Cyber Glossary
Ransomware – Malware encrypting victim data and demanding payment for decryption keys.
Phishing – Deceptive emails or messages tricking users into revealing sensitive information.
DDoS Attack – Floods networks with traffic to overwhelm and disrupt services.
Malware – Malicious software including viruses, trojans, and worms that harm systems.
Data Breach – Unauthorized access and exposure of confidential information.
SQL Injection – Injects malicious code into database queries to manipulate data.
Cross-Site Scripting (XSS) – Injects harmful scripts into web pages viewed by others.
Man-in-the-Middle (MitM) – Intercepts communications to steal or alter data secretly.
Zero-Day Exploit – Attacks targeting unknown software vulnerabilities before patches.
Supply Chain Attack – Compromises trusted vendors to infiltrate target organizations.
Social Engineering – Manipulates people into divulging confidential information.
Spyware – Secretly monitors user activity, keystrokes, and data for theft.
Trojan Horse – Disguised malware granting attackers remote system access.
Rootkit – Hides malware and maintains persistent unauthorized access.
Keylogger – Records keystrokes to capture passwords and credentials.
Botnet – Network of infected devices used for coordinated attacks like DDoS.
Cryptojacking – Hijacks device resources to mine cryptocurrency secretly.
Insider Threat – Malicious actions by employees or insiders with legitimate access.
Business Email Compromise (BEC) – Impersonates executives to authorize fraudulent transfers.
Drive-By Download – Malware automatically installs when visiting compromised sites.
Fileless Malware – Attacks using legitimate system tools without files on disk.
Worm – Self-replicating malware spreading across networks autonomously.
Adware – Displays unwanted ads and tracks user behavior for profiling.
Watering Hole Attack – Compromises sites frequented by targets to infect visitors.
Logic Bomb – Malicious code triggered by specific conditions like dates.
AI-Powered Phishing – Machine learning crafts hyper-personalized deceptive messages.
Deepfake – AI-generated fake audio/video impersonating real individuals.
Deepfake Detection Evasion – Advanced fakes bypassing traditional verification.
AI Malware – Self-evolving malicious code adapting to defenses.
Prompt Injection – Manipulates AI models to execute unauthorized actions.
Generative AI Exploitation – Uses AI tools to automate attack creation.
Voice Phishing (Vishing) – AI-synthesized voices for fraudulent calls.
SMS Phishing (Smishing) – Deceptive texts leading to malware or data theft.
Quishing – QR code phishing directing to malicious sites.
Baiting – Lures victims with infected USB drives or media.
Pretexting – Creates fabricated scenarios to extract information.
Tailgating – Physical unauthorized entry by following authorized personnel.
Dumpster Diving – Retrieves discarded documents for sensitive data.
Shoulder Surfing – Observes screens or inputs to steal credentials.
Ransomware-as-a-Service (RaaS) – Subscription model for ransomware deployment.
Double Extortion – Encrypts data and threatens public leaks.
Triple Extortion – Adds DDoS threats to ransom and leaks.
Infostealer – Malware extracting credentials and financial data stealthily.
Credential Stuffing – Uses stolen logins across multiple sites.
Brute Force Attack – Automated password guessing attempts.
Dictionary Attack – Tries common passwords from word lists.
Rainbow Table Attack – Precomputed hashes for fast password cracking.
Pass-the-Hash – Uses stolen hash for lateral movement without passwords.
Golden Ticket Attack – Forges Kerberos tickets for domain dominance.
Silver Ticket Attack – Forges service tickets for targeted access.
Advanced Persistent Threat (APT) – Long-term targeted intrusions by nation-states.
Living off the Land (LotL) – Uses native tools to evade detection.
Malvertising – Malicious ads delivering payloads via legitimate sites.
SEO Poisoning – Manipulates search results to malicious pages.
OS Command Injection – Executes shell commands via input manipulation.
Code Injection – Embeds executable code in vulnerable applications.
XML External Entity (XXE) – Exploits XML parsers to access files.
Server-Side Request Forgery (SSRF) – Tricks servers into internal requests.
Insecure Direct Object Reference (IDOR) – Accesses unauthorized objects.
Broken Access Control – Bypasses authorization to restricted resources.
Cloud Misconfiguration – Exposed storage buckets or weak IAM policies.
API Exploitation – Attacks poorly secured application interfaces.
IoT Botnet – Hijacked devices launching massive attacks.
Mobile Malware – Threats targeting smartphones via apps or SMS.
OT/ICS Attack – Targets industrial control systems for disruption.
SCADA Attack – Exploits supervisory control systems in infrastructure.
Stuxnet – Worm targeting nuclear centrifuges via air-gapped systems.
Emotet – Banking trojan evolving into malware loader.
