Comprehensive definitions of cybersecurity terms, concepts, and technologies. Click on any term to find related blog posts and detailed explanations.
Interactive Glossary
This glossary shows all terms with their definitions. Terms with detailed blog posts are clickable links. Terms without posts show definitions only.
Access control restricts resources, systems or data based on user identity, roles and permissions.[1] It employs mechanisms like ACLs, RBAC and ABAC to enforce policy. Dynamic controls can adapt to risk factors such as location or behavior anomalies. Effective access control reduces insider threat and lateral-movement risk.
Account freezing temporarily suspends user accounts upon detecting suspicious activity.[1] Triggers include brute-force attempts, credential stuffing or unusual geolocations. Frozen accounts block all logins until verified by security teams. Automated workflows and user notifications streamline incident response.
Account takeover (ATO) occurs when attackers seize control of a legitimate user account through stolen or brute-forced credentials.[1] Criminals then pivot to steal funds, exfiltrate data or launch further social-engineering attacks. Modern ATO campaigns blend credential-stuffing, phishing and SIM-swapping to bypass multi-factor defences. Continuous monitoring, adaptive authentication and dark-web credential tracking are key mitigations.
An APT is a stealthy, prolonged attack by skilled adversaries targeting high-value assets.[1] They blend spear-phishing, zero-day exploits and custom malware to maintain access. Lateral movement and data exfiltration occur over weeks or months. Detection relies on threat intelligence, EDR telemetry and anomaly analytics.
Adware displays unwanted ads or content, often bundled with free software.[1] It may track browsing behavior, undermining privacy and security. Some variants install additional malware or redirect to malicious sites. Browser-hardening and reputable sources reduce adware risk.
Backup security protects data copies from unauthorized access, corruption or destruction.[4] Immutable storage prevents ransomware from encrypting backups. Offline and air-gapped copies provide recovery from advanced attacks. Regular testing validates restoration procedures and integrity.
A botnet is a network of malware-infected devices under attacker control.[1] Bots communicate via IRC, HTTPS or proprietary C2 protocols. Botnets enable DDoS, spam campaigns and cryptomining at scale. Mitigation uses sinkholing, C2 disruption and endpoint hygiene.
Brute-force attacks trial all password or key combinations until successful.[1] Rate-limiting, account lockouts and captchas impede rapid guessing. Credential stuffing leverages reused passwords from breaches. Adopting MFA effectively stops most brute-force attempts.
A buffer overflow occurs when input exceeds allocated memory bounds.[85] Attackers overwrite adjacent memory to inject code or crash programs. Languages with manual memory management (C/C++) are high-risk. Bounds checking, ASLR and DEP mitigate overflow exploits.
A certificate authority issues digital certificates binding identities to public keys.[69] Root CAs establish the trust anchor for TLS/SSL chains. Compromise of a CA can undermine web encryption at large scale. PKI best practices include key escrow, auditing and automated revocation.
Command-and-Control (C2) servers relay instructions between attackers and malware.[70] Channels use HTTP(S), DNS or custom protocols to blend with legit traffic. Disrupting C2 requires blocking IPs, domains and sinkholing traffic. Network monitoring and threat-intel feeds detect emerging C2 infrastructure.
XSS lets attackers inject scripts into trusted web pages viewed by other users.[1] Reflected, stored and DOM-based variants differ in exploitation vector. Consequences include session hijacking, defacement and drive-by downloads. Output encoding, CSP headers and framework sanitizers block XSS attacks.
Cryptojacking is the covert hijacking of computing resources to mine cryptocurrency.[20] Attackers embed JavaScript miners in websites or drop miners via malware. Victims experience degraded performance, higher energy costs and potential hardware damage. Blocking known mining domains, enforcing script integrity and monitoring abnormal CPU usage help thwart attacks.
A data breach is unauthorized exposure of sensitive information to external parties.[1] Root causes include misconfigurations, compromised credentials or insider misdeeds. Detection uses DLP systems, log analytics and dark-web monitoring. Encryption, least-privilege access and continuous auditing limit breach impact.
