CSW Cyber Security Glossary
Check out terms, definitions, abbreviations, names of methodologies used in the Cyber Security industry.
a
Active Attack
This is a type of attack where a hacker exploits a weakness in a network and changes the data on the target. Different types of active attacks can be attempted by threat actors, such as masquerade, session replay, message modification attack, Denial of Service (DoS), Distributed Denial-of-Service (DDoS), etc. In a masquerade attack, a threat actor might pretend to be a user of a system and unauthorized access privileges. A classic example of a masquerade attack would be stealing login ids and passwords through security gaps in programs and bypassing authentication mechanism. Session replay is a kind of an attack where the threat actor steals an authorized user's log information and its session ID. Using this, the hacker gains access thereby has the authorization to do anything on the user’s account. A message modification attack is a form of attack where a hacker can intercept a message and send it to an entirely different destination or modify the data on a target system. In a Denial of Service (DoS) attack, the users are prevented from accessing a network or a web resource. This attack is achieved by hitting the target with more target than it can handle and thereby disrupting its normal function. In Distributed denial-of-service (DDoS), multiple systems that are compromised will gang up to attack a single target. This is also known as the botnet or zombie army.
Share this definition:
Advanced Persistent Threat
A dangerous threat for enterprises where the threat actor possesses a sophisticated level of expertise to continue for an extended period within the system or network without being identified. The target of this kind of threat would be data theft, so there is no damage to the company network. The typical modus operandi of advanced persistent threat is to access the network in several phases. The first is hacking into the network without being detected, planning the attack, mapping the data, and then stealing sensitive data. There is nothing accidental about this type of attack. It is highly customized and carefully planned.
Share this definition:
Adware
Adware is the kind of malicious software that displays unwanted advertisements to users. On most occasions, these are pop-ups or ads that cannot be closed. Sometimes adware also strikes through browser redirects. Once the user clicks on this advertisement, new tabs will open on its own in your browser, your home page will change, and your search engine will be affected, and you might be led to websites that are not safe to be opened. Adware typically hijacks your system and presents you with advertisements of goods and services tailored to your location and behavior patterns. Adware is generally considered to be a nuisance, but it becomes potentially dangerous when its authors offer your information to a third party who will target you through customized ads and breach your security.
Share this definition:
Attack Method
Techniques used by hackers and threat actors to gain access and infiltrate into your system. The attack method used by threat actors can vary according to the technology, the intent, and the motive behind the attack. The most common types of attacks that threat actors use are Phishing (Spear & Whale), Malware (Ransomware, Trojan, Drive-by-attack), Web Attacks (Injections, Cross-site Scripting, Malicious file upload), Distributed Denial-of-Service (DDoS), Password Attack, Eavesdropping Attack, Birthday Attack, Brute Force & Dictionary Network, Insider Threats, AI-powered, Man-in-the-middle, etc.
Share this definition:
Attack Pattern
Approach or methodology used by threat actors and hackers to exploit a vulnerability. Attack patterns are as diverse as the vulnerabilities that exist within a system or network. They leverage the inherent weakness that exists within its architecture to attack, exploit, and breach security to steal data and gain access.
Share this definition:
b
Behavior Monitoring
Behavior monitoring continuously monitors the operating system’s unusual modifications or an installed program. It observes user’s activities, information systems, processes, and measures them against organizational policies and rules. Behavior monitoring defends the endpoints through Malware Behavior Blocking and Event Monitoring. Malware Behavior Blocking detects the system over a period and offers an essential layer of threat protection from programs that expose malicious behavior and blocks the associated programs. Event Monitoring is a fundamental approach to protect against unauthorized software and malware attacks by monitoring system areas for specific actions also allow administrators to control programs that trigger such actions.
Share this definition:
Black Hat
A black hat hacker penetrates the network maliciously to expose vulnerabilities in systems and networks to discover sensitive information for personal gain.
Share this definition:
Blacklist
A blacklist is a list of blocked components like e-mail addresses, users, passwords, URLs, IP addresses, domain names, and file hashes in which the delivery of emails remains blocked. When this occurs, a user is restricted from sending messages to the intended recipient. An organization might blacklist peer to a peer file share on systems, specific websites, or applications. Contrary to a blacklist, a whitelist permits the components through whatever security gate is being used.