Ryuk Ransomware – Targets enterprises for high ransoms.
Conti Ransomware – RaaS group with data extortion tactics.
LockBit – Prolific RaaS exploiting Windows vulnerabilities.
REvil – Ransomware hitting critical infrastructure globally.
Maze – Pioneer of double extortion techniques.
Nation-State Cyberattack – Government-sponsored espionage or sabotage.
Cyber Espionage – Stealthy data theft for intelligence gathering.
Wiper Malware – Destroys data rather than encrypting for ransom.
Peer-to-Peer (P2P) Attacks – Uses P2P networks for malware spread.
DNS Tunneling – Encodes data in DNS queries to evade firewalls.
Domain Generation Algorithm (DGA) – Creates disposable command domains.
Fast Flux DNS – Rapidly changes DNS records to hide C2 servers.
Shadow IT – Unauthorized cloud services creating attack surfaces.
Third-Party Risk – Breaches via compromised vendors or libraries.
Firmware Attack – Malware embedded in hardware BIOS/UEFI.
Supply Chain Compromise – Tampered updates like SolarWinds.
Evil Twin Wi-Fi – Rogue access points mimicking legitimate ones.
KRACK Attack – Exploits WPA2 Wi-Fi handshake weaknesses.
BlueKeep – Wormable RCE in Windows RDP service.
PrintNightmare – RCE via Windows Print Spooler flaws.
Log4Shell – RCE vulnerability in Log4j library.
MOVEit Breach – SQLi exploiting file transfer software.
Change Healthcare Attack – Ransomware disrupting U.S. healthcare.
Colonial Pipeline Ransomware – Fuel supply chain shutdown.
JBS Meatpacking Attack – Global food supply disruption.
Quantum Computing Threat – Breaks current encryption algorithms.
Homomorphic Encryption Bypass – Attacks privacy-preserving computation.
5G Network Attack – Exploits high-speed mobile infrastructure.
Edge Computing Threat – Targets distributed processing nodes.
Satellite Cyberattack – Compromises space-based communications.
Undersea Cable Sabotage – Physical cuts to global internet backbones.
Cyber-Physical Attack – Blends digital hacks with physical damage.
Cyber Security – Alternative spelling for cybersecurity practices and protections.
Information Security – Safeguarding data confidentiality, integrity, and availability.
Network Security – Defending networks from unauthorized access and intrusions.
IT Security – Protecting information technology infrastructure and operations.
Computer Security – Securing hardware, software, and data on computing devices.
Internet Security – Protecting online activities from web-based threats.
Data Security – Ensuring data remains confidential, accurate, and accessible.
Cyber Threats – Potential dangers like malware or attacks targeting digital systems.
Cyber Security Threats – Specific risks including phishing and ransomware attacks.
Cybersecurity Awareness Month – October campaign educating on cyber risks.
Cyber Security Awareness – Programs teaching users to recognize threats.
Cybersecurity Consulting – Expert advice on implementing security measures.
Cyber Security Services – Professional offerings like monitoring and audits.
What is Cyber Security – Basic explanation of protecting digital environments.
Cyber Security Companies – Firms providing cybersecurity products/services.
Cyber Security Near Me – Local providers for cybersecurity solutions.
Cyber Security Expert – Professional specializing in threat mitigation.
Cyber Security Attacks – Malicious actions compromising systems.
Cyber Security News – Updates on latest threats and defenses.
Cybersecurity Solutions – Tools and strategies countering cyber risks.
Cybersecurity Tools – Software for detection, prevention, and response.
Cybersecurity Training – Courses building security skills.
Cybersecurity Certification – Credentials like CISSP validating expertise.
Types of Cybersecurity – Categories like network, cloud, endpoint security.
Cybersecurity Risk – Potential for loss from cyber threats.
Cybersecurity Analyst – Monitors and analyzes security events.
Cybersecurity Engineer – Designs and implements security systems.
Cybersecurity Framework – Structured approach like NIST for security.
Cybersecurity Strategy – Long-term plan for threat defense.
Managed Cybersecurity Services – Outsourced security operations.
Cybersecurity Monitoring – Continuous surveillance for threats.
Cybersecurity Insurance – Policies covering cyber incident losses.
Cybersecurity Consulting Services – Tailored security guidance.
Enterprise Cybersecurity – Large-scale security for organizations.
Importance of Cybersecurity – Critical for protecting assets and continuity.
Cybersecurity Plan – Documented strategy for security implementation.
Cybersecurity Policy – Rules governing security practices.
Top Cybersecurity Companies – Leading firms like CrowdStrike, Palo Alto.
Cybersecurity Assessment – Evaluation of security posture.
Penetration Testing Services – Professional simulated attacks.
