Cybersecurity Glossary
What is 256-Bit Encryption?
256-bit encryption refers to the key length used to encrypt and decrypt data. Encryption is the process of turning plaintext data into ciphertext, a garbled version of the original data. To turn the ciphertext back to human-readable data, you would need the 256-bit key.
256-bit encryption is considered the strongest level of encryption since it currently uses the longest encryption key. This method requires 14 rounds of multiple processes to encrypt data and the same number of rounds to decrypt it.
Imagine having to go through 14 bank vault doors to get to your target. If you know the code for each lock, then you can open all 14 doors. Otherwise, it could take you a long time to get through.
What is Access Governance?
Access governance is part of security management. It is the process of governing “who” should have access to a system and “how” they can gain entry into “what” within a network. The concept is often confused with access management. In reality, however, it is a higher form of access management since policies and procedures support access control.
Access governance is put in place to help organizations limit security risks that may arise from users trying to gain unauthorized access to confidential data. There has been a growing need for access governance as most organizations aim to comply with regulations and seek to improve their security posture.
Suppose you are the head of a human resources team, and your job is to secure all employee documents. You are responsible for ensuring that these are kept away from prying eyes. This is what access governance means in simple terms.
What is an Active Attack?
An active attack is considered an assault on a network or system. In such an attack, the threat actor interferes with how a network or system works by changing the target data or introducing new data.
An active attack refers to all kinds of activities that occur when a person tries to “hack” into a server or computer. In contrast to passive attacks, wherein hackers do not make modifications but rather listen in or monitor activities, active attacks involve introducing unwanted changes. In some cases, hackers use the data they gathered from a passive attack to carry out an active attack. In a nutshell, an active attack refers to actual “hacking,” while a passive attack can be likened more to “spying.”
What is Active Reconnaissance?
Active reconnaissance is a computer attack where hackers communicate with a target system to collect information. The process involves probing a network for weaknesses, such as open ports or other possible entry points that include vulnerable routers.
“Reconnaissance” is a military term used to refer to missions into enemy territory to gather relevant information before carrying out an attack. In computer security, active reconnaissance is often the first step attackers take to gain insights into how best to enter a target network.
What is Adaptive Security?
Adaptive security is a model that continuously investigates threat events. This real-time monitoring method allows security officials to develop strategies that let them map out the threat landscape before attacks can occur.
The main goal of adaptive security is to develop a plan that allows cybersecurity personnel to visualize, detect, and prevent threats from penetrating their networks.
You can liken adaptive security to an automated closed-circuit television (CCTV) system. When an unusual incident is spotted, the system sounds an alarm to alert security personnel to a potential intrusion.
What is the Administrative Safeguard?
The administrative safeguard is one of the security rules set by the Health Insurance Portability and Accountability Act (HIPAA) that refers to standards that help prevent electronic protected health information (EPHI) from unauthorized access. The administrative safeguard is one of the three safeguards HIPAA requires covered entities to implement—physical and technical safeguards are the other two requisites.
There are nine administrative safeguard standards that HIPAA requires covered entities to implement. Examples of these administrative safeguards include:
- Establishing a security management process
- Assigning a security official
- Conducting security awareness training for employees
- Drawing up a contract for all third-party entities that have access to EPHI
What is Adware?
Advertisements aren’t too bad in general, right? You usually see them as commercials while watching TV or as billboards when you head to work.
Adware is similar, but the ads it generates are the worst of their kind. This malicious software gets into your computer under the guise of an application which you’ve recently downloaded.
It then follows you around as you browse the Web and takes notes of sites you visit, purchases you make, and services you use. In turn, it relentlessly bombards you with ads on your browser, computer desktop, and everywhere else it can — outright annoying!
What is Alert Fatigue?
Alert fatigue or alarm fatigue happens to cybersecurity experts that get exposed to vast numbers of frequent alerts or alarms, consequently desensitizing them to the warnings. It results in longer response times or missing important alerts or alarms.
Apart from cybersecurity, alert fatigue happens in other industries, too, such as construction, mining, and healthcare. As in the story of the boy who cried “Wolf!” false alerts or alarms can rob critical ones of the importance they deserve.
What is Antivirus Software?
An antivirus is a type of computer program that stops harmful software, called viruses, from entering computer systems and other digital devices (including smartphones, wearables, and others) without the owner’s permission. They constantly search for, detect and intercept programs they consider dangerous, and prevent them from doing harm to your computer. These days, the term “antimalware” is used instead of “antivirus”.
Installing an antivirus is like hiring a security guard to watch over your home. The guard only lets in the people you have approved and keeps out or drives away unwanted guests.
What is ASLR?
ASLR, short for “address space layout randomization,” is a computer security technique that helps prevent the exploitation of memory corruption vulnerabilities. How? Suppose an attacker wants to effectively jump to a specific exploitable function in memory. In that case, ASLR randomly arranges the address space positions of key data areas of a process to prevent the threat actor from doing so.
You can compare ASLR to rearranging the order of paintings in a gallery according to how likely they will get stolen. The technique would place the most expensive works of art in the most inaccessible place and move on down the line, placing the least likely to get stolen in the most accessible room.
What is ATM Jackpotting?
ATM jackpotting is the process of manipulating an automated teller machine (ATM) to dispense cash. It can be done in two ways.
First, hackers can exploit an ATM software’s vulnerabilities to control it remotely. A money mule usually waits for the physical machine to dispense cash that he or she then sends to the mastermind.
Second, attackers exploit vulnerabilities in the ATM hardware to make it dispense cash. A mule or the mastermind can collect the money then physically.
What is an Account Takeover (ATO) Attack?
An account takeover (ATO) attack occurs when cybercriminals gain unauthorized control over online accounts using stolen usernames and passwords. Bank, e-commerce shop, and other financial accounts are the typical ATO attack targets as these could present substantial monetary gains for the attackers. ATO attacks are thus considered a form of identity theft.
You can liken an ATO attack to a physical theft where the thieves get hold of your credit cards, ATM cards, and IDs. They can use the stolen credit cards and IDs to purchase goods online or empty your bank accounts before you can report them stolen.
What is an Attack Vector?
An attack vector is the means by which a hacker is able to break into a computer system or network to launch an attack. A simple analogy would be that of a mosquito bite that spreads disease by injecting its victims with the virus that it carries.
In computing terms, an attack vector would take the form of malware such as Trojans that hackers use to deliver malicious code to their victims. Other popular examples are infected email attachments, malicious links, and pop-up ads.
Attack vectors target vulnerabilities in the computer system as well as people’s susceptibility to social manipulation and impersonation.
What is a Backdoor Attack?
A backdoor attack uses a specific type of malware so hackers can avoid normal authentication procedures to gain access to a target system. As a result, perpetrators can go through all resources such as file servers and databases to issue commands and change system settings without being discovered.
Hackers install backdoors to take control of vulnerable network components, allowing them to carry out targeted attacks. These attacks include website defacement, data theft, server hijacking, watering hole attacks, and distributed denial-of-service (DDoS) attacks, among others.
Imagine this scenario. A burglar scouts your house for possible entry points. A check of the front door reveals a complicated security system with cameras to boot. A similar check of the back door, however, reveals a pet door that remains unlocked at night. That pet door can let the thief enter the target home without getting caught.
What is Banner Grabbing?
Banner grabbing is the process of obtaining a target company’s application names and versions, regardless of manner—manually or automatically by using an open-source tool—in preparation for an attack.
All connected systems and devices often expose confidential information that includes software names and operating systems (OSs), along with their versions, collectively known as “banner data.” Knowing these data points allows threat actors to find exploitable vulnerabilities in target networks.
Think of banner grabbing as sending a spy to work for a competitor so he or she can report the company’s weaknesses to his or her real employer.
What is a Bastion Host?
A bastion host is a computer designed to withstand attacks. It hosts a single application, such as a proxy server, which serves as a gateway between the internal network and the Internet.
A bastion host can repel attacks because it only runs the application while all other services are removed or reduced. It has tighter security because it is usually located on the firewall or outside it. So, even if untrusted computers or networks can access it, it does not put the other systems in the internal network at risk.
What is Blagging?
Blagging is a slang term for getting someone else’s personal information without his/her consent. Here’s an example: A blagger obtains a copy of your name and picture from Facebook then uses those to create an account. The blagger can then pose as you and trick your contacts into, say, donating to a fake cause but keep the money for himself/herself. Another scenario would be getting your bank account details and withdrawing your money using that stolen information.
In cybersecurity, blagging would fall under the umbrella of social engineering. In that case, blagging would be akin to other forms of social engineering like phishing where cybercriminals get your online account credentials in ingenious ways. In effect, the blagger steals your identity and more.
What is a Blended Threat?
A blended threat is a type of malware whose functionality combines those of various malware types, such as worms, Trojans, and backdoors, to breach and take over a target network effectively. Its infection chain is usually triggered by an event, such as a website visit. From there, a victim is redirected to a malicious site. Once on it, the victim is tricked into downloading the blended threat through a clever social engineering ploy. Downloading the file installs the malware on the victim’s computer, and the infection starts.
Blended threats were borne out of threat actors’ need to evade detection and remediation. Using a malware with a single capability prevents it from achieving its goal.
What is Blowfish Encryption?
Blowfish encryption is a symmetric block cipher (a method that allows encrypting data in blocks) that can be used in place of Data Encryption Standard (DES) or International Data Encryption Algorithm (IDEA). It takes a key that varies in length from 32–448 bits. As such, it works for both domestic and exportable use.
Think of Blowfish as the passcode to your vault. You will need the Blowfish encryption algorithm to lock and unlock it.
What is Bluebugging?
Bluebugging is a hacking technique that allows individuals to access a device with a discoverable Bluetooth connection. Once the target device accesses a rigged link, the attacker can take full control of it. The hacker can read and send messages, access the victim’s phonebook, and initiate or eavesdrop on phone calls.