Share this definition:
Blue Team
A blue team is a bunch of defenders who run an analysis, detect security flaws in information technology, check the effectiveness of security measures and execute defensive measures for future attacks. They constantly strengthen the security around and within the organization's data systems and networks. Usually, the blue team indicates the internal security team of an organization against the real attackers.
Share this definition:
c
Clickjacking
Clickjacking is a user interface redress attack where vulnerability hijacks the clicks of a user on a website that efficiently transforms on something malicious or sharing confidential information and makes the user perform actions which they are unaware of. This is a type of online manipulation, where hackers hide malware or malicious code in a legitimate-looking control on a website.
Share this definition:
Computer Network Defense
A Computer Network Defense (CND) is a set of procedures and defensive measures that the system operates to identify, observe, analyze, and stand up against the intrusions. The primary objective of Computer Network Defense is to ensure that no unauthorized, illegitimate user or application has access to a confidential IT environment/network.
Share this definition:
Computer Security Incident
An incident that results in prospective peril to the confidentiality, veracity, or accessibility of the information of the system processes, stores, transmit, or that comprises a breach, or imminent threat of violation of security guidelines, security procedures, or acceptable use policies. Attacks such as unauthorized access by someone who is not allowed to access a computer system is also deemed as a potentially threatening computer security incident. When an incident modifies a computer system, a computer security incident response team (CSIRT) must be activated to support and regain control by minimizing the damage.
Share this definition:
Cyber Supply Chain Risk Management
Cyber Supply Chain Risk Management aims to find, evaluate, prevent, and mitigate the risk associated with the distributed and interconnected type of Information and Communications Technology product and service supply chains.
Share this definition:
d
Data Breach
A data breach is a security intrusion in which secure and confidential data such as Personal Health Information (PHI), Personally identifiable information (PII), trade secrets of organizations, intellectual property, and financial data gets released to the unauthorized environment. The data leak or unauthorized access may be due to the incautious disposal of used computer equipment and data storage media.
Share this definition:
Data Leakage
Data leakage is the illegitimate transmission of data from an organization to a peripheral recipient. These threats usually occur electronically or physically through mobile data storage devices such as optical media, USB keys, and laptops.
Share this definition:
Data loss
Data loss occurs when sensitive information on a computer is exploited due to theft, human error, viruses, malware, or power failure. This includes laptop theft, accidental deletion, overwriting of files, power outages and surges, spilled liquids, and sudden failure of hard drives.
Share this definition:
Data Loss Prevention
Data Loss Prevention (DLP) is a policy that ensures end users do not send confidential or sensitive information beyond the organization network. This strategy involves a combination of user, security policies, and security tools.
Share this definition:
e
Encryption
Encryption is the process of converting information, or a message referred to as plaintext, into a problematic unreadable form called ciphertext by using an encryption algorithm
Share this definition:
Enterprise Risk Management
Enterprise risk management (ERM) is a plan-based business strategy to detect, evaluate, and organize for any threats, vulnerabilities, and other possibilities for disaster that may intrude on an organization's operations and ideas. ERM handles the activities of an organization to reduce the influence of threat on financing and profits.
Share this definition:
Event Monitoring
Event monitoring is a fundamental approach to protect against unauthorized software and malware attacks. It monitors system areas for specific events allowing administrators to control programs that trigger such events.
Share this definition:
f
Forensic
Forensic is a scientific test used in connection with the detection of crime. Cyber forensics is a technique used to determine and expose scientific criminal evidence.
Share this definition:
g
Grey Hat
Grey hat or Gray hat is a computer security expert who violates laws or common ethical principles but does not have the malicious intent typical of a black hat hacker. They have similar intentions as white hats to maintain secure systems but without permissions.
Share this definition:
Greylist
A greylist is a method of securing e-mail users against spams. Comprises of items such as e-mail addresses, users, passwords, URLs, IP addresses, domain names, and file hashes that are temporarily blocked or allowed until an additional retrieval step.
Share this definition:
h
Hacker
A hacker is an individual who breaks through the security of a network or system to sneak data, corrupt systems or files, capture the environment or disrupt data-related activities by the phishing scam, spooking, trojan horse, vulnerability scanning, viruses, etc. Ethical hackers, on the contrary, are employed by organizations to prevent malicious infections.
Share this definition:
Honeypot
In cybersecurity terminology, a honeypot refers to a security system, a decoy for the attackers. It lures the hackers and wastes their time as they try to gain unauthorized access to the network.