Vulnerability Assessment – Scanning for system weaknesses.
Network Penetration Testing – Testing network defenses.
Web Application Penetration Testing – Security checks for web apps.
Security Audit – Comprehensive review of security controls.
Red Teaming – Adversarial attack simulations.
Purple Teaming – Collaborative red/blue team exercises.
Penetration Testing Tools – Software like Metasploit for testing.
External Penetration Testing – Simulating outsider attacks.
Internal Penetration Testing – Testing insider threat scenarios.
Wireless Penetration Testing – Assessing Wi-Fi and wireless security.
API Penetration Testing – Testing application interfaces.
Mobile App Penetration Testing – Security for mobile applications.
Cloud Penetration Testing – Evaluating cloud environments.
Vulnerability Scanning – Automated flaw detection.
Security Testing – Broad validation of security measures.
Ethical Hacking – Authorized vulnerability discovery.
CREST Certification – Accredited pentesting qualification.
OWASP Top 10 – Critical web app security risks list.
Penetration Testing Report – Findings and remediation advice.
Deepfake detection – Identifying AI-generated fake media.
Ransomware-as-a-Service (RaaS) – Subscription ransomware model.
Cloud Container Security – Protecting containerized apps.
IoT Security Vulnerabilities – Weaknesses in connected devices.
Supply Chain Attacks – Breaches via third-party vendors.
Zero-Day Exploit Prevention – Defending unknown vulnerabilities.
Quantum Computing Cybersecurity – Future-proof encryption.
Disinformation Campaigns Defense – Countering fake info attacks.
Business Email Compromise (BEC) Prevention – Blocking exec impersonation.
Mobile Malware Detection – Identifying smartphone threats.
Insider Threat Detection – Monitoring internal risks.
Distributed Denial-of-Service (DDoS) Mitigation – Absorbing attack traffic.
Remote Work Security Solutions – Protecting distributed teams.
Data Breach Incident Response – Post-breach recovery steps.
Security Automation and Orchestration – Automated threat response.
5G Network Security – Securing next-gen mobile networks.
Cryptojacking Protection – Blocking unauthorized crypto mining.
AI for information operations – AI in cyber influence campaigns.
Application security – Protecting software from exploits.
Web application security – Defending web apps specifically.
Application security testing – Validating app security.
Secure application development – Building secure software.
Mobile application security – Smartphone app protections.
Application security best practices – Secure coding standards.
Application security tools – Scanners like SAST/DAST.
AppSec – Abbreviation for application security.
Secure coding practices – Writing exploit-resistant code.
Static application security testing – Code analysis without running.
Dynamic application security testing – Runtime app testing.
SAST and DAST – Static/dynamic testing combo.
OWASP Top 10 – Web app risks (repeated for emphasis).
Application security vulnerabilities – Common app flaws like injection.
Application penetration testing – Pentesting software apps.
Runtime application self-protection – Real-time app defense.
DevSecOps application security – Security in CI/CD pipelines.
Secure software development life cycle – Security throughout SDLC.
Threat modeling tools – Identifying design risks.
Application security monitoring – Continuous app surveillance.
Recent Vulnerabilities
- Ivanti EPMM ‘Sleeper Shells’ not so sleepy?
- The Good, the Bad and the Ugly in Cybersecurity – Week 11
- The Good, the Bad and the Ugly in Cybersecurity – Week 11
- SQL Injection Vulnerability in Ally WordPress Plugin Exposes 200K+ Sites
- Apple Released Emergency Updates for iOS 15.8.7 to Thwart ‘Coruna’ Exploit Kit
- US Agencies Face CISA Deadline Over Critical Cisco SD-WAN Flaw
- Google rushes Chrome update fixing two zero-days already under attack
- Veeam Fixes RCE Bugs in Critical Backup & Replication Platform
- Veeam Patches Multiple Critical RCE Vulnerabilities on Backup Server
- Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8
Recent Breaches
- News - Viking Line confirms data breach linked to third-party supplier - teiss
- England Hockey investigates potential data breach after AiLock ransomware claims - SC Media
- Earthbound Data Breach Investigation - Strauss Borrelli PLLC
- Aspen Title & Escrow Data Breach Lawsuit Investigation - Claim Depot
- Aspen Title & Escrow Data Breach Exposes Senstivie PII - Claim Depot
- Loblaw reports customer data breach after IT network intrusion - SC Media
- Delta Medical Systems Data Breach Lawsuit Investigation - Claim Depot
- National Association on Drug Abuse Programs Data Breach Reported - ClassAction.org
- No restoration timeline for medical device maker Stryker after cyberattack - SC Media
- ID Care Data Breach Reported; Lawyers Investigating - ClassAction.org
Testimonials