Initially, bluebugging focused on eavesdropping or bugging a computer with Bluetooth capability. With the increasing use of smartphones, cybercriminals shifted to hacking mobile phones. This attack is often limited due to the range of Bluetooth connections, which goes up to only 10 meters. Some attackers use booster antennas to widen their attack range.
It’s not much different from bugging a landline phone, except it can be done without gaining access to the physical device.
What is Bluejacking?
Bluejacking is a hacking method that lets a person send unsolicited messages (typically flirtatious but can also be malicious) to any Bluetooth-enabled device within his own device’s range. Also known as “bluehacking,” the process begins by scanning one’s surroundings for discoverable Bluetooth-capable devices.
Bluejacking is much like doorbell ditching, wherein a person rings someone’s doorbell and disappears before the homeowner can answer the door.
What is Bluesnarfing?
Bluesnarfing is the theft of information through Bluetooth. Hackers do it by sneaking into mobile devices—smartphones, laptops, tablets, or personal digital assistants (PDAs) whose connection has been left open by their owners. It implies exploiting Bluetooth vulnerabilities in order to grab such data as text or email messages, contact lists, and more.
It’s easy to become a victim of a bluesnarfing attack if you have the habit of using Bluetooth in public places and your phone is usually in discoverable mode.
What is a Botnet?
A botnet is a network of compromised devices created to launch an attack by sending a massive amount of traffic to a target server. A bot is any digital device that is entirely under the control of an attacker (the “botmaster”) without its owner’s knowledge. It does anything the botmaster commands, such as spam other computers, spread fake news, or bombard a server with random data.
With a botnet, an attacker can send out a torrent of spam, for example, that is more devastating than what a single device can manage. A botnet attack relies on an overwhelming number of bots to cause as much damage to the target as possible.
Think of it this way: If you get stung by a single bee, it will definitely hurt. But if you get stung by an entire swarm of them, it could be fatal.
What is Camfecting?
Camfecting refers to hacking into someone’s webcam and activating it without alerting its owner. Anything the camera can see, its operator (i.e., the hacker) can, too. It is usually done by infecting a victim’s computer with malware that lets the hacker access a connected webcam. The term is a combination of “cam,” short for “camera,” and “fecting” from “infecting.”
What is Clickjacking?
Clickjacking is a type of cyber attack wherein the perpetrator tricks website visitors into unintentionally clicking a page element or link disguised to lead to a non-malicious page when it actually does otherwise.
The attacker typically cloaks a page element (say, an invisible box) using a so-called “iframe.” Iframe is short for “invisible frame.” The malicious item sits on top, so it gets clicked instead of an image or hyperlink behind it. If we look under the hood, a link to the attacker’s page is located in the top frame, while the image or site link the victim thinks he/she is accessing is in the sub-frame.
Offenders also conceal links using uniform resource locator (URL) shorteners. In this case, the shortened form of the link hides the malicious URL. As a result, users get taken to a different destination from what they initially saw in the link preview.
If we were to draw an analogy, clickjacking is comparable to receiving a majestically wrapped present. But when you tear off the wrapping, you’ll only find an underwhelming item inside.
What is Cognitive Hacking?
Cognitive hacking is a cyber attack where threat actors manipulate victims’ perceptions by exploiting their psychological weaknesses. Attackers primarily use disinformation in their campaigns to fuel people’s biases and prejudices.
What is Cognitive Security?
Cognitive security refers to the cybersecurity practice that applies artificial intelligence (AI) and machine learning (ML) techniques and technologies. Therefore, cognitive security is patterned after the human thought process in making sense of complex situations.
Cognitive security solutions are developed based on the skills of human threat, fraud, and other cybersecurity analysts. Hence, they are used in threat and fraud detection and strengthening an enterprise's cybersecurity posture.
What is a Command-and-Control Server?
A command-and-control or C&C server is a device or machine under the control of a cybercriminal. An attacker uses a command-and-control server to maintain communications with and remotely control malware or malicious scripts within a target network.
A command-and-control server can also receive stolen data from compromised systems, including computers, mobile phones, and even Internet of Things (IoT) devices connected to an infected network. Some cyber attackers hide command-and-control servers in file-sharing services to evade detection and blocking.
A command-and-control server can be likened to the puppeteer who controls the puppets in a show. The puppets’ actions depend on the instructions issued by the command-and-control server.
What is a Computer Security Incident Response Team (CSIRT)?
A computer security incident response team or CSIRT (pronounced “see-sirt”), for short, is responsible for exposing and averting cyber attacks that target an enterprise. It focuses on responding to security incidents, hence the name.
What is a Computer Worm?
A worm is a type of malware that replicates without any intervention. It jumps from one digital device to another by leaving a copy of itself on anything that connects to the infected system.
For instance, it can stay on your computer seemingly harmless until you plug a USB stick. That thumb drive will carry a copy of the worm to other computers it gets plugged in to. Worms can also end up in a computer through a malware-carrying email attachment or when users access a contaminated website.
Digital worms behave very much like the parasitic worms after which they were named. They live within the bodies of animals. Some of them may transfer into other animals that come in contact with their host. So digital worms spread across computers and devices the same way parasitic worms spread throughout the population.
What is Credential Dumping?
Credential dumping is a cyber attack where a threat actor hacks into devices and steals their owners’ credentials from the random access memory (RAM). Also known as “password dumping,” the attacker steals and copies the data to a predetermined storage (typically a server). Once that’s done, the credentials are said to have been “dumped.”
You should know that each time someone logs in to an account on your device, his/her username-password combination gets stored in its RAM. An attacker can read that information since it is saved in plaintext.
Credential dumping is a crucial step in phishing and other cyber attacks.
What is the Creeper Virus?
The Creeper virus is the first computer virus ever developed. Bob Thomas created it in 1971 as an experimental self-duplication program. His idea, however, was not to cause harm and damage but merely illustrate how a mobile application works.
Without planning to, the Creeper virus corrupted Digital Equipment Corporation’s PDP-10 mainframe computers operating on the TEN-Extended (TENEX) operating system (OS). It messed up connected teletype computer screens, causing them to display the message, “I’m the creeper, catch me if you can!”
While the Creeper virus did corrupt systems, it is not considered a piece of malware like most of today’s computer viruses. The only damage it did was to display a message, nothing more. It did not destroy or steal data, demand a ransom, or render the actual mainframe inoperable.
What is Cryptanalysis?
Cryptanalysis is a means to decrypt ciphertext, ciphers, and cryptosystems. It works by understanding how they work to find ways to crack them despite the lack of plaintext source, encryption key, or algorithm used to mask information.
Ciphertext refers to encrypted text transformed from plaintext using an encryption algorithm. You can’t read ciphertext until you convert it into plaintext or decrypt it with a key. A cipher, meanwhile, is an algorithm used to encrypt or decrypt data. It is a series of well-defined steps to follow to encrypt or decrypt plaintext. Finally, a cryptosystem is a suite of cryptographic algorithms used to secure or encrypt information. It typically uses three algorithms—one for key generation, another for encryption, and one more for decryption.
Cryptanalysis can, therefore, be likened to cracking a safe without the passcode and accompanying key, if any.
What is a Crypto Malware?
A crypto malware is a type of malware that allows threat actors to use someone else’s computer or server to mine for cryptocurrencies. It has become one of the most prominent malware types since 2017. Why?
Crypto malware’s rise in popularity probably has a lot to do with the fact that cryptomining is a resource-intensive process that jacks up a user’s electricity bill for one and uses up his or her computer’s processing power, disallowing other tasks to be performed at the same time.
What is Cryptography?
Say, you have a diary where you keep your innermost thoughts and desires, and you want to keep it from falling into the wrong hands. You can create a code by substituting shapes or numbers for letters, for instance. That way, only you can read your entries. This is the idea behind cryptography.
In computing, cryptography is the process of disguising information. Cybersecurity specialists use crypters (software that turn plain text into code) to make information readable only to authorized people. For extra protection, these people need a cipher or key to translate the code back into plain text or readable format.
Cryptography helps users maintain the confidentiality of the information stored in and transmitted by computers. So, even if attackers steal encrypted data, they won’t be able to read it as long as they don’t have the cipher.
What is Cryptojacking?
Your electricity bill arrives and shows that your consumption has doubled. You haven't done anything out of the ordinary, so what's happening? It's possible that someone has been using your computer to mine for cryptocurrencies without your knowledge and consent. You've just become a cryptojacking victim.
Cryptojacking is the process of unauthorized mining for cryptocurrencies. Cybercriminals mine for Bitcoins using victims' computers (typically the servers of large enterprises with ample processing capacity), so they won't have to buy their own high-powered computers and pay the enormous electricity bills.
What is a Cyber Attack?
A cyber attack is an external attempt to get unauthorized access to and perform destructive actions on a victim’s computer system or network. It usually starts with hacking wherein an attacker compromises the security of a system then gains control of it.
Hackers then use compromised computers and devices for various malicious schemes. They can alter, expose, or disable these systems, depending on their motives. They can also turn them into bots or use them as entry points to steal confidential data. Some are even turned into parts of their criminal network to throw law enforcement agents off their scent.
What is Cyberbullying?
Some people like to use technology to threaten, shame, harass, or target an individual. This is called “cyberbullying,” and it takes place on the Internet. In a nutshell, cyberbullying refers to any misdeed carried out online to cause harm to a specific target.
Examples of cyberbullying include sending hurtful instant messages (IMs) to a victim, posting his or her embarrassing photos on social networks, or spreading rumors about them online. Sharing private information about a person to cause embarrassment or humiliation can also be a form of cyberbullying.
What is Cybercrime?