Share this definition:
i
ICT Supply Chain Threat
An Information and Communications Technology supply chain is a human-made threat where an adversary exposes the confidentiality, integrity, or accessibility of a system or the information the system handles, stores, or transmits. The threat can occur within the system development life cycle of the product or service. Cyber Supply Chain Risk Management is the method of finding, evaluating, preventing, and mitigating the risk associated with the distributed and interconnected type of Information and Communications Technology (ICT) product and service supply chains.
Share this definition:
Incident
An incident is an act of violating an organization's security policy to affect its integrity, information systems, services or networks, and sensitive information by unauthorized access. It results in adverse outcomes to the information that the system possesses, which requires a response action to mitigate the consequences. The incident can be security issues, application bugs, data issues, system down, server problems, etc.
Share this definition:
Incident Management
Incident management is a service management region that gets activated when an incident has occurred. The key objective is to rebuild the normal service operations at the earliest possible time. Incidents include disruptions reported by users, by technical staff, or automatically detected and reported by event monitoring tools. When incidents are reported, the incident management process attempts to understand the impact and urgency of the incident to perform accordingly.
Share this definition:
j
Java Serialization
Java serialization is a process of built-in feature where the Java code object is converted into a byte stream to transfer the object code from one Java virtual machine to another and reconstruct them using the process of deserialization. Java serialized data streams support encryption, compression, authentication, and secure Java computing.
Share this definition:
Jump Bag
A Jump Bag is a container that contains the essential items to act in response to an incident and reduce the effects of delayed reactions.
Share this definition:
k
Keylogger
Keylogger is a sneaky type of spyware that records and steals consecutive PC activity that the user enters on a device. They are not always illicit to install and use. It is a common tool for corporations wherein the information technology uses to troubleshoot technical problems on their systems and networks or to keep an eye on employees secretively. It can record online conversations, e-mails, password logins, screenshots, web pages that you view, as well as sensitive financial information.
Share this definition:
l
Lateral Movement
Lateral movements are techniques used by high-tech cyber-attacker to gradually step laterally through a network seeking targeted critical data and assets. This methodology additionally requires the credentials of the user account. In this type of attack, the threat actors get access to the domain controller and provide control of windows-based infrastructure, which involves better strategies and evade detection. To mitigate lateral movement attacks, security analysts can create internal network intelligence to know which users and devices are on a network and standard login patterns to identify when credential misuse occurs.
Share this definition:
m
Macro virus
A Macro virus is a system virus that is in a programming language used to infect software applications (Excel, Word) that cause malicious programs to run as soon as the documents are opened because macro viruses change prompt commands. There are two types of macro viruses - such as the Concept virus that targets the Microsoft Word and the Melissa virus that spreads through e-mails. A macro virus can generate new files, corrupt data, move text, send files, format hard drives, and insert pictures. One of their standard operations is delivering destructive viruses and malware.
Share this definition:
Malicious Applet
An applet is an application program that is small, which attacks the local system of a web surfer. Any applet that performs an action against the will of the Java user should be considered as a malicious applet. Malicious applets include Denial of Service, invasion of privacy, annoyance, and damage to Java users. In this applet's attacks, issues like play sound files continuously, set up threads that monitor your Web use, and display unwanted graphics on your screen are caused
Share this definition:
Malicious Code
Malicious code is a system code or web script intended to cause undesired vulnerabilities, application backdoor, security breaches or damage to a system, and potential data loss. Unfortunately, all types of codes cannot be detected by anti-virus applications on their own. Malicious code takes the form of Java Applets, ActiveX Controls, Scripting languages, Browser plug-ins, and Pushed content. Malicious code can give a user remote access to a computer known as an application backdoor.
Share this definition:
Malware
Malware is used to hide the hacker's footprints within the system, and it also aids the attacker control their access remotely and identify the data they wish to steal.
Share this definition:
Malware Behavior Blocking
Malware Behavior Blocking detects the system over a period and offers an essential layer of threat protection from programs that expose malicious behavior and blocks the associated applications.
Share this definition:
n
Network Resilience
Network resilience is the capability of the network to defend, maintain a level of service in rapid recovery when failures occur, and meet unpredictable demands. To increase resilience, the possible challenges and risks must be identified, and proper resilience measures should be defined.
Share this definition:
NOP Sled
A NOP sled, NOP slide, or NOP ramp stands for No-operation, a sequence of instructions to direct the CPU's execution actions to its desired destination. This technique is commonly used in software exploits, which directs program execution when a branch instruction target is not known precisely. A branch instruction is a program instruction that causes a system to execute an unusual instruction sequence, which differs from its default behavior of execution.
