Skip to content Skip to navigation Skip to footer

Definitions of Jargon (DOJ) in Cybersecurity

Jargon is specialized language or technical terminology used within a particular industry, trade, or profession. Because not everyone understands jargon, a definition of jargon (DOJ) list is typically created to get everyone on the same page regarding specific words, phrases, or idioms. It is important not to confuse jargon with slang, which is colloquial or informal language used in everyday conversation.

Scientists and scientific research often use jargon to describe and explore complex subjects that people outside of the industry may not ordinarily understand, such as molecular biology or nuclear physics. The language has to be extremely precise. Simplifying it can cause confusion or run the risk of errors. However, the use of jargon is often criticized for obscuring meaning or making topics unnecessarily complicated when it can be replaced with simple, direct language.

Many professions use jargon, also known as argot or lingo, throughout their communication. For example, the legal industry uses legalese and academics use academese. The technology field is no different and has its own jargon that companies regularly rely on to define their products, offerings, and services. Organizations use short, sharp jargon definitions to help users gain insight into a topic or product of interest.

Below is the Fortinet guide to jargon used in the technology and cybersecurity industry:

A

Account hijacking A form of identity theft that involves criminals gaining unauthorized control of a victim’s account. Hackers compromise email, banking, or social media accounts using tactics like phishing and password guessing.
Accumulo Apache Accumulo is a scalable, distributed database engine that is based on Google’s Bigtable. The system is built on Apache technologies Hadoop, Thrift, and Zookeeper and is written in Java.
Acoustic cryptanalysis

A hacking tactic that exploits sounds made by computers, electronic devices, and keyboards. Hackers typically use it to evade encryption-based security.

Active cyber defense The use of offensive cybersecurity tactics to limit or prevent hacking activities. It slows cyber criminals down and increases the likelihood of them making a mistake.
Advanced Encryption Standard (AES) An encryption algorithm developed by the National Institute of Standards and Technology (NIST) in 1997. AES encrypts sensitive data and is typically deployed in cybersecurity, electronic data protection, and governmental computer security.
Advanced evasion technique (AET) An attack technique for delivering harmful content in such a way that the traffic looks normal and security systems let it through. It uses various methods and attack combinations to evade detection and gain unauthorized access to networks.
Advanced persistent threat (APT) A cyberattack method that allows hackers to lurk in networks for a long period of time while they extract information or wait for the right moment to deploy malware (malicious software).
Advanced Technology Attachment (ATA) An interface that connects storage devices to computers. It enables CD-ROMs and hard disks to connect to a computer’s internal motherboard and perform basic functions.
Adware

A type of malware that shows unauthorized adverts to users—typically pop-ups, messages, new browser windows, or website add-ons—that disrupt online experiences and overload computer systems.

Alert fatigue

The exposure to frequent or a large volume of alerts, which results in users becoming desensitized to the risk. This can result in longer response times or important alerts being missed or ignored.

Algorithm A set of rules for solving problems in the correct order. Typically, an algorithm provides a series of instructions for computers to complete a task, solve a problem, or transform information into factual data.
Anagram

The rearranging of characters in a word, phrase, or sentence to hide the true meaning of a message.

Android A mobile operating system and free, open-source software used for touchscreen devices like smartphones and tablets.
Angler phishing The act of pretending to be a customer service agent to lure people into giving up personal or sensitive data. This cyberattack vector is often used on social media to target disgruntled customers.
Anomaly detection A data mining process for identifying anomalies or deviations in the normal behavior of a dataset. This information can indicate a critical incident like a technical glitch or a change in normal consumer behavior.
Anonymizer A tool that attempts to make online activity untraceable, which protects users’ personal information while they browse the internet.
Anti-malware

A software program that protects computers, networks, and systems from malware. It scans computers and systems for malware to prevent it from doing harm. It can also remove existing malware.

Application A program or piece of software that uses a computer’s operating system to perform specific functions for end-users. Examples of applications are communication platforms, web browsers, and word processors.
APT side hustle The action a nation-state hacking group takes to fund its activities through cyber crime. APT is short for advanced persistent threat.
Astroturf Astroturfing is the use of software to mask the true identity of an internet user.

Asymmetric encryption

A form of cryptography that uses public and private keys to encrypt and decrypt messages to prevent them from being read by unauthorized users.

ATM skimming

Automated teller machine (ATM) skimming is a form of payment card fraud that involves criminals fitting hidden recording devices to steal PIN codes and other credit and debit card data.

Attack surface

All of the possible points of entry a hacker can use to gain unauthorized access to a system or steal data. The larger the attack surface, the more difficult it is to protect a network.

Attack traffic

The traffic used by an attacker to target and infiltrate a network or system.

B

Backdoor

A method for bypassing normal authentication procedures to access protected data or a computer system. Developers or security teams may create backdoors for troubleshooting, but attackers can also use them to gain unauthorized access to a network or device.

Baiting

The use of social engineering to trick victims into giving up their personal or financial information or installing malware onto their device.

Baselining

A technique for analyzing the performance of a computer network to provide a comparative baseline over a period of time.

Bashmob

A predetermined event that dedicates mass resources at a specific time and location to commit cyber crime, often through social media.

Behavior analysis

A technique used to detect malicious activity by identifying anomalous behavior. It uses analytics, artificial intelligence (AI), big data, and machine learning (ML).

Benign

Internet activity that is harmless, well-intentioned, and non-malicious.

Big data

A term describing the massive volume of data that businesses amass and store, then use to make better decisions.

Biometrics

Analysis or measurement of people's unique behavioral and physical characteristics—for example, biometric authentication, such as fingerprint and iris recognition.

BIOS

An acronym for Basic Input/Output System. It is a computer program that the central processing unit (CPU) uses to initiate the device’s startup process.

Bit

The most basic measurement unit used in computing and communications.

Black-box testing

A technique for testing a system's responses and reliability without having prior knowledge of how it works.

Black hat

Hackers with malicious intentions. They use various methods to gain unauthorized access to networks, exploit security vulnerabilities, or steal data.

Black swan event

An unpredictable event outside of what is normal and expected. Black swan events are rare but can have disastrous consequences.

Blacklist

A list of elements, including domain names, email addresses, passwords, users, and websites, that are denied access to applications, hosts, and servers.

Bluekeep

A security vulnerability in older Microsoft Windows operating systems. Also known as CVE-2019-0708, it has the potential to devastate networks by spreading between computers.

Bombe

A device used by British cryptologists to decipher German military communication during World War II. It also revealed the settings of the Germans’ encryption device Enigma.

Bot

An application that automatically performs specific tasks without being controlled by a person. It does repetitive tasks faster than humans can but can also be used to cause harm to computers and networks.

Botnet

A network of bots infected by malware. Botnets can be used to carry out advanced security attacks using the power of multiple computers. A hacker installs malware to infect a group of devices, then instructs them to overwhelm victims’ servers and computers with floods of connection requests that the targets cannot handle.