A cybercrime is an illegal act committed through the malicious use of a computer or network. The perpetrator of a cybercrime is usually motivated by the opportunity to profit financially. Anyone who unlawfully gains access to someone else’s computer or network to line his pockets with cash is a cybercriminal.
The most common example of cybercrime is phishing. Others would include cryptojacking, ATM skimming, and other malicious schemes whose primary motive is to defraud a target.
What is Cybersecurity?
Cybersecurity is the practice of protecting your computer hardware, software, and data from disruption, theft, or damage. It consists of layers of protective software and hardware that guard potential weak spots in computers, networks, and programs. It also includes keeping people informed of potential cyber threats and the right actions to take in case of an attack.
It’s like installing locks on the doors and windows of your house so thieves can’t get into it. In computing, that translates to installing security software that locks cyber thieves out of your computer.
What is Cybersquatting?
Cybersquatting is the act of registering or using a domain name to profit at the expense of someone else’s trademarked or copyrighted “brand” or “name.” It typically occurs when a malicious individual misspells a domain name to steal traffic intended for its legitimate counterpart. An example would be running a site named mike[.]com that mimics nike[.]com.
Cybersquatting also happens when a malicious individual grabs an expired domain name when its owner fails to re-register it. He can then sell it back to its original owner for a hefty sum.
Also known as “domain squatting,” cybersquatting is a cybercrime.
What is Cyberwarfare?
Cyberwarfare refers to an attack by one nation on another’s computer systems. The main weapon in cyberwarfare is computing technology. Typical attacks include hacktivism and spreading fake news especially related to national or political events—basically anything that can cause the target’s government to become unstable.
You can compare cyberwarfare to a silent war where battles are fought in secret with no explosions or bursts of gunfire typical of a conventional conflict. You hear only the soft taps of fingers on a computer keyboard. But once the Enter button is pressed, it’s enough to disrupt the operations of an entire nation’s government.
What is the Dark Web?
The Dark Web is a part of the Internet that is not indexed by search engines. The content there can only be accessed by special browsers that hide the identity of their users (that’s why it’s called “dark”). The anonymity it offers makes it a suitable venue for people who want to freely express themselves without fear of being persecuted. However, this freedom has also made the Dark Web a place for trading illicit content.
Think of the moon as the entire Internet. The side that faces the earth, the one that we can always observe, is the Web we know and use. But the dark side of the moon, the side that we never see, is like the Dark Web.
What is Dark Web Intelligence?
Dark Web intelligence simply refers to data collated from the Dark Web and the Deep Web. It is used to fight fraud proactively and substantially reduce losses. Apart from the Dark Web and the Deep Web, this intelligence can also come from malware networks, botnets, and other technical infrastructure cybercriminals use.
Since the Dark Web allows users to remain anonymous and, therefore, unidentifiable and untraceable, it has become a haven for cybercriminals. You should know, though, that the Dark Web wasn’t initially meant for sinister purposes.
What is a Data Breach?
A data breach is an incident where someone breaks into your computer and steals confidential information stored on it. This can be done by someone physically accessing the device, or by getting in through a network connection. The attackers often target databases containing customer data and copy them. In other cases, perpetrators can modify or delete important information. This is also known as “data loss.”
A data breach can be compared to a situation when someone breaks into your room and steals your diary where you keep your secrets and most-prized mementos.
What is Data Obfuscation?
Data obfuscation is a security measure that aims to mask any kind of information or file. It involves scrambling information to ensure anonymity. It is often a strategy organizations employ as a security measure, as it renders data useless in case of a breach. That way, no severe compromise can occur.
So, what is data obfuscation in simple terms? It can be likened to someone wearing a mask in public to remain unrecognizable. Obfuscation ensures that the data remains intact and that malicious individuals cannot read it.
What is Deperimeterization?
Deperimeterization is an information security strategy that strengthens an organization’s security posture by implementing multiple levels of protection, including inherently secure computer systems and protocols, high-level encryption, and authentication. It is called such since it implies that the enterprise no longer relies on its network perimeter for security.
Deperimeterization refers to perimeterless or borderless security, as the boundaries of an organization’s information systems (ISs) are removed, thereby connecting them directly to the outside world. It’s similar to taking down the walls of a fortified city and deploying armed soldiers everywhere instead.
What is a Dictionary Attack?
A dictionary attack is a means for a hacker to illegally access a computer by trying out various combinations of words and phrases to crack passwords. Hackers take into account the most commonly used passwords such as birthdays, anniversaries, and the like to execute a dictionary attack.
When writing, you often use a dictionary to choose the right word to describe something. In a dictionary attack, a hacker uses a so-called “word list,” much like a writer would a dictionary. The word list contains a hashed or encrypted list of words that can match a user’s password when decrypted.
What is a Digital Certificate?
A digital certificate serves as a computer user’s credentials that let another party verify his/her identity to facilitate a secure online transaction. In essence, a digital certificate acts as proof of someone’s identity. For enterprises, digital certificates serve as a numerical value or a public key cryptographic key that can be used to encrypt data to enable transactions over the Web via a secure connection without fear of compromise.
You can think of a digital certificate as a driver’s license or any proof of identification to validate your identity.
What is Digital Forensics?
Digital forensics is the practice of recovering and investigating digital information involving a cybercrime. Digital analysts (those who perform the practice) collect email addresses, domains or IP addresses, malicious files, and other digital evidence to identify and prove the guilt of suspects. It’s a tedious but essential process in persecuting cybercriminals.
Digital forensics is the cyber equivalent of a full-scale criminal investigation. Criminal investigators unearth a wealth of physical evidence from a crime scene. Likewise, digital analysts can reveal patterns and irregularities in computer activities that can establish that a crime was committed and may point to who the criminals are.
What is a Digital Signature?
A digital signature is a mathematically generated code that validates the authenticity of a software, message, or digital file. It uses encryption techniques that are secure enough to be considered legal and binding in some countries. It guarantees that the file has not been altered during transmission, providing a layer of security against cyber threats and attacks.
When a person creates a digital signature, two additional encrypted files are created. These are the “private key” which stays with the signature owner, and the “public key” which is sent along with the signed document to let the recipient open it.
A digital signature is like a person’s thumbprint. It is undeniable proof of that person’s identity.
What is a Disaster Recovery Team?
A disaster recovery team is the group in an organization tasked to develop, document, and execute processes and procedures for data recovery, business continuity, and IT infrastructure repairs in case of an attack or failure.
Think of it as a race car’s pit crew that ensures it will run efficiently throughout a race.
What is a DNS Sinkhole?
A Domain Name System (DNS) sinkhole is simply a DNS server that gives users false domain names. It is also known as a “sinkhole server,” an “Internet sinkhole,” or a “blackhole DNS.”
The DNS was set up to point users to the correct IP address every time they type a specific domain name into their browsers in hopes of visiting a particular website. When a sinkhole appears after an earthquake, for instance, all of the structures on the ground in it sink. In the same vein, a DNS sinkhole disrupts the intended flow of Internet traffic from a domain name to its correct IP address. As a result, anyone who accesses one gets sent to a different IP address.
What is DNSSEC?
Domain Name System Security Extensions (DNSSEC) is a security feature that makes sure you are connecting to a legitimate website and not a fake one while attempting to access a page through its domain name.
Here’s how it works. Every domain name has a digital signature which can tell if it is clean or is being used by hackers to victimize Web users. DNSSEC’s role is to prevent people from falling into the trap by first verifying the trustworthiness of the digital signature of the domain name that you enter in a browser. If it checks out, then you are assured of being on the right and safe location.
What is Document Sanitization?
Document sanitization is the process of removing metadata from a document to avoid sensitive information falling into unauthorized people’s hands. Document metadata refers to invisible information in a document, such as its creation date, author’s name, revision history, and the comments exchanged by the author and editor.
Even when some of the said data is deleted, there’s still a chance it has been digitally stored within the document. And since metadata can contain sensitive information, removing it is crucial before distributing the document to other people.
For example, a contract drawn by a law office may have undergone several editing and revision phases. The author, editor, and everyone involved may have left and addressed comments in the document before the contract was finalized. Before sending the contract to the necessary parties, it has to go through document sanitization first so that only the intended information is sent.
What is a Dumpster Diving Attack?
A dumpster diving attack is a type of cyber attack made possible by searching through the victim’s trash.
While you might be imagining a messy and filthy scenario where a person dives into a dumpster, the reality is less unsanitary. In a dumpster diving attack, threat actors could be in and out of the dumpster in a matter of minutes. But they may already have their hands on a box full of confidential documents, storage devices, and workstations.
What is an Eavesdropping Attack?
An eavesdropping attack occurs when cybercriminals steal information sent or received by a user over an unsecured network. It is also known as a “sniffing attack” and can come in different forms.
The use of the two terms “eavesdropping” and “sniffing” makes the attack seemingly mild but attackers actually do more than eavesdrop or sniff. Victims of an eavesdropping attack could suffer severe losses, as eavesdroppers could obtain sensitive information that they can sell for malicious purposes.
What is Embedded Systems Security?
Embedded systems security is a strategy that provides embedded systems protection from cyber attacks. Embedded systems, also known as “embedded computers,” are small devices with a dedicated function within a more extensive system.
Internet of Things (IoT) devices are examples of embedded systems. For instance, smart household appliances, such as your refrigerator, thermostat, and security alarm perform different functions. However, they are part of the whole household system and interconnected to each other through the Internet.
Embedded systems security aims to protect the software running on these devices since malicious actors are increasingly targeting them.
What is Encryption?
Encryption is a process of locking up information so that only the intended recipients can unlock and access it. This is done by special software called “crypters”. They use mathematical procedures to convert data into a scrambled secret code. The recipient needs a password to unlock its contents. Encryption does not prevent the data from being intercepted. But an attacker that does manage to obtain the encrypted information will not be able to make sense of it.