Share this definition:
o
Obfuscation
Obfuscation is the process of transforming a program code into a complicated form, while the program's function remains the same. The purpose of obfuscation is to secure data and anonymize cyberattacks as well as defend them from the threat actors. This makes hackers challenging to detect and analyze the program.
Share this definition:
Outsider Threat
An outsider threat is an unauthorized group or individual who seeks and obtains access to sensitive information of the organization rather than the security team. The rate of external attackers is high to an organization that includes well-funded hackers, organized crime groups, etc. The primary objective of outsider threat is cyber espionage, where they spy the protected data and confidential information.
Share this definition:
p
Passive Attack
A passive attack is a type of cyber-attack where the threat actor simply observes the network activity as a part of surveillance. A passive attacker aims to obtain information that is transmitted. They are not easily detected because threat actors do not actively attack any target machine or participate in network traffic. They can also monitor every single message or data that is sent or received in the communication, but they cannot modify the original message.
Share this definition:
Pentesting
Penetration testing (or pen testing) is a cybersecurity test performed by the security team to attack against your computer system to analyze for exploitable vulnerabilities. It is best to have a pen test done by security experts because they may be able to expose blind spots undetected by the developers who built it. The pen test is performed by the contractors referred to as ethical hackers. The pen tester runs several tests based around network penetration, penetration methods, and complete assessment reports about what they have revealed.
Share this definition:
Privilege Escalation
Privilege escalation increases the level of access to system resources attained by exploiting a vulnerability in the system. The exploitation of a programming error, vulnerability, flaw, access control in an operating system, or application to gain unauthorized access that is restricted from the application or user is described as privilege escalation. There are two types of privilege escalation, such as horizontal privilege escalation and vertical privilege escalation. Horizontal privilege escalation – a threat actor develops privileges by taking over another account and misusing the legal privileges granted to the other user. Vertical privilege escalation- a threat actor attempts to acquire more permissions or access with an existing account that has been compromised.
Share this definition:
r
Ransomware
Ransomware is a malicious virus that disrupts the user's computer or server by installing itself and then accessing the sensitive information. Once installed, it displays a message that demands a ransom for the retrieval. There are several different categories of ransomware, including: 1. The encryptors that block access to data and applications by encrypting devices. 2. Lockers are the ones that block access to a computer system. 3. Scareware claims to discover other malware like viruses on your computer and then demands money to get rid of them. 4. Doxware that robs sensitive information from your computer and threatens to release it.
Share this definition:
Recovery
Recovery is the process of restoration of data after an incident or event in the short or long term. The incidents can be a natural disaster or cyber-attacks.
Share this definition:
Red Team
A red team is a group of ethical hackers who attack your layered security controls while your blue team defends it. Their objectives are to discover and exploit the weakness in the organization's security. A red team emulates the adversary's attack against the organization's security posture.
Share this definition:
s
Security Automation
It is the machine-based execution of security tasks with the power to detect, investigate, and remediate cyber threats with or without human intervention by identifying incoming risks, triaging and prioritizing alerts as they emerge, and responding to them a timely fashion.
Share this definition:
Server-side request forgery (SSRF)
Server-side request forgery (SSRF), a web security vulnerability in which the attacker induce the server to create a connection back to itself, or to other web-based services within the organization's infrastructure, or to external third-party systems. The target application is capable of importing data from an URL, deploying data to a URL, or otherwise interpreting data from a URL that can be tampered with.
Share this definition:
Spoofing
Spoofing is a kind of forgery or falsifying in which the person fabricates the sending address of transmission to obtain illegal entry into a secure system. IP and e-mail spoofing are commonly used techniques. In the case of technology, the e-mails which appeared from the bank or any other source that the user believes can be made and sent by black hats.
Share this definition:
Spyware
Spyware is software that collects information about an individual or organization without their knowledge. Using spyware, sensitive or confidential information can be sent to another destination for malicious purposes.
Share this definition:
SQL Injection
An SQL injection (Query Injection) stands for Structured Query Language, a web hacking technique where the attacker injects SQL statements that can read or modify the database. With advanced SQL Injection attacks, the hackers use SQL commands to write arbitrary files to the server and even execute operating system commands. Therefore, a successful SQL injection leads to serious business outcomes, involving data loss, information disclosure, and significant financial implications.