Bring your own device (BYOD)

A business practice that allows employees to use their own laptops, smartphones, tablets, and Universal Serial Bus (USB) drives in the workplace. BYOD gives users more freedom and saves employers money, but it can also introduce security issues and affect productivity.

Bring your own encryption (BYOE)

A security model that enables cloud service customers to deploy and manage their own encryption software and keys.

Browser

An application that enables users to access the internet on devices like laptops and smartphones. It retrieves content from a website’s web server then shows it on a user’s device. Popular free browser options include Apple Safari, Google Chrome, Microsoft’s Edge and Internet Explorer, Mozilla Firefox, and Opera Software’s Opera.

Brute-force attack

A simple but reliable hacking technique that aims to crack passwords and encryption keys using trial and error. Hackers use it to gain unauthorized access to users’ online accounts and corporate networks. The "brute force" in the name is because of attackers using multiple forceful attempts to try and access accounts.

Buffer

An area of a computer’s physical memory storage that temporarily stores data while it is moved between locations.

Buffer overflow

A common software vulnerability or coding error that hackers can exploit to gain unauthorized access to networks and systems. It occurs when a buffer’s data exceeds its storage capacity. The extra data then overflows into a computer’s adjacent memory locations, which causes data in those locations to be corrupted or overwritten.

Business email compromise (BEC)

A form of scam that targets organizations that perform wire transfers. Attackers target the email accounts of employees with access to financial transactions to attempt fraudulent transfers.

Byte

A unit of digital information and computing storage. It was historically the number of bits used to encode single characters of text in computers, which made it the smallest unit of memory in computer architecture.

C

Catfisher

An attacker who creates new identities using other people's personal information and photos. Catfishers trick victims into communicating with them or sending them money.

CEO fraud

A form of scam that involves attackers masquerading as a CEO to dupe employees into giving up sensitive information or performing unauthorized financial transactions.

Certificate Authority (CA)

An authority that issues digital certificates to website owners.

Certified Information Systems Security Professional (CISSP)

An independent security certification awarded by the International Information System Security Certification Consortium (ISC)².

Certified signing request

A request that contains information a Certificate Authority (CA) will need to issue a digital certificate to an organization. The certificate verifies a website is authentic.

Chief Information Security Officer (CISO)

A senior executive responsible for establishing and maintaining cybersecurity, protecting corporate data, and minimizing IT risks.

Clandestine

Another word for illicit and hidden. The clandestine nature of sophisticated security threats, such as those carried out by nation-states, corporate spies, and organized cyber crime rings, is why threat intelligence is a must for organizations.

Clickbait

Text designed to encourage internet users to click on hyperlinks. Clickbait typically leads users to scandalous or dubious websites.

Clickjacking

A cyberattack that lures a victim to click a link to a website they believe to be genuine but is in truth malicious or spoofed.

Clone phishing

A phishing attack that involves hackers copying a legitimate message from an organization then adding links to a malicious website.

Cloud computing

The on-demand delivery of computing services over the internet. It allows organizations to avoid the costs of owning computing infrastructure and having to build and maintain expensive data centers. Cloud computing examples include free consumer services like Gmail and video streaming services like Netflix.

Cloud encryption

The process of transforming data from plain text into an unreadable, encrypted format. Encryption is critical when transferring or storing data in the cloud.

Cloud intelligence

An application hosted in the cloud that provides full visibility of organizations’ cloud infrastructure.

Cloud-native

An application development approach that uses cloud computing to bring applications to market faster.

CloudTrust Protocol

A procedure that establishes trust between cloud computing customers and their service providers. Created in 2010, it includes 23 cloud transparency criteria.

Cluster

A set of computers that operate as a single system and perform the same task.

Cold boot attack

In a cold boot attack, also known as the random access memory (RAM) dump attack, malicious actors perform a hard reset on a computer that has been left physically unattended. This type of attack is typically used to obtain encryption keys from a running operating system.

Commercial-off-the-shelf (COTS)

Ready-made software or hardware that is available to purchase commercially.

Computer forensics

The use of analysis and investigation to gather evidence and insight into computing device activity, usually for legal investigations.

Computer network attack (CNA)

Cyberattacks that aim to degrade, destroy, and disrupt data on computers and networks or take down an entire network.

Computer network defense (CND)

The process of defending against attacks or preventing unauthorized access to computer networks. It uses techniques like analysis, detection, monitoring, response, and restoration.

Computer network exploitation (CNE)

The act of stealing data without affecting or damaging a computer network.

Computer network operations (CNO)

A military concept that involves the use of tools, processes, and techniques to gain a strategic advantage through computer networks.

Content filtering

A cybersecurity process for screening access to emails and websites and then blocking harmful content. It ensures users cannot access device-damaging content or material that is illegal, inappropriate, or objectionable. It can be used by parents to protect children from exposure to graphic content and by organizations to block websites that are inappropriate for the work environment.

Copy-paste compromise

An attack that uses publicly available code or open-source resources for gaining information.

Covert

Describes the techniques attackers use to ensure they evade organizations’ defenses and their attack vectors do not trigger security alerts.

Covert response

A defense technique that does not alert attackers to the fact they have been discovered in organizations’ networks.

Credential stealing

A form of cyber crime that involves unlawfully obtaining passwords or login credentials to access or exfiltrate sensitive data.

Credential stuffing

A type of cyberattack in which attackers use stolen login credentials to try and access other online services.

Creepware

Software that enables hackers to spy or eavesdrop on their victims’ computers, laptops, mobile phones, and tablets.

Crimeware

A type of malware that automates cyber crimes, particularly identity theft, through social engineering techniques.

Cross-site request forgery

A vulnerability that enables attackers to dupe users into performing malicious actions on a website they are currently logged in.

Cross-site scripting (XSS)

A web security vulnerability that enables cyber criminals to inject malicious scripts into trusted websites. In an XSS attack, attackers use web applications to send malicious code that compromises user activity.

Crowdsourcing

An approach that enlists a large group of people to obtain input, information, or opinions regarding a task or project. It is usually done via the internet.

Cryptographic key

A string of characters in an encryption algorithm, which alters data so it appears random. Keys perform two things: encrypt the original message so it is indecipherable and decrypt data for the intended recipient.

Cryptography

A process that hides the true meaning of a message so only the intended recipient can read and decipher it. Cryptography has been used for thousands of years to code messages and is still widely used to protect credit cards, ecommerce sites, and passwords.

Cyber privateering

A method governments and private organizations use to hire professional hackers or even criminal hacking groups to conduct espionage on their behalf.

Cyber Riot

The name of the first advanced virus targeting Windows devices, which was first found in 1993.

Cyber vandalism

The act of damaging or destroying computer or electronic resources, such as files, systems, or websites, to interrupt or prevent their regular usage.

Cyber vigilantism

Online activity by people who lack the legal authority to combat cyber crimes and scams, often through baiting, hacking, and shaming.