A DoS attack overwhelms targets with traffic to disrupt services.[1] DDoS amplifies impact using distributed botnets or reflection techniques. Application-layer floods exploit costly server operations at low volume. Mitigation combines scrubbing centers, rate limits and CDN offload.
Digital forensics examines system data, user activity and digital evidence to investigate security incidents.[84] Investigators follow strict chain-of-custody procedures to preserve evidence integrity. Forensic analysis reconstructs attack timelines and identifies threat actors. Tools include memory dumps, network captures and file system analysis.
DDoS co-opts multiple systems to generate traffic floods from diverse locations.[1] Reflection attacks abuse open UDP services to magnify traffic volume. Behavioral analysis and geo-blocking reduce attack surface. Global anycast networks absorb and reroute malicious flows.
Encryption converts plaintext into ciphertext using algorithms and keys to preserve confidentiality.[5] It operates at rest (e.g., full-disk or database encryption) and in transit (e.g., TLS, IPSec). Strong encryption depends on key length, algorithm strength and secure key management. Regulatory frameworks like GDPR and HIPAA increasingly mandate encryption for sensitive data.
EDR continuously monitors endpoint activities for malicious behavior and security incidents.[1] Real-time detection capabilities identify threats missed by traditional antivirus. Response features enable remote isolation, process termination and threat remediation. Behavioral analytics detect advanced persistent threats and zero-day exploits.
Ethical hacking tests security by simulating attacks with proper authorization.[1] Penetration testers identify vulnerabilities before malicious actors exploit them. Scope definition and signed agreements protect against legal liability. Findings feed vulnerability management and security improvement programs.
An exploit is code or technique that takes advantage of vulnerabilities to compromise systems.[85] Exploits serve as delivery vehicles for malware, not malware themselves. Zero-day exploits target unknown vulnerabilities before patches exist. Defenses include patch management, exploit mitigation and behavioral detection.
A false positive incorrectly identifies benign activity as malicious or suspicious.[1] High false positive rates overwhelm analysts and reduce detection effectiveness. Tuning security tools and enriching alerts with context reduces noise. Machine learning models improve accuracy through continuous training.
A firewall monitors and controls network traffic based on security rules.[92] Next-generation firewalls integrate deep-packet inspection and application awareness. Rule misconfiguration remains a leading cause of unintended exposure. Regular auditing and least-privilege rulesets strengthen firewall efficacy.
FDE encrypts entire storage devices to protect data at rest from unauthorized access.[1] Encryption keys are typically derived from user passwords or hardware tokens. FDE prevents data theft from lost or stolen devices. Management platforms centrally deploy and monitor encryption across endpoints.
A gateway provides compatibility between networks by converting protocols and security measures.[100] Secure gateways enforce policies at network boundaries. Email gateways filter spam and malware from incoming messages. Web gateways block access to malicious or inappropriate content.
GPG is open-source encryption software providing cryptographic privacy and authentication.[97] It implements the OpenPGP standard for secure email and file encryption. GPG supports digital signatures to verify message authenticity and integrity. Key management includes generation, distribution and revocation capabilities.
GRC integrates security policies with business objectives, risk appetite and regulatory demands.[97] Effective GRC programs map controls to standards like ISO 27001 and NIST CSF. Continuous risk assessment informs resource allocation and executive reporting. Automation platforms streamline evidence collection and audit readiness.
GPOs centrally manage Windows Active Directory settings and security configurations.[97] Policies control user privileges, software installations and security settings. Misconfigured GPOs can create security vulnerabilities or operational issues. Regular auditing ensures policies align with security requirements.
Hash functions generate fixed-size digests from variable-length input data.[2] Cryptographic hashes like SHA-256 ensure data integrity and authentication. Password hashing with salts protects credentials from rainbow table attacks. File integrity monitoring uses hashes to detect unauthorized modifications.
A honeynet is a network of interconnected honeypots simulating real infrastructure.[98] Larger honeynets engage attackers for longer periods and gather more intelligence. Honeynets can model specific industries or technologies to attract targeted threats. Centralized monitoring and analysis tools process data from multiple honeypots.
