Cyber Dictionary
Does it seem to you like there's all the time a new cybersecurity thing with an odd name that ends up on the news? Us to. This page will be updated to keep track of it all.
| Term | What is it? |
|---|---|
| Artificial Intelligence (AI) | Wikipedia: "Intelligence displayed by machines, in contrast with the natural intelligence (NI) displayed by humans and other animals. In computer science AI research is defined as the study of "intelligent agents": any device that perceives its environment and takes actions that maximize its chance of success at some goal." |
| Backdoor | Also called a "Trap Door", a technical measure used by a software engineer to bypass security measures. |
| Bitcoin | decentrailized, peer-to-peer, digital currency; created by process of mining, tracked in a public ledger. |
| Black Box (Testing) | Testing conducted against a system or network with only publically available information known before commencement of activity. (see also White Box Testing) |
| Black Hat | Term ascribed to unauthorized, usually malicious, access to computer systems or networks. AKA: "bad guys". (see also White Hat) |
| Bot | A remote control agent (software) installed on your computer. Once running, an attacker can use that agent to control your device in any manner of nefarious ways. |
| Botnet | A plurality of internet-connected devices used to perform distributed denial-of-service (DDoS) attacks. |
| Buffer Overflow Attack | Sometimes called "buffer overrun", an anomaly where a program, while writing data to a buffer, overflow's the boundary allocated for the data thus spilling data to overwrite adjacent data or executable code. The result is erratic program behavior, potentially in a manner advantageous to an attacker. |
| Bug Bounty | A reward for finding and reporting vulnerabilities and exploits to a company's digital assets, generally pertaining to websites, applications and operating systems. |
| Conficker | Also known as "Downadup." This computer worm struck in 2008 and is no longer a threat, though it did infect millions of computers and establish a world wide botnet back in it's day. |
| Cryptocurrency | a digital asset designed to work as a medium of exchange that uses cryptography to secure its transactions, to control the creation of additional units, and to verify the transfer of assets. (Wikipedia) |
| CryptoLocker | Ransomware cyberattack, occurred in 2013-14, propagated through infected email attachments. Malware encrypted files offering to decrypt if ransom was paid through BitCoin. |
| Cyberspace | The interconnected environment over which digital communications can occur. |
| Dark Web | Shadowy network of internet content not indexed by search enginers and generally accessed through special means requiring specific software, configurations or authorized access. Used generally by those looking to side-step laws and regulations. Think cyber Star Wars cantina. |
| DDoS Attack | Occures when multiple systems flood the bandwidth of a targeted system resulting in the unavailability of that system, usually hosting important web sites or services. |
| Hacked | Generally a negative connotation, to suggest a malicious actor has gained unauthorized access to a system. |
| Hacker | Sometimes used for person who gains unauthorized access to a computer system or network. Also, someone who comes up with a cleaver or different way to do something. |
| Heartbleed | Disclosed in April 2017, this bug exposed many popular websites resulting from improper input validation. (See also buffer-overflow attack) |
| Locky | Released in 2016, this ransomware was delivered by email and made use of Microsoft Word macros to deliver its payload. Upon opening the Word file the page appeared to be full of garbage prompting the user to enable macros, at which time an encryption trojan was released. |
| Man-in-the-Middle Attack | Eavesdropping: when attacker secretly relays computer communication through themselves between two parties enabling them to compromise the integrity and confidentiality of the message. |
| Mirai | Large-scale compromise of networked devices running Linux, particularly those such as IP cameras and home routers, for the purpose of establishing a network to perpetrate attacks on high-profile targets. (See also DDoS Attacks, Botnet) |
| Network Sniffing | "Packet Sniffing" or "Packet Analyzation" is the act of eavesdropping on network traffic in an attempt to intercept and log traffic that passes over the path. |
| Petya | Family of ransomware attacking Windows-based systems to encrypt the hard-drive, preventing system from booting. |
| PhishMe Button | PhishMe is a security product vendor who assists the university report suspicious phishing emails to the Security Operations team. If you are using university mail, you can add the plug-in allowing you to seamlessly report activity you find to be nefarious, assisting the team further protect the community. For instructions, |
| POODLE | Stands for "Padding Oracle On Downgraded Legacy Encryption" - explot taking advantage of clients' fallback to SSL 3.0. (See also Man-in-the-Middle Attack) |
| Pwned | Also spelled "Pwn" or "Pown." This means an accounts defences have been completely comproised. You've been hacked. |
| Shadow Brokers | A group of hackers who emerged in 2016 to release tools that could be used for malicious purposes from the NSA data breach. |
| Tinba | "Tiny Banker Trojan", malware targetting financial institution websites, establishing man-in-the-browser attacks and network sniffing to steal users sensitive data, such as account login information and banking codes. (See network sniffing) |
| WannaCry | A ransomware attack in May 2017 that encrypted the data housed on infected windows computers and demanded payment for returning it. |
| White Box (Testing) | Testing conducted against a system or network with near-complete knowledge of environment and protections. The idea is to reduce the time a tester needs to identify vulnerabilities so testing is more thorough and takes less time and expense. (see also Black Box Testing) |
| White Hat | Term ascribed to hack which is authorized in some manner. Generally performed by "the good guys", organizations will periodically authorize hackers to test their systems and networks to discover vulnerabilities before the "bad guys" do, allowing them time to remediate those vulnerabilities. (see also Black Hat) |
| Xafecopy | Malware particularly found embedded in a variety of mobile apps, most commonly in battery optimizers, without the knowledge or consent of the user, ultimately subscribing the phone to a number of services which charge money directly to the user's mobile phone bill. |
| Zero-Day | Also called "O Day." A vulnerability in an internet-connected device, network component or piece of software that was essentially just discovered or exposed for which no patch exists. |