Share this definition:
t
Threat
A threat is a possible event or circumstance that might exploit a vulnerability to violate an organization’s security protocols. A threat can be intentional (individual hacker or an illegal organization) or accidental (malfunctioning or of a natural disaster).
Share this definition:
Trojan Horse
A Trojan horse code is malware that deceives users of its real intent. They penetrate your network to gain access to your system in the future. They sit silently in your computer, gathering information or setting up holes in your security, or they may seize your computer and lock you out.
Share this definition:
Tunneling
Tunneling is a technology that enables the network to send data through another network's connections. It works by capturing a network protocol within packets supported by the second network.
Share this definition:
u
Unauthorized Access
Unauthorized access refers to a person who obtains access to a website, program, server, service, or any confidential information of any other user without their concern. Some set up alarms when authorized access attempts to interrupt, which helps prevent hackers from gaining access.
Share this definition:
v
Virus
A virus is a malicious software which consists of codes attached to the legitimate programs. When the program starts to run, the virus begins to spread all over the computer files without user knowledge. Viruses also circulate through shared media, such as Universal Serial Bus (USB) drives. Installing anti-virus software prevents to stop or eliminate previously installed viruses.
Share this definition:
Vulnerability
Vulnerability is a weakness or flaw or fault in the system which can be exposed to an attacker. Vulnerabilities can allow attackers to gain unauthorized access and run code, enter a system's memory, install malware, steal, destroy, or modify sensitive data. Employees can protect computer systems from vulnerabilities by updating software security patches up to date. Vulnerabilities can be exploited by methods such as SQL injection, buffer overflows, and cross-site scripting (XSS).
Share this definition:
Vulnerability Assessment
A vulnerability assessment is an organized analysis of security weaknesses in computer networks, systems, hardware, applications, and other parts of the IT network. It usually leverages tools like vulnerability and protocol scanners to identify threats and flaws within an organization's IT infrastructure and prioritize risks for potential remediation in the proper context. Types of Vulnerability assessment includes: 1. Host assessment 2. Network and wireless assessment 3. Database assessment 4. Application scans
Share this definition:
Vulnerability Management
Vulnerability management is a set of processes that help identify and classify all weaknesses in your software, systems, and networks and then mitigate them by implementing security measures. Vulnerability scanning is a proactive process under the vulnerability management of software, to analyze the possible vulnerabilities such as insecure configurations.
Share this definition:
w
White Hat
The white hat is an individual who intrudes into systems and networks at the demand of their organization or with explicit permission to determine how secure it is against illegal attackers
Share this definition:
White Team
A white team is a group in charge of refereeing a situation between a red team of attackers and a blue team of actual defenders of information systems.
Share this definition:
Whitelist
A whitelist permits the components like e-mail addresses, users, passwords, URLs, IP addresses, domain names, and file hashes through whatever security gate is being used. When a whitelisted, all entities are denied, except those included in the whitelist.
Share this definition:
x
XML External Entity (XXE)
An XML External Entity attack is a type of web security vulnerability where the attack against an application that parses XML input. This attack ensues when XML input containing a reference to an external entity is processed by a delicately configured XML parser. By leveraging the XXE vulnerability to perform server-side request forgery (SSRF) attacks, an attacker can accelerate an XXE attack to compromise the underlying server or other back-end infrastructure. This attack may head to the disclosure of private data, denial of service, server-side request forgery, port scanning from the viewpoint of the machine where the parser is located, and additional system impacts.
Share this definition:
XSS (Cross-site scripting)
Cross-site scripting is a kind of injection attack in which the threat actor injects malicious scripts into benign and trusted websites. It succeeds through security vulnerabilities in Web applications and is exploited by injecting a client-side script into web pages used by other users This attack extends into account hijacking, cookie theft, false marketing, and modifications in the system settings of the user's account.
Share this definition:
y
YubiKey
YubiKey is the first security key that enables a strong two factor and multi-factor authentication without the necessity of passwords. It is a small USB device that supports authentication protocols to secure access to computers, networks, websites, VPN, password managers, and other online services.
Share this definition:
z
Zero-day
In the cyber-attacks world, a zero-day is the day when a vulnerability is discovered before the vendor has become aware of it. At that point, no patch exists, so threat actors can easily exploit the vulnerability knowing that no protections are in place. This makes zero-day vulnerabilities a severe security threat. After some days, letting the vulnerability to be patched, the assessment report is published, and a CVE number is assigned.
Share this definition:
