against illegal attackers

White Team

A white team is a group in charge of refereeing a situation between a red team of attackers and a blue team of actual defenders of information systems.

Whitelist

A whitelist permits the components like e-mail addresses, users, passwords, URLs, IP addresses, domain names, and file hashes through whatever security gate is being used. When a whitelisted, all entities are denied, except those included in the whitelist.

XML External Entity (XXE)

An XML External Entity attack is a type of web security vulnerability where the attack against an application that parses XML input. This attack ensues when XML input containing a reference to an external entity is processed by a delicately configured XML parser. By leveraging the XXE vulnerability to perform server-side request forgery (SSRF) attacks, an attacker can accelerate an XXE attack to compromise the underlying server or other back-end infrastructure. This attack may head to the disclosure of private data, denial of service, server-side request forgery, port scanning from the viewpoint of the machine where the parser is located, and additional system impacts.

XSS (Cross-site scripting)

Cross-site scripting is a kind of injection attack in which the threat actor injects malicious scripts into benign and trusted websites. It succeeds through security vulnerabilities in Web applications and is exploited by injecting a client-side script into web pages used by other users This attack extends into account hijacking, cookie theft, false marketing, and modifications in the system settings of the user's account.

YubiKey

YubiKey is the first security key that enables a strong two factor and multi-factor authentication without the necessity of passwords. It is a small USB device that supports authentication protocols to secure access to computers, networks, websites, VPN, password managers, and other online services.

Zero-day

In the cyber-attacks world, a zero-day is the day when a vulnerability is discovered before the vendor has become aware of it. At that point, no patch exists, so threat actors can easily exploit the vulnerability knowing that no protections are in place. This makes zero-day vulnerabilities a severe security threat. After some days, letting the vulnerability to be patched, the assessment report is published, and a CVE number is assigned.