A security program that can run on a computer or mobile device and protects you by identifying and stopping the spread of malware on your system. Anti-virus cannot detect all malware, so even if it is active, your system might still get infected (SANS).
A network of private computers, each of which is called a “bot”(short for “robot”) infected with malicious software(malware) and controlled as a group without the owners' knowledge for nefarious and, often, criminal purposes; computers are typically infected when users open up an infected attachment or visit an infected website. Infected computers are also referred to as “zombies” (StaySafeOnline).
Also referred to as an “HTTP cookie,” is a small text file that contains a unique ID tag placed on the user’s computer by a Web site to track pages visited on the site and other information; “tracking cookies” and “third-party tracking cookies” are used to compile long-term records of individuals’ browsing histories (StaySafeOnline).
Denial of Service Attack/Distributed Denial of Service Attack (DDoS)
A type of online computer attack designed to deprive user or groups of users normally accessible online services; generally involves effort by hackers to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet (StaySafeOnline).
These attacks exploit vulnerabilities in your browser or it's plugins and helper applications when you simply surf to an attacker-controlled website. Some computer attackers set up their own evil websites that are designed to automatically attack and exploit anyone that visits the website. Other attackers compromise trusted websites such as ecommerce sites and deploy their exploit software there. Often these attacks occur without the victims realizing that they are under attack (SANS).
The conversion of digital information into a format unreadable to anyone except those possessing a “key” through which the encrypted information is converted back into its original form (decryption), making it readable again (StaySafeOnline).
Code that is designed to take advantage of a vulnerability. An exploit is designed to give an attacker the ability to execute additional malicious programs on the compromised system or to provide unauthorized access to affected data or application (SANS).
Software or hardware that, after checking information coming into a computer from the Internet or an external network, either blocks the transmission or allows it to pass through, depending on the preâ€set firewall settings, preventing access by hackers and malicious software ; often offered through computer operating systems (StaySafeOnline).
Process of adding geographical location, or label, to photographs, videos, Web sites, SMS messages, QR Codes, or RSS feeds; a geotag usually consists of latitude and longitude coordinates, altitude, distance, place names, and other details about the origin of the media being tagged helping users find a variety of online locationâ€specific information (StaySafeOnline).
Also called keylogging and keystroke logging, is the action of tracking (or logging) the keys struck on a computer keyboard; usually runs hidden in the background and automatically records all keystrokes so that users are unaware of its presence and that their actions are being monitored (StaySafeOnline).
Short for malicious software, software that disrupts or damages a computer’s operation, gathers sensitive or private information, or gains access to private computer systems; may include botnets, viruses, worms, Trojans, keyloggers, spyware, adware, and rootkits.
- Virus—type of malware that has a reproductive capacity to transfer itself from one computer to another spreading infections between online devices.
- Worm—type of malware that replicates itself over and over within a computer.
- Trojan—type of malware that gives an unauthorized user access to a computer.
- Spyware—type of malware that quietly sends information about a user’s browsing and computing habits back to a server that gathers and saves data.
- Adware—type of malware that allows popup ads on a computer system, ultimately taking over a user’s Internet browsing.
- Rootkit—a type of malware that opens a permanent “back door” into a computer system; once installed, a rootkit will allow more and more viruses to infect a computer as various hackers find the vulnerable computer exposed and attack.
Takes all of your usernames and passwords and encrypts them in a database, which is then stored on your device or in the cloud. This database is then secured by a special password that you create just for the password manager. This way, you only have to remember one password: the password for your password ,manager. Anytime you need to retrieve your credentials such as to log in to your online bank or email accounts, you .simply type the password into your password manager (OUCH!).
Sending emails that attempt to fraudulently acquire personal information, such as usernames,passwords, social security numbers, and credit card numbers, by masquerading as a trustworthy entity, such as a popular social web site, financial site, or online payment processor; often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one (StaySafeOnline).
- Spear Phishing--describes a type of phishing attacks that target to specific victims. But instead of sending out an email to millions of email addresses, cyber attackers send out a very small number of crafted emails to very specific individuals, usually all at the same organization. Because of the targeted nature of this attack, spear phishing attacks are often harder to detect and usually more effective at fooling the victims.
- SMiShing--an alternative form of phishing that occurs via text or SMS message (StaySafeOnline).
Risk is the potential harm that may arise from some current process or from some future event. Risk is present in every aspect of our lives and many different disciplines focus on risk as it applies to them (SANS).
A psychological attack used by cyber attackers to deceive their victims into taking an action that will place the victim at risk. For example, cyber attackers may trick you into revealing your password or fool you into installing malicious software on your computer. They often do this by pretending to be someone you know or trust, such as a bank, company or even a friend.
Two-factor authentication (2FA)
A security process in which the user provides two means of identification from separate categories of credentials; one is typically a physical token, such as a card, and the other is typically something memorized, such as a security code (TechTarget).
Vulnerabilities are the gateways by which threats are manifested. In other words, a system compromise can occur through a weakness found in a system (SANS). A flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system’s security policy (NIST SP 800-30).
Zero Day (0day, o-day)
A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack. The term “zero day” refers to the unknown nature of the hole to those outside of the