D

Daemon

A computer program that runs in the background rather than being directly controlled by the user.

Dark patterns

Design elements in a user interface that deceive users into taking actions they do not intend to do, such as purchasing overpriced insurance.

Dark web

A hidden part of the internet that is only accessible through specialist web browsers. It is often used to anonymize internet activity.

Darknet

A network, such as Tor, that anonymizes internet usage and is only accessible through specialist authorization, configurations, or software.

Data breach

A security event that results in confidential or sensitive data, such as customers’ information and login credentials, being lost or stolen and exposed to unauthorized individuals. A data breach can occur through malicious activity or by accident, causing serious consequences for organizations, including loss of business, the risk of fines, and costly lawsuits.

Data compromise

The result of personal data being lost or stolen through a data breach.

Data exfiltration

A form of data breach that involves information being copied, transferred, or retrieved from devices, servers, or systems.

Data leak

The accidental loss of data, typically as a result of poor data security practices rather than a cyberattack.

Data loss prevention (DLP)

A cybersecurity solution that detects and prevents data breaches and blocks data exfiltration. DLP prevents data from being illicitly transferred outside of an organization and stops the unauthorized destruction of personally identifiable data or sensitive information.

Data remanence

The residue of digital data that remains even after it has been removed or deleted.

Data segregation

A cybersecurity technique that divides data into various categories or sections to restrict or prevent unauthorized access.

Data at rest

Digital data is at rest when housed in persistent storage locations like the cloud, databases, file-hosting services, hard disks, and tapes.

Data in motion

The process of data being transferred between locations, such as from a desktop to the cloud or portable devices.

Data in use

Data that is actively being used, typically by computer memory or caches.

Decryption

The act of decoding or unscrambling an encrypted message.

Deep packet inspection (DPI)

A method for examining data packets and their contents as they enter a network. DPI enables organizations to discover hidden threats in their network traffic and prevent data theft, content policy violations, and the spread of malware.

Deep web

Pages of the World Wide Web that are not indexed by standard search engines. They can be accessed using direct web addresses but often require passwords or authorization.

Deepfake

An artificial intelligence (AI) technique that creates convincing fake images, sounds, and videos. Deepfake technology is often used for malicious purposes, such as spreading false information, fake news, and creating public uproar by portraying a celebrity or world leader as saying something they should not.

Denial-of-service (DoS) attack

A cyberattack method that floods servers and web applications with traffic to make resources and websites unavailable. DoS attacks typically involve flooding the Transmission Control Protocol/User Datagram Protocol (TCP/UDP) with more traffic than it can handle, which can cause it to crash, corrupt data, misdirect resources, or paralyze systems.

Dictionary attack

A cyberattack method in which attackers attempt to break into networks or devices—or crack encryption keys—by entering every word in the dictionary as a password.

Differential fault analysis attack

A cyberattack method targeting cryptographic keys. It attempts to create faults in the code to reveal its inner workings.

Digital certificate

An electronic password or file proving to networks and websites that a device, server, or user is authentic. Digital certificates contain identifiable information, including the company name and device Internet Protocol (IP) address and serial number. They can also contain a copy of the certificate holder’s public key, which is used to verify their identity.

Directory traversal attack

A form of attack in which hackers use a web security vulnerability that enables them to read files on a server, such as application code and sensitive operating system files.

Distributed denial-of-service attack (DDoS)

A cyberattack method in which attackers flood a server with huge amounts of traffic, often fake internet traffic. The aim is to overwhelm the service or network and block access to websites for legitimate users.

Distributed reflection denial-of-service attack (DRDoS)

A cyberattack method that overwhelms a server by issuing requests through the User Datagram Protocol (UDP). It aims to cause more damage than a DDoS attack.

DNS amplification

A cyberattack method that manipulates public DNS servers and floods them with vast quantities of data packets.

DNS cache poisoning

A cyberattack method in which attackers enter fake information into a DNS server cache. This results in the DNS server producing incorrect replies and sending users to the wrong website.

DNS hijacking

A cyberattack method in which attackers make adjustments to DNS servers to send users to malicious websites.

DNS redirection

The act of serving users with a website that is different from what they requested or expected.

Domain fluxing

A technique attackers use to keep their botnet active by constantly changing its command-and-control (C&C) server.

Domain Name System (DNS)

A system that enables computers to understand which website a user wants to visit by turning domain names into Internet Protocol (IP) addresses. Each device on the internet has a unique IP address, which they use to communicate and share data.

Domain spoofing

A phishing technique in which attackers use false domain names to pretend to be from a legitimate organization.

Domain-based Message Authentication, Reporting and Conformance (DMARC)

An email security protocol that verifies email senders and protects domains from unauthorized access. It prevents domain spoofing and enables email domains to be authenticated and shared.

Domain-generation algorithm (DGA)

A program that provides malware, as well as botnets and ransomware, with new domains on demand.

Dox

A slang word for documents or "dropping documents."

Doxing

A hacking method of "dropping dox," which involves publishing an individual’s personal information online without their permission.

Drive

A device that stores and reads digital information, such as the files and applications your computer uses. Computer drives come in various forms, including flash drives, hard disk drives (HDD), and solid-state drives (SSDs).

Drive-by download

A cyberattack method in which hackers install malicious files or programs onto victims’ devices without their consent.

Driver

A device driver is a computer program that controls or operates a hardware device, such as a printer, that is attached to the computer. The driver allows the connected device to communicate with the applications and operating systems that use it.

Dumpster diving

The act of searching through trash, both physical and digital, to retrieve data that can help attackers launch a cyberattack, such as access codes and passwords.

Dwell time

The amount of time between an attacker gaining unauthorized access to a network and the organization discovering the breach.

Dynamic analysis

A cybersecurity approach that analyzes what action a malicious file takes when opened or executed.

E

Electromagnetic attack

A cyberattack method that uses a device’s electromagnetic radiation to perform signal analysis and capture encryption keys.

Electronic intelligence (ELINT)

The use of electronic sensors to capture and analyze data, typically for military intelligence.

Email hijacking

A cyberattack method in which hackers gain unauthorized access to an email account to monitor communications.

Encoding

The process of converting data into a format that meets information processing requirements.

Encryption

A process that secures digital data using an algorithm that makes a message unreadable to unauthorized individuals.

Encryption-as-a-Service (EaaS)

An on-demand service that enables users to take advantage of encryption without having to install and manage their own program.

Endpoint

A device that enables users to connect to and communicate on networks. Examples of endpoints are laptops and mobile phones.

Endpoint detection and response (EDR)

A cybersecurity solution that detects and responds to threats. It also collects and analyzes data from endpoints connected to a network.

Endpoint security management

A cybersecurity approach that safeguards endpoints—devices on a network and in the cloud—from cyberattacks.

Erasure coding

A data protection and recovery method that breaks data into small fragments across various locations, such as hard drives and disks. If data gets corrupted, it can be reconstructed using fragments from other locations.