The encryption process is like placing your valuables in a lockbox. Even if someone gains access to the box, they cannot open it without the key.
What is Ethical Hacking?
Ethical hacking is the practice of exposing weaknesses in computer systems and networks. By doing so, you are alerted to potential problem areas that need to be addressed before cyber attackers can exploit them. Employing the same methods malicious hackers use, ethical hackers test your cybersecurity defenses. They assess how prepared you are to withstand an actual attack.
Here’s how you can think of it. To prepare for an important match, a boxer may spar with someone who has the same style as the upcoming opponent. The sparring partner can help expose the boxer’s weaknesses against the other fellow. This helps him make the necessary adjustments and prepares him for the fight. Ethical hacking gives a similar advantage to a company’s computer systems.
What is an Evil Maid Attack?
An evil maid attack targets an unattended device. The attackers with physical access to the device make undetectable changes to it so they can access it or the data stored on it later on.
The attack got its somewhat derogatory name from the scenario where a hotel maid could access an unattended device while cleaning a room. Note, though, that the concept can also occur in situations where a device is temporarily taken away from its owner, such as by airport personnel or law enforcement agents.
What is an Evil Twin Attack?
An evil twin attack uses a fake Wi-Fi access point that seems legitimate but is actually meant to eavesdrop on wireless communications. It is a phishing scam targeting wireless local area networks (WLANs). It lets attackers steal the passwords of unsuspecting WLAN users by monitoring their connections or through phishing. The latter requires threat actors to set up fraudulent websites to lure people to.
Physically, an evil twin attack can be compared to the following scenario: The attackers set up a booth in a conference. They ask attendees to leave their business cards in a fishbowl in exchange for freebies. Little do the people who unknowingly give out their personal details know that they are being targeted for scams.
What is External Attack Surface Management?
External attack surface management (EASM) refers to the process of identifying risks originating from Internet-facing assets and systems. Apart from processes, EASM also encompasses the necessary technologies to discover external-facing assets and manage their vulnerabilities, if any.
EASM includes managing servers, credentials, public cloud misconfigurations, and third-party partner software code vulnerabilities that threat actors could exploit to get to their intended targets. At its core, EASM takes an outside-in view into an organization to identify and mitigate threats that exist beyond its network perimeter.
What is External Penetration Testing?
External penetration testing is a security strategy that assesses an organization’s external-facing assets. These assets include web applications, virtual private network (VPN) solutions, routers, firewalls, and smartphones.
In an external penetration test, assessors attempt to breach an internal network by exploiting vulnerabilities on external-facing assets. Testers can also try to access confidential data using external-facing assets like emails, websites, and file shares.
The pen-testers first need to conduct reconnaissance on the organization’s assets. They gather intelligence, including open ports, vulnerabilities, and general information about its password creation policies. Once they successfully breach the network’s perimeter, the external penetration test is done.
What is Federated Identity?
Federated identity in information technology (IT) refers to the identity management model that links a person’s account details across multiple websites. Federated identity management (FIM) is the reason why you can log in to websites like Canva, Pinterest, and eBay with either your Google, Facebook, or Apple account.
Despite having their identity management systems, these websites are linked through standard policies and protocols. Canva, for instance, is federated with Google, Facebook, and Apple so that the users of the three sites can log in to its platform without having to go through a different login process.
What is a Firewall?
A firewall is a piece of software that adds an extra layer of security to your computer. It is typically used with antimalware to prevent unauthorized users from gaining access to your systems. It lets you transmit information freely, but checks any incoming data using security rules you set up. Inbound traffic that does not conform to these rules is rejected. This reduces the amount of unwanted traffic and frees up more resources for legitimate data communication to take place.
You can compare a firewall to an electric fence that provides extra protection against thieves and other suspicious characters.
What is a Green Hat Hacker?
A green hat hacker is a newbie in the hacking world. As such, green hat hackers may not be as familiar with all the security mechanisms companies or individuals may be using. Unlike the other hacker categories, they may not be as well-versed with the inner workings of the web.
What green hat hackers lack in experience, however, they make up for in eagerness to learn and determination to go up the ranks of the hacker community.
Green hat hackers are not necessarily threat actors. In fact, they may not intentionally want to cause harm to others but may do so while practicing their craft.
What is a Grey Hat Hacker?
A grey hat hacker is an individual who employs illegal means to discover threats even though he/she does not share the malicious intent commonly attributed to black hat hackers. Grey hat hackers occupy the middle ground that lies between white hat hackers who aim to protect systems and networks from attacks and black hat hackers who exploit vulnerabilities for malicious gain. In essence, a grey hat hacker looks for vulnerabilities without the hardware or software manufacturer’s permission to spread awareness about his/her findings.
Grey hat hackers are like modern-day Robin Hoods who are willing to forgo ethics and laws for the greater good.
What is Hacking?
Hacking is the process of seeking out vulnerabilities or weaknesses in your computer system that attackers can exploit to gain access, steal information, and sometimes, even disable its operation. There are many ways of hacking into a computer. These include methods like brute-force attacks, social engineering, using Trojans, vulnerability exploitation, and others.
If you think of your computer as a house, then hackers would be like thieves trying to find the best and most efficient way to break into it. Therefore, to keep your important data to yourself and staying safe online,you should heed experts advice and use sound practices.
What are Indicators of Compromise?
Indicators of compromise (IoCs) refer to forensic data like that found in system or file logs that indicate potentially malicious activity on a system or network. They help information security and IT professionals detect data breaches, malware infections, or the presence of threats.
Monitoring for IoCs lets organizations detect attacks and act quickly to prevent breaches or limit the damage by thwarting attacks as soon as possible.
What is an Input Validation Attack?
Input validation attack is a form of cyber attack where threat actors type a malicious input into a system. The input can be a piece of code, a script, or a command, which the target system then executes. As a result, threat actors can damage the system and access, copy, and manipulate sensitive information.
The cyber attack takes advantage of a vulnerability in applications and systems where user input is not thoroughly filtered and validated. Such a vulnerability creates an opportunity for malicious actors to exploit the system. An input validation attack falls under the injection vulnerability umbrella, one of the top 10 web application security risks named by the Open Web Application Security Project (OWASP) Foundation.
What is an Insider Threat?
Not all threats to an organization's security come from the outside. Many of them may come from its own people. These are categorized as "insider threats."
"Insiders" can refer to employees, third-party associates, or partners who have access to your network. Some insider threats are accidental. This happens when an employee is, for instance, tricked into giving out proprietary information (a secret recipe, access rights to the corporate bank account, and so on) through blackmail or extortion.
Others can be downright malicious. In this case, the insider deliberately wished to cause potential harm. An example of this would be a disgruntled employee who accepted a bribe from your company's major competitor to pass on confidential information to them.
Insider threats are like rot-causing molds or insects that weaken wood from within.
What is Integrated Risk Management (IRM)?
Integrated risk management (IRM) refers to practices and processes done via a risk-aware culture and enabling technology. It improves business decision-making and performance by giving users the whole picture of how well their organization manages risks.
Think of it as a way to monitor and manage risks (e.g., security threats, compliance requirements, etc.) using a single platform. You only need to look at one monitor, for instance, and already see if problems can potentially spring up from identified issues.
What is a Key Fob?
A key fob originally referred to tiny security hardware with built-in authentication to control and secure access to mobile devices, computer systems, network services, and data. It randomly generates an access code that changes periodically, typically every 30–60 seconds. To use a key fob-locked device, users need to authenticate themselves on the fob with a personal identification number (PIN), followed by the current code displayed on it.
These days, though, even car keys come in the form of key fobs to open doors and even ignite their engines. Before the first key fobs for American Motors cars emerged in 1983, these were only used on personal computers (PCs).
What is a Key Management System?
A key management system is a solution that manages the cryptographic keys in a cryptosystem. Think of it as the cabinet where a hotel stores all the room keys. It’s where the receptionist obtains the key to your room so he or she can hand it over to you once you’ve completed the check-in process.
Unlike the hotel’s key cabinet, however, which you can see physically, the key management system we’ll talk about in this post exists virtually—inside your computer.
What is Quantile Normalization?
Quantile normalization, in the field of statistics, is a technique that makes two distributions identical in statistical properties. The two distributions in this instance, which we’ll discuss later, are the test and reference distributions. To make them identical in terms of statistical properties, the highest entry in the test and reference distributions should be aligned, followed by the next highest, and so on.
While it sounds complex, you can think of it as two lines of five students arranged by height (i.e., shortest to tallest). The first line could have Ross, Chandler, Joey, Gunther, and Frank, and the second could have Phoebe, Monica, Rachel, Ursula, and Janice. To quantile-normalize the lines, Ross and Phoebe (the shortest male and female, making them identical in the statistical property height) will be the first test and reference subjects, respectively, followed by Chandler and Monica, and so on.
What is a Keylogger?
A keylogger is a computer program that records the keys that the user strikes on his computer keyboard, making it possible for an attacker to collect his login credentials—everything a cybercriminal needs to steal his identity or money.
A keylogger can end up on your computer when you download an infected file or email attachment. It can also land on your device with a simple visit to a site designed to drop it.
A keylogger can be the computing equivalent of a video camera or an audio recorder.
What is Koobface?
Koobface is the name of a piece of malware and the cybercriminal gang behind it that gained infamy in the late 2000s.
As a malware variant, Koobface emerged in 2008. It spread via social media platforms, notably Facebook, hence its name—a palindrome of the social networking site’s name.
The Koobface gang, meanwhile, is believed to have five Russian members. They called themselves “Ali Baba & 4.” They were Anton Korotchenko, also known as “KrotReal”; Stanislav Avdeyko, AKA “leDed”; Svyatoslav E. Polichuck, AKA “PsViat” and “PsycoMan”; Roman P. Koturbach, AKA “PoMuc”; and Alexander Koltysehv, AKA “Floppy.”
