Cyber Dictionary

Does it seem to you like there's all the time a new cybersecurity thing with an odd name that ends up on the news? Us to.  This page will be updated to keep track of it all.

TermWhat is it?
Artificial Intelligence (AI)Wikipedia: "Intelligence displayed by machines, in contrast with the natural intelligence (NI) displayed by humans and other animals. In computer science AI research is defined as the study of "intelligent agents": any device that perceives its environment and takes actions that maximize its chance of success at some goal."
BackdoorAlso called a "Trap Door", a technical measure used by a software engineer to bypass security measures.
Bitcoindecentrailized, peer-to-peer, digital currency; created by process of mining, tracked in a public ledger.
Black Box (Testing)Testing conducted against a system or network with only publically available information known before commencement of activity.  (see also White Box Testing)
Black HatTerm ascribed to unauthorized, usually malicious, access to computer systems or networks. AKA: "bad guys". (see also White Hat)
BotA remote control agent (software) installed on your computer. Once running, an attacker can use that agent to control your device in any manner of nefarious ways.
BotnetA plurality of internet-connected devices used to perform distributed denial-of-service (DDoS) attacks.
Buffer Overflow AttackSometimes called "buffer overrun", an anomaly where a program, while writing data to a buffer, overflow's the boundary allocated for the data thus spilling data to overwrite adjacent data or executable code. The result is erratic program behavior, potentially in a manner advantageous to an attacker.
Bug BountyA reward for finding and reporting vulnerabilities and exploits to a company's digital assets, generally pertaining to websites, applications and operating systems. 
ConfickerAlso known as "Downadup." This computer worm struck in 2008 and is no longer a threat, though it did infect millions of computers and establish a world wide botnet back in it's day. 
Cryptocurrencydigital asset designed to work as a medium of exchange that uses cryptography to secure its transactions, to control the creation of additional units, and to verify the transfer of assets. (Wikipedia)
CryptoLockerRansomware cyberattack, occurred in 2013-14, propagated through infected email attachments. Malware encrypted files offering to decrypt if ransom was paid through BitCoin.
CyberspaceThe interconnected environment over which digital communications can occur. 
Dark WebShadowy network of internet content not indexed by search enginers and generally accessed through special means requiring specific software, configurations or authorized access. Used generally by those looking to side-step laws and regulations. Think cyber Star Wars cantina.
DDoS AttackOccures when multiple systems flood the bandwidth of a targeted system resulting in the unavailability of that system, usually hosting important web sites or services.
HackedGenerally a negative connotation, to suggest a malicious actor has gained unauthorized access to a system.
HackerSometimes used for person who gains unauthorized access to a computer system or network. Also, someone who comes up with a cleaver or different way to do something.
HeartbleedDisclosed in April 2017, this bug exposed many popular websites resulting from improper input validation. (See also buffer-overflow attack)
LockyReleased in 2016, this ransomware was delivered by email and made use of Microsoft Word macros to deliver its payload. Upon opening the Word file the page appeared to be full of garbage prompting the user to enable macros, at which time an encryption trojan was released.
Man-in-the-Middle AttackEavesdropping: when attacker secretly relays computer communication through themselves between two parties enabling them to compromise the integrity and confidentiality of the message.
MiraiLarge-scale compromise of networked devices running Linux, particularly those such as IP cameras and home routers, for the purpose of establishing a network to perpetrate attacks on high-profile targets. (See also DDoS Attacks, Botnet)
Network Sniffing"Packet Sniffing" or "Packet Analyzation" is the act of eavesdropping on network traffic in an attempt to intercept and log traffic that passes over the path.
PetyaFamily of ransomware attacking Windows-based systems to encrypt the hard-drive, preventing system from booting.
PhishMe ButtonPhishMe is a security product vendor who assists the university report suspicious phishing emails to the Security Operations team. If you are using university mail, you can add the plug-in allowing you to seamlessly report activity you find to be nefarious, assisting the team further protect the community. For instructions, 
POODLEStands for "Padding Oracle On Downgraded Legacy Encryption" - explot taking advantage of clients' fallback to SSL 3.0. (See also Man-in-the-Middle Attack)
PwnedAlso spelled "Pwn" or "Pown."  This means an accounts defences have been completely comproised.  You've been hacked.
Shadow BrokersA group of hackers who emerged in 2016 to release tools that could be used for malicious purposes from the NSA data breach.
Tinba"Tiny Banker Trojan", malware targetting financial institution websites, establishing man-in-the-browser attacks and network sniffing to steal users sensitive data, such as account login information and banking codes. (See network sniffing)
WannaCryA ransomware attack in May 2017 that encrypted the data housed on infected windows computers and demanded payment for returning it.
White Box (Testing)Testing conducted against a system or network with near-complete knowledge of environment and protections. The idea is to reduce the time a tester needs to identify vulnerabilities so testing is more thorough and takes less time and expense. (see also Black Box Testing)
White HatTerm ascribed to hack which is authorized in some manner. Generally performed by "the good guys", organizations will periodically authorize hackers to test their systems and networks to discover vulnerabilities before the "bad guys" do, allowing them time to remediate those vulnerabilities. (see also Black Hat)
XafecopyMalware particularly found embedded in a variety of mobile apps, most commonly in battery optimizers, without the knowledge or consent of the user, ultimately subscribing the phone to a number of services which charge money directly to the user's mobile phone bill.
Zero-DayAlso called "O Day."  A vulnerability in an internet-connected device, network component or piece of software that was essentially just discovered or exposed for which no patch exists.