Evil maid attack

A cyberattack exploit that targets unattended or unused devices, such as computers and storage devices. In this type of attack, attackers access target devices multiple times without the user knowing.

Evil twin

A malicious access point that appears to be a legitimate Wi-Fi network and enables an attacker to gather sensitive information from the devices of users who connect to it.

Expert system

A computer program that uses artificial intelligence technologies to simulate the behavior or judgment of a human being or organization with expertise on a subject.

Exploit

The piece of code or program a hacker uses to discover and take advantage of an application or system vulnerability.

Exploit kit

A pack or toolkit that enables hackers to capitalize on application or system vulnerabilities and perform malicious activity.

F

Fabric of security

The combination of various technologies to provide comprehensive, robust digital security. It can be tailored to fit the needs of different organizations and solve multiple cybersecurity challenges.

Failover

A process for switching over a computer, network, or system to another if it fails. It aims to reduce or eliminate the impact on users should a failure occur.

False flag

A false flag happens when hackers launch an attack in a way that disguises their true aim and who is responsible for the attack, often deflecting the blame to someone else.

File

A computer object that stores commands, data, or settings. Examples are application, data, and system files.

Fileless malware

A sophisticated form of malware that uses legitimate programs to infect devices rather than files, which makes it difficult to detect and prevent.

Firewall

A security solution that protects networks from malicious, unauthorized, and unwanted traffic. It blocks incoming malware and can prevent users from accessing certain content, programs, and websites.

Firmware

A software program that sits on hardware devices to provide them with necessary operational instructions.

Forensics

The use of data analysis and investigation techniques to gather evidence from computing devices.

Free and open-source software (FOSS)

Software that is available for anyone to download, use, modify, and share without cost.

Fullz

A slang term meaning “full information,” which refers to hackers stealing a complete set of data from their victims. This includes their name, address, date of birth, credit card number, card expiration date, and social security number.

Fuzzing

A black-box testing technique that involves finding bugs using incomplete or malformed data. It can also refer to a fuzzing attack, which involves attackers throwing unexpected data at devices to discover unknown vulnerabilities.

G

General Data Protection Regulation (GDPR)

A data privacy regulation that sets requirements for how organizations handle personal data. It was passed by the European Union (EU), but organizations worldwide must abide by its privacy and security standards if they collect data belonging to people located in the EU.

Gigabyte (GB)

A data measurement unit used in digital computing and media storage. 1GB equates to 1 billion bytes. GB typically refers to storage size and data transmission speed.

Google dorking

A technique for maximizing the capabilities of search engines and discovering information hidden on public websites or vulnerabilities in public servers. It is often used by journalists, investigators, and security auditors, as well as cyber criminals, to find online information that is not always visible through Google searches.

Government-off-the-shelf (GOTS)

A term to describe software or hardware typically developed by and intended for use by U.S. government agencies and not for public or commercial usage. It can be developed by external organizations but has to be commissioned by a government agency and meet specific government purposes.

Government surveillance

A technique used by governments to monitor the communications and digital activity of groups of citizens. It is typically carried out by major governmental organizations, such as the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA).

Gray-box testing

A form of application testing that searches for defects caused by improper software usage or inefficient code structures.

Grey hat

A hacker or security expert who may occasionally violate laws or ethical standards to discover and fix vulnerabilities but does not do so with malicious intent. The approach tends to be in the public interest but is still illegal because grey hat hackers do not have organizations’ permission to access their systems.

Greyware

Unwanted applications or files that can negatively affect the performance of devices or cause security risks but are not classified as malware.

Gummy bear hack

A hacking technique that aims to fool biometric fingerprint scanners by using gelatin-based candy material. It first emerged in 2002 when a research team used gelatin to create artificial fingers that tricked fingerprint scanners into providing unauthorized access.

H

Hacker

An individual with the computing and networking skills necessary to solve and overcome technical problems. Ethical hackers use their skills to discover security vulnerabilities and help organizations mitigate them, while malicious hackers use theirs to commit cyber crimes.

Hacking

The act of compromising or damaging devices or networks by gaining unauthorized access to computer systems or user accounts. While not always a malicious act, it most commonly refers to illegal activity, data theft, and other cyber crimes.

Hacktivist

A hacker who uses their skills to make a political or social statement. They typically target corporations or governments, as well as controversial public figures or religious groups.

Hadoop

A collection of open-source software from the Apache Software Foundation that enables the use of a network of computers to solve problems using vast data quantities.

Hard drive

A data storage device frequently installed inside a computer and attached to its disk controller. The hard drive is responsible for storing vital data like the device’s operating system, applications such as a word processor, and the user’s personal files.

Hardware against software piracy (HASP)

A piece of hardware that protects software programs from unauthorized copying and installation.

Hashing

A security technique that uses algorithms to transform a string of characters into a hash code. A hash function substitutes information, such as a security key, with a generated hash code, which tends to be a much shorter set of characters than the original code.

Heuristic

A cybersecurity analysis technique to examine code for suspicious or malicious properties. It is used to detect viruses and identify malware by comparing a program’s code against known virus types.

Homographic attack

A cyberattack method in which the attacker registers fake website domains to fool victims into visiting them. The fake domains are designed to look similar to legitimate websites, such as replacing the letter O with the number 0.

Human intelligence (HUMINT)

A term describing information that has been gathered from human sources. It typically refers to government agencies collecting data through espionage activity.

I

Identity management

A security process that protects devices and users and ensures only the right people have the right level of access to applications, devices, networks, and systems. It involves identifying, authenticating, and authorizing users and devices to ensure they are who they claim to be.

Identity theft

A cyber crime that involves a hacker stealing an individual’s personal information with the aim of using their identity for malicious activity. Using this information for financial gain is identity fraud.

Imagery intelligence (IMINT)

The process of gaining geographic, intelligence, or technical insight through the analysis or interpretation of photos and images.

Incident response

A clearly defined plan or strategy an organization implements in the event of a cyberattack. It minimizes damage, as well as the time and financial resources necessary to respond to the event.

Industrial control system (ICS)

A security process put in place to ensure critical infrastructure systems—such as those in highly regulated industries like the energy, manufacturing, power, and transportation sectors—are functioning safely and properly.

Inference attack

A cyberattack method that uses data mining and machine learning to steal data without accessing the database in which it is stored.

Inline network device

A device that receives data packets then forwards them to the intended destination. Examples are network devices like firewalls, routers, and switches.

Integrated development environment (IDE)

A software development tool that allows programmers to consolidate the various aspects of writing computer programs. It combines actions associated with software creation, such as source code editing, debugging, and building executables, into a single application.

Integrated drive electronics (IDE)

An interface that connects a computer’s motherboard to external storage devices, such as compact discs (CDs), digital versatile discs (DVDs), and other hard drives.

Intelligence

An understanding of the security threats an individual or organization faces. Threat intelligence uses data, tactics, and techniques, such as artificial intelligence and machine learning, to understand the latest security risks.