What is LDAP Injection?
An LDAP injection is an attack that exploits vulnerable Web-based applications that construct LDAP statements based on user input. If a program fails to sanitize user input, attackers can modify LDAP statements using a local proxy. That could let them execute arbitrary commands, such as granting permissions to unauthorized queries and content modification inside the LDAP tree.
An LDAP injection attack often uses the same exploitation techniques employed in SQL injection attacks.
What is a Logic Bomb?
A logic bomb is a piece of malicious code purposely inserted into software that executes when a specific set of conditions are met. An example would be one that starts deleting files from say a salary database should the company fire its creator.
Many malware variants contain logic bombs that execute specific payloads at predefined times or when certain conditions are met. The tactic allows the malware to spread before they get noticed. Some can attack the systems they’re dropped on a specific date like April Fools’ Day and so are often called “time bombs.”
What is a Malicious Payload?
A malicious payload is an attack component responsible for executing an activity to harm the target. Some common examples of malicious payloads are worms, ransomware, and other malware that arrive on computers by clicking bad links or downloading harmful attachments.
Malicious payloads can cause data deletion, encryption, and exfiltration. In some cases, threat actors encrypt payloads to keep their malicious code hidden from antimalware solutions.
Think of malicious payloads as soldiers in camouflage. They only attack when given a signal. Malicious payloads also remain inactive until activated.
What is Malware?
Short for "malicious software," malware is a type of computer program that helps cyber attackers carry out malicious activities using your computer.
A careless download or visit to a malicious site can cause a piece of malware to be installed on your system. And it won’t take long before it starts stealing your files, deleting important data, or spying on you.
There are many types of malware, each one specializing in a specific kind of mischief.
What is a Masquerade Attack?
A masquerade attack is one where the perpetrator assumes the identity of a fellow network user or co-employee to trick victims into providing user credentials that he/she can then use to gain access to other connected accounts.
Threat actors carry out masquerade attacks by stealing username-and-password combinations via phishing and other means, exploiting security weaknesses or vulnerabilities, or bypassing authentication processes. But the attacker always does so from within the organization.
A masquerade attacker is comparable to a wolf in sheep’s clothing. He/She assumes the identity of someone harmless to gain an unsuspecting victim’s trust.
What is Network Security?
Network security refers to the set of procedures, programs, and technologies that an organization uses to ensure the safety of the computers and the integrity of data in its network. Having a secure network translates to keeping users safe from cyberattacks and ensuring that programs and tools perform their functions well.
You can think of network security personnel as the armed forces of your computer systems. Armed with state-of-the-art weapons, your troops are always on high alert and ready to defend your computing resources from attackers.
What is Network Segmentation?
Network segmentation is the process of dividing a network into smaller parts for various reasons—control, security, and boosting performance. It is also referred to as “network segregation,” “network partitioning,” and “network isolation.” Each part of a segmented network is called a “subnetwork” or “subnet.”
So when you’re asked “What is network segmentation?,” think of a subnet as a room in your house. You divide your living area into different spaces to designate areas for rest, recreation, and work. Without the partitions, you may end up eating anywhere, thus inviting pests if you don’t have that much time to clean daily.
What is Open Relay?
An open relay or open mail relay is an unsecured Simple Mail Transfer Protocol (SMTP) server that permits anyone to send messages anonymously. When you have an open relay SMTP server, outsiders can send emails to anyone through it. The outsiders in this case could be anyone on the Internet, including spammers, phishers, and other threat actors.
The mail recipients won’t know who the email is from, so threat actors are accorded anonymity. But their mail servers would know that the message was sent through your mail server and can get it blocklisted as a result. Some blocklists even automatically block open relay servers to protect email users from spam.
What is Operating System Security?
Operating system (OS) security is a means to protect one’s OS from all kinds of threats. The OS, of course, is the user interface (UI) that allows a user to interact with his or her computer. He or she types in commands for the system to execute.
Operating system security includes all of the preventive and control measures one puts on his or her computer to safeguard it and other connected devices (e.g., printer, etc.) that contain confidential information that hackers would likely steal, modify, or delete if the system is compromised.
Think of operating system security as all of the procedures (e.g., going through a security check at a building entrance, etc.) and measures (e.g., locking out all unauthorized personnel from internal staff-only rooms, etc.) that building managers and staff employ to keep thieves and other unwanted people out of office premises.
What is OSINT?
OSINT, short for “open-source intelligence,” refers to information obtained from publicly available sources to produce actionable intelligence. If you’ve never come across the term “actionable intelligence” before, it is the data cybersecurity specialists use to thwart cyber attacks, prevent threats from entering their networks, or mitigate ongoing attacks.
Given the OSINT meaning above, it’s primarily used for national security, law enforcement, and business intelligence gathering.
What is Packet Capture?
Packet capture refers to seizing a data packet that is traveling to or from a specific computer network. When a packet is “captured,” it is stored temporarily for analysis. It is inspected to diagnose and solve network problems and determine if its structure follows network security policies.
Hackers or threat actors use packet capturing techniques to steal data transmitted over a network.
You can liken packet capturing to an airport’s passenger entrance security protocol. Pieces of baggage and passengers go through a stringent check to make sure they don’t contain or aren’t carrying any forbidden items that can cause any damage to anyone or the establishment itself.
What is Packet Sniffing?
Packet sniffing refers to the use of an appliance or program (known as a “packet analyzer”) to capture data packets or data units that cross a network. A network packet contains information about the user, its source and destination, and its user’s browser version, among others. Packet sniffing decodes the content of these packets for later inspection, but it cannot change it.
Through this mechanism, security engineers can analyze and monitor network traffic and determine if the packets are formatted as per Internet standards. By doing so, they can ensure that the packet contents are not forged or malicious.
Packet sniffing also ensures that a network is functioning correctly. It allows engineers to troubleshoot network latency or speed. It also assists in identifying the network’s traffic pattern or how traffic travels from one node to another.
Interestingly, nefarious actors also employ packet sniffing to steal user data. However, they can only accomplish this if security vulnerabilities exist in your network or if you use weak credentials for your accounts.
What is Passive Reconnaissance?
Passive reconnaissance is an attempt to gather information about targeted computers and networks without actually communicating with them. The term originated from the military, which does passive reconnaissance before embarking on an information-gathering mission. Instead of attacking right away, they first obtain the necessary information to direct their strategies. Today, passive reconnaissance has become the first step hackers take before exploiting system or network vulnerabilities.
Think of passive reconnaissance as stalking someone on social media. While you’re not necessarily talking directly to your subject, you are actively seeking information on him/her.
What is Password Management?
Password management is a set of principles and processes to be followed online in order to manage and store passwords securely and effectively and prevent unauthorized access as much as possible.
People use password managers to handle their passwords due to the more extensive security and comfort that they provide.
What is Penetration Testing?
Penetration testing (pen testing) is a deliberate procedure to test an IT infrastructure and discover if it has security vulnerabilities. These weaknesses can take the form of software bugs, badly configured hardware and software, and end-user behaviors that compromise security.
Staging a penetration test (pen test) takes careful and methodical planning. It involves careful study of the computer systems, employs automated scanning tools to uncover vulnerabilities, and then verifies and validates the results. All these, of course, while disrupting business operations as little as possible. The information is the basis for a report that can help improve security.
Penetration testing can be compared to a fire drill. It simulates the threat to assess how people will react. Any issues during the drill are noted and addressed.
What is Perimeter Security?
Perimeter security comes from a built-in multipurpose system that detects threats, performs surveillance, and analyzes attack patterns. As such, it often serves as a network’s first line of defense against many dangers that can harm connected systems.
An airport that serves as the gateway to and from a country typically uses perimeter security made up of intrusion detection systems (IDSs), alarms, and 24-hour-manned closed-circuit television (CCTV) cameras to ensure that any criminal who goes in and out of a protected territory is caught.
In computing, perimeter security follows the same principle to protect valuable data. Various elements or systems work together to keep confidential data safe from unauthorized access.
What is Pharming?
Pharming is a type of cyber attack where cybercriminals intentionally redirect you to a fake version of the website you hoped to access to steal your username and password. Pharming combines the terms “phishing,” a similar type of cyber attack, and “farming.”
Phishing uses deceptive email, social media, or text messages asking you for your financial information, while pharming requires no lure.
Pharming, the digital equivalent of spotting a detour sign while driving, pushes a driver to take a detour toward a waiting group of robbers.
What is Phishing?
Phishing is a type of cyber attack wherein cybercriminals send potential victims an email or an ad with a malicious link cleverly designed to hook them with a promise—a hard-to-resist product offer or a reward. Once you click the link, you'll be asked for your credit card number or bank details. These are then either sold to the highest bidder or used to steal from you.
A phishing campaign often succeeds because hackers use the names of people you would normally communicate with via email, social media, or Short Message Service (SMS) or text.
Like dangling bait to attract fish, phishing involves dangling something to entice users into revealing sensitive secret data.
What is Phishing-as-a-Service?
Phishing-as-a-service (PhaaS) occurs when cybercriminals sell access to all the things you’ll need to instigate a phishing attack in the black market typically found on the Dark Web. The business model follows the legitimate software-as-a-service (SaaS) model. Companies offer users access to their specially crafted solutions for a subscription fee instead of purchasing a license to install the program on their computers.
PhaaS has made it easy even for cybercriminal newbies to launch phishing campaigns even if they can’t code.
What is PII?
Personally Identifiable Information (PII) are the unique pieces of information that make up your identity and distinguish you from others. Cybercriminals typically go after these because they sell for a nice profit on underground forums and markets.