Internationalized domain name (IDN) homograph attack

A cyberattack method that lures victims to fake domains and deceives them into thinking it is a legitimate website. This approach is typically used to distribute malware and support phishing attacks.

Internet of Things (IoT)

A network of physical devices that are connected to the internet. They use sensors, software, and other technologies to share data in the cloud. Examples are smartwatches, fitness trackers, and medical sensors.

Intrusion detection system (IDS)

An application that monitors a network’s traffic to search for suspicious or malicious activity. It alerts an organization’s IT and security teams when it discovers potential security risks or threats.

iPhone operating system (iOS)

The operating system used to power and operate Apple’s mobile phone and tablet devices, such as the iPhone and iPad. iOS was first released in 2007. The most recent, iOS 15, was launched in September 2021.

IoT botnet

A botnet connected to the IoT. It typically involves malware-infected routers controlled by malicious actors to launch advanced security threats like DDoS attacks.

J

Jailbreak

A process that removes the limitations or restrictions of a mobile device, typically iOS devices. It enables users to download applications or software not intended or recommended for the operating system. Frequently, these applications are insecure. Jailbreaking can also be used as an attack method to remove carrier or manufacturer restrictions from a device without the user’s authorization.

Junk hack

A hacking method that exploits an unlikely item (such as a piece of candy) in a novel or unusual way. While junk hacking is theoretically possible, the chance of exploitation is unlikely or implausible.

K

Keylogger

A piece of malware that monitors and tracks a user’s keystrokes as they type on a keyboard. This can come in the form of software, which infects a device with malware and can spread to other connected devices, or hardware, which transmits data from a device but cannot spread to other devices.

Keylogging

The hacking activity an attacker uses to transmit keylogger information. Data from a keylogger is sent to a hacker’s command-and-control (C&C) server, where they can analyze the data. This information enables them to steal username and password combinations to hack the user’s accounts or commit identity theft.

Kilobyte (KB)

A data measurement unit used in digital computing and media storage. 1KB equates to 1,000 bytes.

Kinetic

A cyberattack method that exploits vulnerable IT systems and processes to cause major damage to physical systems. It is commonly used against critical structures like medical facilities, nuclear power plants, oil refineries, and water treatment plants.

Key reinstallation attack (KRACK)

A cyberattack method that exploits vulnerabilities in the Wi-Fi Protected Access 2 (WPA2) protocol, which secures Wi-Fi connections. KRACK can be used to access encrypted data when hackers are in close range of a target.

L

Lateral movement

After gaining unauthorized access to a network or system, an attacker moves laterally from east to west or vice versa to find sensitive data and increase their privileges while evading an organization’s cybersecurity defenses.

Least privilege access

A cybersecurity approach in which devices, programs, and users only get the bare minimum permission they need to perform their jobs effectively. It tightens access controls around applications, devices, files, and other resources. Organizations can assign access rights to specific departments or based on contributing factors like time, location, or the device used to access a network.

Linux

A free and open-source operating system widely deployed on hardware like computers, mobile phones, and supercomputers. The Linux operating system uses the Linux kernel to manage hardware and various software packages that can be modified and added to by users.

Lulz

An internet expression used to describe laughter. It is usually also linked to black hat hacking group LulzSec, which carried out several high-profile cyberattacks in the early 2010s. LulzSec was responsible for bringing down the PlayStation Network in 2011 and for an attack on the Central Intelligence Agency (CIA) website.

M

macOS

The operating system that powers Apple’s laptops and computers, such as the Mac and MacBook. It was first released in March 2001. The most recent iteration is macOS Big Sur. macOS 12, Monterey, is scheduled for release in October 2021.

Machine learning

A computing technique that enables computers to learn how to perform activities without a human having to program them. It enables machines to learn and gather data and patterns themselves, which is critical to the development of processes like artificial intelligence, deep learning, and neural networks. In cybersecurity, machine learning powers advanced solutions that identify and respond to threats and malicious users.

Madware

An aggressive form of adware that targets smartphones and tablets with intrusive advertising, including showing ads in the notification bar, adding icons and shortcuts to the home screen, and flooding the device with text message ads. Madware typically ends up on devices when users agree to watch ads on free mobile apps and is particularly prevalent on Android devices.

Malicious

Cyber activity or code that is deemed dangerous. Malicious activity involves hackers attempting to destroy or steal data, damage devices, and disrupt users’ digital lives. Malicious code refers to security threats such as malware, Trojan horses, viruses, and worms.

Maltweet

Malicious content on the social networking site Twitter, which points users to spoofed websites or leads to devices being infected with malware.

Malvertising

The act of using malicious online advertising to spread malware. In this type of attack, devices of users who click a malicious ad get injected with malware. Malvertising can also send users to corrupted or spoofed websites that steal their data or download malware onto their devices.

Malware

Malicious software that cyber criminals use to gain unauthorized access to devices and networks, steal data, or damage systems. Malware comes in many forms. The most common are ransomware, spyware, and viruses.

Man trap

A physical security system that involves one door being closed before the second can unlock. A man trap ensures high physical security because an individual is trapped in a small room until their identity can be verified.

Man-in-the-middle (MITM) attack

A cyberattack method in which hackers steal data by exploiting weak web-based protocols, enabling them to snoop on email, text, or video conversations and steal data without users realizing it. Some MITM attacks use bots to impersonate users through text messages and even voice calls.

Measurement and signature intelligence (MASINT)

A rare discipline that uses data gathering and processing to identify chemical weapons or unknown weapon systems. Government agencies like the FBI use MASINT to detect biological, chemical, and nuclear materials to prevent terrorist activity.

Megabyte (MB)

A data measurement unit used in digital computing and media storage. 1MB equates to 1 million bytes.

Metasploit framework

An open-source tool that enables hackers to probe system vulnerabilities within networks and servers. The framework can be used by ethical hackers for penetration testing and threat hunting—and so can malicious hackers.

Money, ideology, compromise, and ego (MICE)

A memory technique that counterintelligence teams use to remind trainees of the four biggest motivations of cyberattackers. It helps trainees remember why an attacker would commit acts like treason, insider threats, and other cyber crime activity.

Micro virtual machine (micro VM)

A program that isolates untrusted computing operations from the computer’s central operating system. It relies on hardware isolation to prevent user activity such as web browsing and media downloading to affect the system.

Mitigation

A cybersecurity technique that uses security policies and processes to limit the impact of an attack. The mitigation process begins with threat prevention, then threat detection and identification, before going into threat remediation.

Monte Carlo simulation

A risk analysis technique that enables users to understand the potential outcomes of the actions they take. It uses computerized mathematical simulations to predict consequences and the probability of them happening. It is commonly deployed by companies in the energy, engineering, financial, insurance, project management, oil and gas, and transportation sectors.

Multi-factor authentication (MFA)

A security approach that requires users to verify their identity by providing two or more additional factors, such as a one-time passcode or biometric data like their fingerprint. It adds extra security that helps organizations prevent sophisticated cyberattacks, ensuring a user’s account cannot be accessed even if a hacker manages to steal their password.

N

Network detection and response (NDR)

A cybersecurity approach that enables an organization to detect and prevent malicious activity, investigate and examine root causes, and mitigate and respond to security incidents.

Network telescope

A network monitoring tool that allows IT teams to observe large events that occur on the internet by studying traffic patterns within a specific section of the deep web.

Network Time Protocol (NTP)

A protocol that synchronizes the system clocks on a network.

Network Time Protocol (NTP) attack

A type of distributed denial-of-service (DDoS) attack that generates many query packets that get sent to an NTP server, overwhelming it in the process.

Next-generation firewall (NGFW)

A hardware or software device that blocks attacks using security policies at the port, protocol, and application levels.

NMAP

Short for network mapper, a security tool used to scan Internet Protocol (IP) addresses and discover communication ports, host names, and the versions and names of operating systems.

O

Obfuscation

A technique that involves engineering software in a way that makes it hard to analyze, reverse-engineer, or figure out how it actually works.

OCTAVE

Stands for Operationally Critical Threat, Asset, and Vulnerability Evaluation. It describes the techniques organizations use to minimize the threat of exposure, mitigate attacks, and determine the potential damage of attacks.

Open-source

Code that is available for free online using an open-source license. The holder of the copyright allows people to change, study, and distribute the software free of charge.

Open-source intelligence (OSINT)

Information obtained from collecting, processing, and analyzing publicly available data. It is used to anticipate and prevent security threats.

Operating system (OS)

Software that manages the hardware within a computer and provides services to enable it to execute applications.

Operational technology (OT)

Software or hardware that can check and control industrial equipment, events, and processes.

P

Packet

The smallest unit of data transmitted through a digital network.

Pass-the-hash

A cyberattack technique used by hackers in which they authenticate to a remote service or server using the hash of a password—the scrambled representation of a password—instead of a plaintext password.

Payload

The information held within a single data transmission. In cybersecurity, it often refers to the component of malware that executes a malicious action.

Payment Card Industry Data Security Standard (PCI DSS)

Data standards meant to ensure that everyone involved in the processing of payment cards protects the sensitive information of customers.

Penetration testing

A type of testing that ascertains how effective a security system is by attacking it with the permission of administrators or company executives.

Peripheral

A device that is attached to a host computer, such as a printer, camera, or musical keyboard.

Personal security product (PSP)

A software application that gets installed within a workstation and is engineered to guard users from common internet threats, such as viruses, port scans, and Trojans.

Personally identifiable information (PII)

Any data that can be used to identify a particular person. This may include biometric data, financial information, medical information, and passport or social security numbers.

Pharming

A cyberattack technique that involves installing software on a target system without the victim knowing. The victim then gets sent to sites that the hacker has chosen.

Phish-prone percentage

The percentage of users who performed unsafe actions after they were sent a phishing email. It is used to assess the level of cyber awareness within an organization.

Phishbait

Email content written in such a way that entices victims to open it and click on a malicious link. Phishbait can appear in both the subject line and the content of the email, and it can consist of text or images.

Phishing

An attack used by hackers that involves sending an email designed to get a victim to open a malicious link that is ultimately used to steal their private information.

Phreaking

An older form of hacking in which attackers manipulate communication systems to do things like make long-distance phone calls or control which calls are allowed to go in or out of a system.

Port mirroring

A method of monitoring the traffic of a network while it forwards copies of packets between network switch ports. This technique makes it possible for administrators to study the performance of switches and identify potential issues.

Post-compromise

The situation an enterprise faces in the wake of a successful attack. Post-compromise security, on the other hand, is the protection strategy the organization puts in place after an attack.

Power-analysis attack

A type of attack in which a malicious actor tries to get inside a system by analyzing how much power each physical device consumes.

Pretexting

A type of social engineering in which the attacker creates a false pretext that sounds believable. They then use that to trick the victim into providing information or performing certain actions.

Privilege creep

A situation where a person obtains access rights beyond what they have been granted by a system or its administrators. Hackers gaining access to a more sensitive area of the network after they have obtained the login credentials of someone within an organization is an example of privilege creep.

Privilege escalation attack

A form of attack that involves exploiting an administrative oversight, a bug, or an improperly configured system to gain access to systems or areas of the network a person normally does not have the rights to.

Privilege management

The process of managing the activities and data users within a system are allowed to access, ensuring that only those with the proper authority can access sensitive information or areas of the network.

Protected health information

Information—such as health care, health status, or payment for health services—that are either collected or created by what is known as a “covered entity,” such as a hospital.

Pseudorandomized data

Data that may look random but is actually created or changed by processes that can be repeated by computer systems.

Public key cryptography

A system that uses two different keys, one of which is secret and the other public. The public key encrypts the text of an entry or verifies a signature, and the private key decrypts it.

Public key infrastructure (PKI)

The software, people, procedures, policies, and hardware that make and manage digital certificates.

Pwn

A term originating from a typo of the word “own.” When a person or network has been pwned, they have been defeated, outsmarted, penetrated, or put under the control of someone else.

Python

A scripting language that makes it possible to quickly develop applications that can accomplish many different types of tasks, such as data visualization, analytics, game development, and animation.

Q

Quick response (QR) code phishing

A kind of phishing attack that makes use of a QR code instead of an attachment or a link.

Quality of service (QoS)

A set of technologies that outlines the needs of a particular application or system. It determines whether the system is getting the resources it needs.

R

Rainbow table

A reference table that makes it possible for an attacker to figure out which plaintext password matches a specific hash value.

RAM scraping

The process of examining a device's random access memory (RAM) to find sensitive information. It is often used by hackers to attack point-of-sale (POS) systems.

Random access memory (RAM)

A type of computer memory that can be changed and read in any order. It stores machine and working data and helps computers run faster by ensuring data essential to smooth operation is readily available.

Ransomware

A kind of malware that disables or compromises a user's computer until they pay a ransom. This is typically accomplished by encrypting the target's data, then requiring the victim to pay for the decryption key.

Remote access Trojan (RAT)

A program that gives command-and-control (C&C) services to hackers, enabling them to manage attack campaigns.

Response

An action an organization, individual, or system takes to remediate, contain, or recover from a cyber incident. Responses can involve a combination of automated and manual actions, as well as a wide variety of people, processes, and technologies.

Reverse engineering

The process of studying software or hardware and figuring out how it works and processes information. It helps researchers and IT teams prevent a malicious action or recreate desirable processes.

Reverse proxy

A server positioned in front of a web server. It forwards requests from a browser to web servers.

Risk

The chance that a threat will successfully exploit a vulnerability and cause damage to a digital asset.

Rivest, Shamir, Adleman algorithm (RSA)

A public key cryptography algorithm that is based on how hard it is to factor numbers with many digits. It makes use of two prime numbers multiplied by each other, along with an auxiliary key.