The PII that one can gather from public records such as a telephone directory are classified as “nonsensitive.” In contrast, PII that includes bank account and credit card numbers, medical records, passport details, and social security numbers are considered “sensitive” and so need to be protected.
What is the Ping of Death Command?
The ping of death (PoD) command is a type of denial-of-service (DoS) attack where hackers work to destabilize or freeze the target computer service. They do so by sending oversized packets via a ping command. The ping command checks the availability of a network resource.
Using the ping of death command requires attackers to send data packets above the maximum limit that the Transmission Control Protocol/Internet Protocol (TCP/IP) allows. Since the packets are more than what a server can handle, they can cause the target system to reboot, freeze, or completely crash.
What is Post-Quantum Cryptography?
Post-quantum cryptography is an encryption approach that aims to provide security in anticipation of the development of quantum computers. These computers can perform more powerful computations than regular ones and are believed to break existing cryptographic algorithm approaches.
Post-quantum cryptography is also referred to as “quantum-resistant,” “quantum-proof,” or “quantum-safe” cryptography. Cryptographic experts started exploring the development of post-quantum cryptography around the 1990s after mathematician Peter Shor demonstrated that a quantum computer could easily crack public-key encryption.
Back then, the quantum computer was still theoretical. Large tech companies like IBM and Intel have invested billions of dollars in developing quantum computers in recent years. Post-quantum cryptography helps us protect our data when these quantum computers become available.
What is Pretty Good Privacy?
Pretty Good Privacy (PGP) refers to a cryptographic program designed to protect the privacy of confidential emails against hackers and unintended recipients. PGP ensures that only the person you are sending the email to and no one else will be able to open it and lay eyes on its content.
PGP does its job by using two keys or mathematical equations that are typically used in cryptography. The first key, called a “public key,” translates the raw file or message into unintelligible code. The second key, called a “private key,” is known only to the recipient who uses it to open the file or message.
What is Purple Team Security?
Purple team security is a methodology where so-called red and blue security teams work closely to maximize their cyber capabilities through continuous feedback and knowledge transfer. It helps security teams improve their vulnerability detection, threat hunting, and network monitoring through accurate simulations of common threat scenarios and creating new techniques to prevent and detect new threats.
You can think of purple team security or purple teaming as a red and blue team security combination. We’ll tell you all about each type of security methodology in the following sections.
What is a Quid Pro Quo Attack?
A quid pro quo attack is a low-level form of hacking that relies on social engineering. An example would be when an attacker calls your phone pretending to be from one of your service providers’ technical support representatives. He or she will offer you some assistance, which would, however, only work if you’re experiencing some difficulty.
Availing of the hacker’s “service” actually gives him or her access to your computer, device, or home network to plant malware. Therein lies the rub, as successful ransomware installation, for instance, can let attackers hostage your files for large sums of money.
What is a Rainbow Table Attack?
A rainbow table attack is a hacking method that involves the use of a rainbow hash table. This table contains the values used to encrypt the passwords before adding them to the database.
Cybercriminals favor rainbow table attacks over other types such as dictionary and brute-force attacks because the former allow them to crack passwords faster.
What is Ransomware?
Ransomware is a type of malware that locks you out of your files or entire system then blackmails you into handing over money (usually in the form of cryptocurrency) to regain access to your own properties.
Ransomware-infected systems display ransom notes containing the attacker's demands. Some even come with timers and the threats that if you don't pay up before time runs out, you'll never see your files or be able to use your computer again.
Imagine yourself all set for your weekend movie marathon. But as you get comfortable on your sofa, you realize the remote control is nowhere to be found. That's when you hear a voice calling out, "You can't watch your movies until you mow the lawn first!" That's essentially how ransomware works.
You can learn more about ransomware in our article What is Ransomware: How It Works and How to Remove It.
What is a Red Hat Hacker?
A red hat hacker is a hacker who takes aggressive steps to stop black hat hackers. While red hat hackers are not inherently evil, they do everything they can to stop the bad guys, including taking matters into their own hands. They go to the lengths of launching full-scale attacks to take down cybercriminals’ or cyber attackers’ servers and destroy their resources.
Red hat hackers are often dubbed the Robin Hoods of the virtual world. Like the heroic outlaw, they are not opposed to stealing back what the cybercriminals or cyber attackers stole from their victims. And like Robin Hood and his Merry Men, they won’t keep the stolen goods for themselves. Instead, they will give them back to their owners.
What is a Replay Attack?
A replay attack happens when cybercriminals eavesdrop on secure network communications, intercept them, and change them to make the receivers do what they want. What makes it more dangerous, though, is that it does not require advanced hacking skills when the target messages are not encrypted.
You can compare it to fraudsters who steal mail from your mailbox (a service provider bill), open it, replace its content (the account details where payment should be sent with those that point to an account under the attackers’ control), and resend it via the same postal office like nothing happened.
What is a Reverse Shell?
A reverse shell is a type of session cyber attackers commonly use to open communication ports between their machines and the victims’. It is also one of the penetration testers’ go-to methods.
A reverse shell, also known as a “connect-back shell,” takes advantage of the target system’s vulnerabilities to initiate a shell session then gain access to the victim’s computer. The goal is to connect to a remote computer and redirect the input and output connections of the target system’s shell so the attacker can access it remotely.
What is Safety?
‘Safety’ in cybersecurity terms means maintaining an environment that promotes the interest and personal safety of Internet users. Safety’s focus on people contrasts with that of ‘security’ which is concerned with the protection of data, information systems, and computer networks including electronic devices and servers.
Maintaining a safe online environment implies using technology such as firewalls or antivirus software that protect users from risks to their private information and financial transactions. Internet safety also extends to protection from inappropriate content or malicious software programs.
While security and safety are both important, it is considered that safety has far more weight because it concerns people and not machines.
What is Sandboxing?
Sandboxing is a process where an application is separated from other programs and system resources for security purposes. So if the application proves malicious, the other systems and programs in the same network would not be affected or infected with malware. Afterward, the malicious program can either be cleaned if it is required or deleted if it is unnecessary, without causing problems within the networked environment—essentially, the systems and devices that are connected to one another and the Internet.
It is just like building sandboxes in real life. They are made to contain playtime within a specified area because you don’t want toys to be scattered throughout your yard. It also prevents your child from wandering to potentially dangerous areas.
What is the Sasser Worm?
Sasser (detected as Sasser.A) is a computer worm, a type of malware, that affects computers running vulnerable versions of Microsoft Windows XP and Windows 2000. It spreads by exploiting a port vulnerability, specifically in Transmission Control Protocol (TCP) port 445, which authenticates or identifies network users.
While Microsoft released a patch for Sasser in its MS04-011 bulletin 17 days before the first attack hit, the worm still wreaked a lot of havoc when it spread to many computers back in April 2004.
What is a Script Kiddie?
A script kiddie, or skid, is a term that describes a young hacker who has much to learn yet acts as if he or she knows everything.
Most of them are teenagers who are in it for fun and treat hacking as a game. Mostly they hack for bragging rights. They also don’t make a real effort to improve their hacking skills. Most don’t even know how to write a hacking program or ‘script’ and are content to pirate those made by others. This lack of skills often leads to their arrest because they leave a trail that’s easy for investigators to track down.
What is a Security Architecture?
When talking about security architectures, what immediately comes to mind are security tools and applications such as firewalls, antivirus software, antimalware programs, and the like. However, a security architecture is the sum of all those things and more.
“Security architecture” is the term used to define the overall system required to protect an organization’s IT infrastructure. Such a system includes the specifications, processes, and standard operating procedures (SOPs) involved in preventing, mitigating, and investigating different threats. Just as a building’s architectural design instructs engineers how to build a structure, a security architecture defines how personnel should carry out security processes.
What is Security Awareness?
Security awareness is a mindset where company personnel are constantly conscious of securing all computing assets from any kind of digital threat. It’s the company's first line of defense against relentless cyber attackers. Employees who are vigilant against threats and know what to do in the event of an attack increase the organization’s chances of repelling attempts to control their computers and networks.
You can think of security awareness as the old practice of tying a string around your finger to remind you constantly of something. In this case, it reminds you to always keep your guard up against cyber attacks.
What is Security by Design?
Security by design or secure by design is an approach to product development that considers cybersecurity at the onset. It does away with the “let’s cross the bridge when we get there” outlook on cybersecurity and makes software or hardware more secure. It is similar to designing a house and ensuring that it is earthquake-resistant and hurricane- or typhoon-proof.
Security by design ensures that security controls are built into a product’s design, rather than as an afterthought. Such an approach reduces the likelihood of cybersecurity breaches and has become common in product development.
What is a Security Framework?
A security framework is a compilation of state-mandated and international cybersecurity policies and processes to protect critical infrastructure. It includes precise instructions for companies to handle the personal information stored in systems to ensure their decreased vulnerability to security-related risks.
Since a security framework has proven useful to entire industries, many, if not all, organizations strive to adhere to their mandates when crafting security guidelines for their networks.
What is a Security Incident?
A security incident is an event that may indicate an attack on an organization’s system or network. It can also signal that security measures in place failed to protect one’s computer from an attack. Most security incidents involve unauthorized system access that may disrupt a target’s normal operations, violate policies, and expose sensitive data.
Outside computer networks, a security incident is comparable to a botched burglary. While the thieves may have been able to get into a target compound, they may have failed to open the safe.
What is a Security Misconfiguration?
A security misconfiguration is an error that occurs when security controls are inaccurately configured or left insecure. It puts systems and data at risk. And any poorly documented configuration changes, default settings, or technical issues in any system component could lead to a misconfiguration.
Simply put, therefore, a security misconfiguration is any error in how a device has been set up to work.
What is a Security Zone?
A security zone is a part of the network to define specific policies and protocols to keep the entire network threat-free. The components of a security zone may have limited access to other parts of the internal network to prevent unauthorized access.