Rogue access point

A fake wireless access point installed by a hacker. It is designed to get past security controls or spy on a network.

Rootkit

A malicious application engineered to hide processes and programs from cybersecurity detection tools.

S

Salt

In cryptography, salt is random data added to sensitive data before the sensitive data is hashed and stored. Usually, this is a password that is difficult to crack.

Sandbox

A virtual container that cybersecurity professionals use to run programs they do not trust and analyze their behavior.

Scareware

A cyberattack method that involves using scare tactics to trick users into installing or buying malicious software. For example, a hacker may convince a user that they have sensitive or embarrassing information and use that to extort money from them.

Scraping

A process performed by bots in which they automatically collect information from a hard drive, RAM, or the internet. Many forms of web scraping are benevolent. Some help search engines produce results for users.

Script kiddie

A type of hacker who uses scripts written by other hackers to attack computers and systems. They are seen as amateurs by the hacking community.

Search engine optimization (SEO) poisoning

An attack technique that displays malicious websites high up in the search engine rankings.

Secure sockets layer (SSL)

A protocol that encrypts data so it can be sent securely through the internet.

Security awareness training

A form of employee training that enables staff and other personnel to be aware of the security risks their organization faces, as well as what they can do to avoid them.

Security information and event management (SIEM)

A cybersecurity approach that provides professionals with alerts and security logs generated by monitoring applications. These are analyzed by SIEM technology, and the information is used to inform security practices and mitigation strategies.

Security operation center (SOC)

A centralized group of processes, technology, and people working together to improve the security of a company by identifying, analyzing, and organizing responses to security incidents.

Security orchestration, automation, and response (SOAR)

Technologies or resources that make use of application programming interfaces (APIs) to collect telemetry data from cybersecurity tools within a network. The data is then used by security operation centers (SOCs) to help safeguard the network.

Serial advanced technology attachment (SATA)

A computer bus interface that connects computers to storage devices such as optical drives and hard drives.

Sextortion

A type of scareware in which the hacker claims they have images of the target engaging in lewd sexual behavior. The attacker then threatens to share these images unless the victim pays a ransom or performs some other kind of action.

Shadow IT

A practice in which employees or other users introduce their own software or hardware in the workplace even without explicit approval from the IT department.

Sharking

A type of cyberattack in which a hacker uses technology that can monitor and even control a card player’s computer remotely. This gives the hacker advantage against the target.

Shellcode

A piece of code composed of a series of machine-code instructions that a hacker delivers all at once as input during an attack. This makes it easier for hackers to engage in more complex attacks.

Shoulder surfing

An attack tactic in which someone secretly watches somebody enter sensitive information, particularly a password, as they use a device, such as a laptop, tablet, phone, or an automated teller machine (ATM).

Side-channel attack

An attack that uses physical information as opposed to algorithms to execute a cyber assault. These may involve analyzing how different components of a system draw electrical power under certain circumstances or timing attacks based on when components of a system operate.

Signals intelligence (SIGINT)

A kind of cyber intelligence built on studying electronic communications in a variety of forms to gain an advantage over an adversary.

Signature

An attribute used to identify known malware. Signatures are composed of patterns of data that are unique to specific kinds of malware.

Signature-based detection

A cybersecurity measure that leverages an identifier or signature associated with malware and uses it to prevent a threat.

SIM swap

In a subscriber identity/identification module (SIM) swap attack, a hacker makes it seem like the victim is activating a SIM card on a different device. The hacker can then deactivate the victim’s original device and use their own device to receive text messages, phone calls, data, and account information.

Simulated phishing

A cybersecurity technique that uses simulated emails to gain an understanding of how well employees and others within the organization respond to phishing attacks.

Sinkhole

A Domain Name System (DNS) server set up to supply false domain names to users. This means that every computer using the DNS sinkhole will not be able to access the actual website. A DNS sinkhole is a cybersecurity measure and is also known by other names: internet sinkhole, blackhole DNS, and sinkhole server.

Situational intelligence

The ability to respond to a security incident using its situational context. For instance, you can better inform how you respond to certain threats if you know where they physically came from.

Smishing

A text message designed to trick the victim into trusting a hacker. The attacker pretends to be someone the target trusts or an organization they may feel comfortable giving private information to.

Sneakernet

A form of hacking that involves taking information from one place to another using a physical storage device and introducing it to a network or system.

Sniffer

A hardware or software application that intercepts data as it moves through a network without interfering with the movement or content of the data.

SNORT

An open-source cyber defense technology that functions as both an intrusion detection and intrusion prevention system. It works by creating rules that identify the activity of malicious networks or data.

SOC visibility triad

The security operation center (SOC) visibility triad is a network security approach that uses three pillars: security information and event management (SIEM), network detection and response (NDR), and endpoint detection and response (EDR).

Social engineering

The practice of convincing someone to take an action that can potentially harm them, such as providing private information. Social engineering techniques hackers typically use include baiting, pretexting, spear phishing, and vishing.

Sockpuppet

An identity created online to deceive others—a fictitious persona or alias. A sockpuppet can be used by security investigators to gather information. Hackers can use them to pretend to be someone else and trick their targets into giving up sensitive information.

Spam

Unwanted or unsolicited emails sent to large groups of people. Spam is often used to distribute malware, phishing emails, and other types of malicious content.

Spear phishing

A cyberattack targeting a particular person or a small group of people to obtain sensitive information from them. Whereas phishing emails are sent to large groups of people, spear phishing messages are crafted carefully to trick a specific person or group into responding.

Splunk

An advanced form of software that collects large amounts of real-time network and machine data, making it available for use by cybersecurity professionals.

Spoofing

A commonly used cyber threat that involves creating an email with a false sender or creating a fake website that is supposed to mimic a real one. The objective is to trick a victim into trusting the email or site.

Spyware

A kind of malware that provides information about what the user does to a hacker. It collects sensitive information, such as bank account and credit card details, internet usage data, and user credentials that malicious actors can use to instigate network breaches, spoof user identities, or launch other forms of criminal activity.

SQL injection

A type of attack that injects code designed to target vulnerabilities in databases or applications. It uses Structured Query Language (SQL) statements, putting the code inside entry fields to steal or manipulate data.

SQL poisoning attack

Another way of referring to an SQL attack, which targets databases with malicious SQL statements. The code entered into fields can be used to impact the database itself, altering contact information or facilitating the theft of data.

SSL checker

A secure sockets layer (SSL) checker is a tool that is able to verify whether or not an SSL certificate has been properly installed on the webserver.

Steganography

The practice of concealing a message, typically inside an image. This way, only the person who sent the communication and the person who is supposed to get it can recognize that it is there.

Structured Query Language (SQL)

A programming language that manages data within a relational database system. SQL is one of the more popular tools for programmers who build and work with databases.

Supervisory control and data acquisition (SCADA)

Industrial control systems that can automatically manage large processes across an extensive geographic area. They are widely used in industries such as food and beverage processing, pharma/biotech, water and wastewater management, and seafood processing.