You can think of a security zone as parts of your home that only specific family members can enter. You can disallow helpers and your kids to enter your home office, for instance. Security zones can refer to executives’ offices and your HR’s document storage room in an office. They should be closed off to all other employees because they may contain confidential files that no one else should see.
Security zones come in various types and have different uses, which will be discussed in greater detail in the succeeding sections. We’ll also tackle some policies applied to security zones.
What is Security-as-a-Service?
Security-as-a-service is any service obtained from a third party to handle and manage cybersecurity needs. As with software-as-a-service (SaaS), security-as-a-service delivers cybersecurity from the cloud, making it a popular choice for organizations to limit their number of in-house security personnel, reduce maintenance costs, and scale security along with business growth.
With security-as-a-service, companies no longer need to purchase security solutions and manage and maintain them locally. Their IT departments no longer need to install antimalware and other security tools on each device or server. All of these would be taken care of by their providers.
Think of it as hiring a professional team of security guards that ensures that no unauthorized personnel or unwanted guests are allowed entry into your premises. You don’t need to hire nor train them yourself.
What is Shift Left Security?
Shift left security is the practice of applying security to an application in development at the earliest possible stage. Instead of testing how secure your program is when it’s near the end of the product development life cycle, you do so as early as possible. That not only saves you time and effort in revamping the entire software code in the end but also ensures better security and efficiency.
When you’re cooking, you can liken shift left security to tasting your dish as soon as you finish seasoning it to quickly make adjustments before it becomes too late.
What is SIEM?
Security information and event management (SIEM) refers to software that monitors data traffic (both incoming and outgoing) from computers, servers, applications, and any other Internet-connected device or application that make up an organization’s network.
The SIEM system constantly analyzes this data and helps you decide if there is a looming threat or an on-going attack. This lets you take the appropriate steps to deal with these problems before they escalate.
Using security information and event management (SIEM) software can be likened to having a watchdog on patrol to look out for security-related events.
What is Signature-Based Detection?
Signature-based detection is a process that is commonly used to address software threats on your computer. These threats may include malware, viruses, worms, Trojans, and many others.
In signature-based detection, appropriate signatures for each file are created and compared with known signatures that have been stored and detected before. The process never stops until a match is found. When this happens, the file is considered a threat and automatically gets blocked.
The antivirus programs you installed on your computer may be using signature-based detection to check for malware.
What is an SMTP Hack?
An SMTP hack abuses vulnerabilities found in the Simple Mail Transfer Protocol (SMTP), allowing hackers to rely on the victim’s reputation when sending spam and phishing emails. For example, when attackers hack into the SMTP server of Company A, they can send emails using the victim’s domain. These emails could contain spammy messages or malware but would look like they were from someone within the organization whose domain was used.
As a result, the hacked organization’s email domain or Internet Protocol (IP) address could be blocklisted. But this is just the tip of the iceberg. The victim’s reputation can get severely damaged because of the SMTP hack, causing clients to lose their confidence in the company.
What is a Smurf Attack?
A smurf attack is a type of distributed denial-of-service (DDoS) attack that uses a malware called “Smurf.” As in other forms of DDoS attacks, a smurf attack renders a victim’s network unusable by flooding it with requests.
Imagine an elevator that carries more than its maximum capacity. Overloading it would undoubtedly cause it to stop working correctly. And the worst thing that can happen is that it would crash.
In the same way, a smurf attack results in too many requests, paralyzing and even crashing a company’s server for hours or even days, depending on its cyber resilience or ability to respond and continue operating despite being DDoSed.
What is a Sniffing Attack?
A sniffing attack is an act of intercepting or capturing data while in transit through a network. The concept is similar to law enforcers wiretapping a suspect’s phone line to gather necessary information. Remember when the Federal Bureau of Investigation (FBI) wiretapped Leonardo DiCaprio’s phones in the movie The Wolf of Wall Street? So instead of using wiretaps to catch bad guys and seek justice, sniffing attacks are employed by cybercriminals to steal data.
During a sniffing attack, hackers can steal any information victims transmit as long as it is not encrypted. The data can include usernames, passwords, bank and credit card accounts, favorite websites, and email messages. Cybercriminals can then use this data to further steal from victims. For one, they could access a victim’s bank accounts and use his/her credit card details in fraudulent transactions. They could also sell stolen usernames and passwords on the Dark Web or steal victims’ identities.
What is SOAR?
SOAR stands for “security orchestration, automation, and response.” Gartner coined the term in 2017 to refer to security platforms that gather cyberthreat data from multiple solutions into one location for more accessible and more efficient incident response and threat management.
Threat intelligence fed into SOAR platforms can come from firewalls, vulnerability scanners, endpoint protection systems, threat intelligence feeds, and security information and event management (SIEM) platforms.
The rationale behind SOAR is similar to that of storing data in the cloud, such as syncing photos from different devices to iCloud or Google Photos. Instead of saving photos on each of the devices you own, you can log in to these cloud services and browse them from there.
What is Social Engineering?
Social engineering is a tactic that uses elaborate schemes to manipulate and deceive victims into giving out passwords, trade secrets, financial account details and other important company information. It’s a brilliant way of causing human error and exploiting it to gain access to target computer systems.
Common social engineering activities include phishing and its more sophisticated cousin, whaling, where users are tricked by deceptive email or social media messages into providing their personal info. Watering hole attacks — inserting malicious code in web pages — are also a favorite tactic.
Say, for instance, you receive a phone call from someone who claims to be one of your senior executives. He asks you about the progress regarding the new products and you eagerly provide the details. But the person on the other line is an impostor and you’ve just fallen prey to social engineering.
What is Spam?
Spamming is a shady form of advertising done via sending email in bulk to random email addresses gathered from publicly available sources with the intent to sell or promote something. Most spam are harmless pieces of sales literature you can safely drag to your computer’s trash bin. Some, however, may contain malicious links and come with harmful file attachments.
You may wonder how junk email was named after a brand of canned meat. Some people may consider SPAM (the canned meat) as undesirable as unsolicited email ads. But the use of the word comes from a 1970s TV skit from the iconic comedy group Monty Python. In the skit, everytime the waitress mentions “SPAM,” some Vikings start singing “SPAM! SPAM!” This drowns out all conversation in the same way spam email overloads your inbox.
What is Spoofing?
Spoofing, in the field of cyber security, is the act of disguising communication from a malicious source so that it appears to be from someone the target knows and trusts. It helps the attacker gain access to computers and obtain sensitive information, launch malware attacks and disrupt operations.
For example, you receive an email from your bank asking you to re-submit your account access information for some bogus reason. You recognize the email address so you willingly oblige. But later your credit card bills you for items you never purchased. You’ve been spoofed!
The act of spoofing is like the proverbial wolf in sheep’s clothing. The timeless fable tells of a wolf who disguises himself as a sheep, fools the shepherd and successfully devours his prey.
What is Spyware?
Rock stars have legions of adoring fans, some of which have less-than-loving motives for following their idol’s every move and gathering all kinds of information about him or her. They’re called stalkers. And they’re the perfect metaphor for spyware.
It is a type of computer program that secretly monitors a victim's online activities and gathers sensitive data that it then sends to an attacker. It collects usernames, passwords, credit card, and bank account numbers, personal identification numbers (PINs), and email contacts.
How? A spyware pokes its nose into your browsing habits. As such, it knows which sites you frequent, what time you're usually online, who you often communicate with, and anything else that an attacker can use to his advantage.
What is SQL Injection?
SQL injection is a method of inserting harmful instructions into a script that carries out a command on a database. The malicious instructions aim to destroy a target’s database or files. SQL injection can also refer to any malicious act that involves inserting program code into someone else’s website.
Let’s say, for example, that you have a computer program that consolidates all your company’s earnings for the day and automatically sends the bank this information and the account number where the cash should be deposited. Then you fire the company programmer for some reason. Before he leaves, he tweaks the database script so that the system tells the bank to deposit into his account, rather than the company’s. He just executed an SQL injection.
What is an SSL Stripping Attack?
A Secure Sockets Layer (SSL) stripping attack allows threat actors to downgrade a web connection from HyperText Transfer Protocol Secure (HTTPS) to the less secure HTTP. It is also known as an “SSL or HTTP downgrade attack.”
An SSL stripping attack decrypts all communications, allowing hackers to perform a man-in-the-middle (MitM) attack where they sit in the middle of a conversation to listen to or intercept confidential information.
What is a Stealth Virus?
A stealth virus is a kind of malware that does everything to avoid detection by antivirus or antimalware. It can hide in legitimate files, boot sectors, and partitions without alerting the system or user about its presence. Once inside a computer, a stealth virus allows an attacker to take over the functions of the infected computer.
A stealth virus is like a rebel who wears a camouflage suit to remain unidentifiable among soldiers. He or she can then pretend to be one of the good guys to infiltrate a target.
What is the STRIDE Model?
The STRIDE model, short for “spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege model,” is a threat model created by Praerit Garg and Loren Kohnfelder to identify digital security threats.
The STRIDE model involves going through all of a network’s processes, data repositories, data flows, and trust boundaries to find threats. It basically answers the question: What can go wrong in a computer system?
What is Symmetric Encryption?
Symmetric encryption is a means of protecting data using a secret key to encrypt (lock) and decrypt (unlock) it. The sender and recipient share the key or password to gain access to the information. The key can be a word; a phrase; or a nonsensical or random string of letters, numbers, and symbols.
Many organizations use symmetric encryption because it is relatively inexpensive. But it does come with some flaws. A key in symmetric encryption can be used forever. And that sometimes leads organizations to forget to change them. As a result, even users who may no longer be part of the company can intercept and read encrypted data.
Think of symmetric encryption as the combination to an office vault. Anyone who has it can unlock and access the vault's contents.
What is a SYN Flood Attack?
A SYN flood attack is a denial-of-service (DoS) attack that renders a server unavailable to legitimate traffic by using up all of its resources. Also known as a “half-open attack,” threat actors repeatedly send initial connection requests or SYN packets to overwhelm all the available ports on the target server, causing it to respond to legitimate traffic slowly or not at all.
You can compare it to an intersection where only one of the crisscrossing streets allows vehicles to pass through while the other street fills up with vehicles that wish to cross to the other side.
What is a Tailgating Attack?
A tailgating attack, also referred to as “piggybacking,” involves attackers seeking entry to a restricted area without proper authentication. In it, the perpetrators can simply follow an authorized person into a restricted location. They can impersonate delivery men carrying tons of packages, waiting for an employee to open the door. They can ask the unknowing target to hold the door, bypassing security measures like electronic access control.
What is Tarpitting?
Tarpitting is the process of intentionally delaying the sending of mass emails to avoid getting tagged as a spammer. In it, system administrators can configure a specific mail server to insert a pause in-between sending emails with huge recipient numbers. But while tarpitting can benefit legitimate companies that want to stay protected from spamming, cybercriminals can also abuse it to bypass security measures. They can delay spam mail sending time so these would not be considered spam.
The term “tarpitting” came from the concept of a “tar pit.” Falling into one would significantly slow you down.
What is a Teardrop Attack?
A teardrop attack is a kind of denial-of-service (DoS) attack or one that’s meant to take a target website or network offline. In it, an attacker sends fragmented data packets to the target device. The nature of the packets makes it hard for the system to read the data. The effort to do so ultimately overwhelms the machine, causing it to crash.
A teardrop attack typically works on computers with older operating systems (OSs) such as Windows 95, Windows 3.1x, Windows NT, and earlier Linux versions. Some attacks also worked, though, on systems running Windows 7 and Windows Vista.
A teardrop attack can be likened to an unruly group of shoppers all trying to enter an establishment with a massive sale at the same time. Once the shop doors open, they run en masse, causing a stampede and accidents. The establishment may need to close until the situation is dealt with because the shop owner needs to attend to the injured.
What is Threat Intelligence?
The information you gather about threats or menaces to computer systems and networks, which allows you to prevent or neutralize cyberattacks is called “threat intelligence.” It also includes knowledge about the weaknesses in your security systems that you need to address to sufficiently protect computing resources. A report listing the IP addresses of potential threats is an example of threat intelligence.
Let’s say you’ve been experiencing constant break-ins at home. You decide to investigate the incidents and discover that one of your ground-floor windows has a defective lock. So you have the lock replaced and the break-ins cease. The intelligence you gathered helped you pinpoint the exact problem and implement the precise solution.
What are Threat Intelligence Feeds?
Threat intelligence feeds refer to continuous data streams that provide information on threats that can adversely affect an organization’s security. They give security teams a list of indicators of compromise (IoCs) that includes malicious URLs, malware hashes, and malicious email and IP addresses related to attacks.
Often, the data obtained from threat intelligence feeds dictate the next steps or actions that security teams need to take to protect their organizations. These actions include blacklisting IoCs or blocking connection requests from identified threat sources and preventing malware from reaching connected systems.
Threat intelligence feeds differ from threat information, which refers to general data without contextual relevance that a security analyst or investigator can use to take the necessary action to prevent loss. They can be likened to routes on a driving app that tells the driver which is the best way to take, depending on his/her goal (e.g., less time, no traffic, no traffic enforcers, etc.).
What is Threat Modeling?
Threat modeling is the process of identifying network vulnerabilities and optimizing security to enhance mitigation strategies. The practice is often done to protect valuable information or prevent adverse events that may lead to malicious attacks. It is ideal in building a culture of security throughout an enterprise.
Think of threat modeling as predicting what could go wrong. For example, before walking into a dark alley, you should assess if you’re likely to be attacked. Ask yourself questions like “Where will the attacker come from?” and “Can I defend myself? How?”
What is Threatware?
Threatware refers to computer programs developed by threat actors to gain unauthorized access to victims’ computers. They are used to harm devices with the end goal of stealing their owners’ sensitive information. Threatware are also called “malware,” specifically “spyware.”
Various kinds of threatware have alarmingly spread over the years, including ransomware, keyloggers, trojans, and adware.
What is a Trojan Horse?
A trojan is a type of malware that looks like a harmless file that’s attached to an email or gets downloaded when you click a link. Opening it installs the malware on your system. The newly installed trojan then operates in the background, executing its malicious plan of action without the user knowing. Trojans can steal passwords, delete important files, and allow attackers to access your computer remotely or disrupt your computer’s security systems.
Homer’s epic “Iliad” tells of how the Greeks defeated the city of Troy. They built a large wooden horse and left it at the city gates, then pretended to board their ships and leave. The Trojans mistakenly thought the horse was a parting gift, pulled it into the city and partied all night. Greeks hiding in the horse sneaked out, opened the gates for their armies, and that was the end for Troy. And that is how a trojan malware works.
What is a Tunneling Virus?
A tunneling virus is any virus that gets installed before an antivirus can detect it. It executes without alerting the sensors of the operating system (OS) to avoid antivirus detection.
A tunneling virus disables a computer’s interception programs. While some antivirus solutions can detect the malicious code, they can’t stop this type of virus from getting installed. More advanced antivirus programs that employ tunneling strategies may be the only ones capable of detecting and preventing the execution of a tunneling virus.
You can compare a tunneling virus to thieves entering an establishment via the sewer system, so they don’t have to deal with alarms.
What is Twofish Encryption?
Twofish encryption is a block cipher (or an encryption method in simple terms) that is 128 bits in size and uses a key that’s up to 256 bits long. Let’s break that definition down to its components to simplify.
As a block cipher, twofish encryption encrypts data in blocks using a deterministic algorithm and a symmetric key. A deterministic algorithm is an algorithm that will always produce the same output no matter the input used so long as the machine that uses it follows the same procedure. A symmetric key, meanwhile, is a single key that encrypts and decrypts data.
What is a Virtual Private Network (VPN)?
A Virtual Private Network (VPN) is a software tool that encrypts the information that you transmit through a network, making it difficult for hackers to see what you’re sending, who’s sending it, and to whom it’s being sent.
Here’s an example that may help you understand this concept. The Picasso art collection is ready for transport to the Museum of Modern Art. But thieves are waiting in ambush. To keep the masterpieces safe, the owner transports the precious cargo in a meat delivery truck, which gets past the art thieves undetected.
What is a Virus?
A virus is a type of malware that inserts itself into a computer program. The program becomes the host of the virus. Every time the host program is run, the virus starts spreading and affecting other files on the same computer. Viruses can delete files and alter programs, rendering them useless.
Like real living viruses, a computer virus can spread to anything that comes into contact with it. So if your computer is virus-infected, any device that you plug into it can suffer the same consequences.
What is a Vulnerability?
The Greek hero Achilles was a great warrior, much feared for his fighting skills and daring courage. But beneath his unbeatable facade, he had a vulnerability that led to his downfall—his heel.
A vulnerability, in the field of cybersecurity, is a weakness in your computer systems that an attacker can exploit. Computers, digital devices, and software have many known and undiscovered flaws due to their design. For example, many popular devices have insufficient user authentication, and some software may not encrypt their data. These weaknesses render them vulnerable to attacks.
Hackers are always searching for vulnerabilities to get into a target computer. Once in, they can steal sensitive data or sabotage the organization’s operations.
What is the Vulnerability Management Process?
The vulnerability management process refers to the never-ending and constant practice of identifying, assessing, reporting, managing, and remediating vulnerabilities across devices, workloads, and systems. It requires a vulnerability management tool that detects vulnerabilities and employs different processes to patch or remediate them.
Effective vulnerability management processes utilize threat intelligence and IT and business operation knowledge to prioritize risks and address vulnerabilities as fast as possible.
What is Warchalking?
Warchalking occurs when people draw symbols in areas to indicate the presence of an open Wi-Fi network. The symbols used typically say something about the access point. At its height, warchalking attracted hackers to break into the said public Wi-Fi networks and gather information about their users.
Think of warchalking as street signs that point people in the right direction.
What is Wardriving?
Wardriving is the act of looking for publicly accessible Wi-Fi networks while in a moving vehicle (hence the word “driving”) for later potential use in attacks (now you know why the term “war”).
Due to its nature, wardriving requires the use of portable devices like a laptop or a smartphone. Software that aids perpetrators in the task are sadly available free of charge on the Web. Other terms have been coined for similar tactics, depending on the transportation means used. We’ve seen warbiking, warcycling, warcarting, warwalking, warflying, warrocketing, warballooning, and warboating used as well.
Think of wardriving as a thief going house to house in search of poorly protected ones to rob.
What is Web Application Penetration Testing?
Web application penetration testing refers to testing the security of web application firewalls (WAFs), which filter, monitor, and block incoming and outgoing web service traffic, to make them as impenetrable as possible. To do it, penetration testers or pen-testers, for short, can attempt to breach a company’s applications, such as application protocol interfaces (APIs) and frontend and backend servers, to see if they have weaknesses that can be exploited through code injection attacks.
The results and findings of web application penetration tests are useful in fine-tuning WAF security policies and patching uncovered vulnerabilities.
What is Website Defacement?
Website defacement is a form of cyber attack where hackers drastically alter the visual appearance of a website or web page. It can be compared to vandals messing up public walls or buildings with unwanted graffiti.
Web defacement is mostly done for ideological reasons. Hacktivists deface the websites of companies or organizations they accuse of social or political wrongdoing. They block access to the pages and replace their original content with a statement that strongly proclaims their beliefs and demands.
The attack is also used to make money, such as when hackers deface a website during the course of a ransomware attack.