Supply chain attack

A form of attack that impacts an organization by disrupting its supply chain. The supply chain may include software or hardware that can be used to gain access to the target’s network.

SYN flooding

A kind of denial-of-service (DoS) attack in which a client repeatedly sends synchronization packets from fake IP addresses to every port of a server. The attacking server never returns in acknowledgment so communication is never established and the victim server gets overwhelmed with synchronization packets.

SYN scanning

A cyberattack method a hacker uses where they leverage synchronization requests in an attempt to find open ports they can use to gain access to a network or system.

T

Tabnabbing

A kind of phishing attack in which a hacker persuades targets to log in to a fake website. When they do, the hacker can steal their login credentials.

Tactics, techniques, and procedures (TTP)

An IT and military approach designed to analyze how someone online or connected to a network behaves, whether they have good or malicious intentions. It outlines the tactics, techniques, and procedures that malicious actors use from a high, medium, and explicit level of detail, respectively.

Tailgating

A kind of social engineering where someone without authorization gets physically inside a strict area by tagging behind a person or group of people who have access.

Taint analysis

A process where software engineers check to see if user input can affect the way a program executes. It identifies every user data source and makes sure that anything "tainted" is sanitized.

Telephony denial-of-service (TDoS)

A kind of attack where large amounts of phone calls are used to overwhelm a telephone system, which then makes the system impossible for legitimate callers to access.

Threat

An individual or thing that is potentially dangerous. This includes hackers, other attackers, and the technologies they use.

Threat intelligence

A type of intelligence gathered about malicious actors and the techniques they use to compromise systems and networks.

Thumb drive

A storage device that plugs into a Universal Serial Bus (USB) port.

Timing attack

An attack in which a hacker tries to compromise a system by figuring out how long it takes for it to execute responses to specific inputs.

Transport layer security (TLS)

A security protocol that uses asymmetric cryptography to ensure the parties engaging in a communication are who they say they are. Using TLS, the parties exchange symmetric keys with each other, and these serve to verify their legitimacy.

Trojan horse virus

A kind of malware that pretends to be a safe program. When users install a Trojan virus, it gets launched within their system and can then be used to propagate other kinds of malware.

Trojanize

The act of converting software into a Trojan that can be used by hackers to access or corrupt systems.

Tweet

A message sent over the Twitter social network.

Twenty Controls

The guidelines that help businesses meet a variety of cybersecurity requirements. They were developed by a group of United States government agencies and private companies, as well as agencies from the United Kingdom and Australia.

Two-factor authentication (2FA)

A method of securing a system so it does not rely on a password alone. It involves a user presenting at least two forms of identification to verify they are who they say they are. Authentication factors can be something they know, something they have, or a physical attribute, such as a biometric marker.

Typosquatting

A form of attack that involves using or registering a domain that is very similar to another, taking advantage of users who may make a typo when typing in the domain.

U

Unified Extensible Firmware Interface (UEFI)

Low-level software that is part of the Basic Input/Output System (BIOS), making it possible for the computer’s firmware and operating system to communicate while the system boots up.

Universal Serial Bus (USB)

A plug-and-play interface used for connecting computers and other devices, such as disk drives and printers.

Unix

A family of operating systems that supports multiple users and multitasking. The original Unix system was developed by Dennis Ritchie and Ken Thompson in the 1970s.

URL obfuscation

Uniform Resource Locator (URL) obfuscation is a technique hackers use in which the characters of a URL are scrambled to make it harder to interpret. Attackers use it to mask the real address of a malicious site.

User experience (UX)

The overall experience of an end-user as they engage with a website, product, or application. UX focuses on how effective, efficient, and easy to use the product or application is.

User interface (UI)

A device component consisting of the mechanisms that enable the user experience. These may include visual, tactile, or auditory facets of computer interfaces. Examples are keyboards, display screens, and a mouse.

V

Virtual appliance

The image file of a virtual machine consisting of an operating system and software. Virtual machines typically host an application.

Virtual machine (VM)

An operating system inside a computer that runs programs as if it were its own separate computer.

Virtual private network (VPN)

A service used by a remote computer to interact with another network through a secure tunnel. It protects data, online activity, and location information from eavesdroppers and other malicious entities.

Virtualization

Technology that allows the creation of a virtual version of a digital resource, such as a server or a storage device.

Virus

A kind of malware that is able to copy itself and corrupt or change files on a computer.

Virus scan

A process that automatically finds and detects the presence of malware.

Vishing

A kind of phishing attack that uses voice calls to connect with victims instead of email.

Vulnerability

A flaw in software or hardware that allows it to be attacked by an external computer system. Vulnerabilities can also be a result of a misconfiguration.

W

Wardriving

A form of cyberattack in which hackers drive around to find wireless networks with vulnerabilities.

Watering hole attack

A type of cyberattack in which a hacker compromises a site that several members of a specific community tend to visit, with the intention of infecting those people’s devices with malware.

Weaponize

The act of turning an asset into a weapon, such as when a hacker uses a vulnerability to attack an organization’s network.

Whaling attack

A cyberattack that targets a specific high-level individual in an organization, seeking to take advantage of their access credentials.

White-box testing

A software testing technique that involves putting the internal structures of an application to the test to gain knowledge about how it performs under specific conditions.

White hat

A type of hacker who researches vulnerabilities by performing penetration tests, where they get permission to attack a network. In this way, they can discover its weak points and provide insights on how to address them.

Whitelist

A list of entities—people or things—that are authorized to enter a network, system, or facility.

WikiLeaks

An organization that focuses on publicizing leaked classified or sensitive information provided by a variety of anonymous people and organizations.

Wild, the

"The wild” refers to all cyberspace except for those created within a controlled laboratory environment. Malware is in the wild when it is moving through cyberspace, infecting devices and networks.

Windows

An operating system developed by Microsoft Corporation. First introduced in 1985, Windows has undergone numerous iterations over the years, with the latest being Windows 11, which was released in October 2021.

Wizard

An interface that walks a user through a series of steps, making installation, troubleshooting, or another digital task more straightforward for the user.

Worm

A kind of malware that replicates itself and then uses the network to send copies of itself to other computers and devices. A worm often does not need any help from users to levy considerable damage to a network.

Z

Zero day

A situation in which researchers uncover a flaw in software before the people who own the code have discovered it.

Zero trust

A cybersecurity architecture that allows organizations to protect their data and systems by building stringent authentication and verification protocols. Zero trust is built on the concept of “never trust, always verify,” meaning every person, device, application, and network is presumed to be a threat.

Zero-day attack

A type of cyberattack in which the hacker takes advantage of a zero-day or previously unknown software vulnerability.

Zero-day malware

Previously unknown malicious software. It has not been studied and profiled by cybersecurity intelligence professionals. As a result, there is no detection signature associated with it, making it more difficult for filters to identify.