A honeypot is a decoy system designed to lure attackers and study their tactics.[95] High-interaction honeypots emulate full systems while low-interaction variants simulate limited services. Data gleaned enriches threat intelligence and aids early-warning detection. Isolation and legal considerations are essential when deploying honeypots.
HSTS forces browsers to use HTTPS connections and prevents downgrade attacks.[1] HTST headers instruct browsers to reject unencrypted HTTP connections. Preload lists ensure HSTS protection from the first visit to a domain. HSTS helps prevent man-in-the-middle attacks and SSL stripping.
IAM controls digital identities and their access to organizational resources.[24] Single sign-on (SSO) simplifies authentication while maintaining security. Privileged access management (PAM) secures administrative accounts. Zero-trust principles verify every access request regardless of location.
Incident response is the structured approach to detecting, containing and recovering from security breaches.[99] Response teams follow predefined procedures to minimize damage and restore operations. Phases include preparation, identification, containment, eradication and recovery. Post-incident reviews capture lessons learned and improve future responses.
An ISMS is a structured framework to protect organizational information assets systematically.[96] ISMS integrates policies, procedures and technical measures to manage security risks. ISO 27001 provides internationally recognized guidelines for ISMS implementation. Continuous monitoring and improvement adapt to evolving security threats.
An IDS monitors network or host activity to identify malicious events in real time.[7] Signature-based engines match traffic against known attack patterns. Anomaly-based detection flags deviations from established baselines. Pairing IDS with automated response accelerates threat containment.
JavaScript hijacking abuses JSONP endpoints to steal sensitive data by tricking a victim’s browser into executing malicious callbacks.[112] Attackers host a fake script URL that returns the victim’s data wrapped in a function call under attacker control. Once loaded, the callback exposes data to the attacker’s origin via the browser’s same-origin policy loophole. Mitigations include disabling JSONP, enforcing CORS and validating callback parameters strictly.
Juice jacking uses public USB charging ports to install malware or exfiltrate data from connected devices without consent.[112] Attackers modify kiosks or cables to act as malicious USB hosts, delivering payloads or copying files. While no large-scale incidents have been confirmed, proof-of-concept demonstrations highlight real risk. Users mitigate by using charge-only cables, external batteries or AC adapters instead.
A keylogger covertly records keystrokes to harvest credentials, personal data or intellectual property.[114] Variants include software implants, hardware dongles and kernel-level drivers. Logs are exfiltrated via C2 channels like HTTP, DNS tunneling or SMTP. Endpoint detection, behaviour analytics and secure-input methods defend against keylogging.
Lateral movement is how adversaries traverse within a compromised network to reach critical assets.[1] Common techniques include Pass-the-Hash, WMI abuse and remote service exploitation. Detection uses rich telemetry: EDR, NetFlow, Windows event logs and identity analytics. Zero-trust micro-segmentation and just-in-time privileges restrict lateral paths.
Malware is malicious software—viruses, worms, Trojans, ransomware—designed to disrupt, damage or steal data.[1] Authors leverage obfuscation, packing and code signing abuse to evade detection. Ransomware affiliates use double-extortion, threatening data leaks alongside encryption. Defences include layered AV, exploit mitigations, threat-intel sharing and user education.
Network segmentation isolates systems into zones to limit threat propagation and enforce least privilege.[22] Methods include VLANs, VRFs, software-defined micro-segments and host-based firewalls. Regulatory regimes (PCI-DSS, HIPAA) often mandate segmentation of sensitive data environments. Ongoing validation via rule audits and red-team exercises ensures segment integrity.
Offensive security involves ethical hacking methodologies—pen tests, red-teaming, breach-and-attack simulations—to identify and remediate vulnerabilities before adversaries exploit them.[12] Engagements require strict scoping, legal authorization and non-disclosure agreements. Results feed patch management, secure-coding training and executive risk reporting. Continuous adversary emulation platforms automate test cycles and measure resilience over time.
Phishing uses deceptive emails or messages to trick recipients into revealing credentials or executing malware.[1] Spear-phishing and BEC (business email compromise) target high-value individuals with tailored lures. DMARC enforcement, anti-spoofing checks and AI-driven email filters reduce phishing success rates. Periodic simulations and just-in-time training lower click rates dramatically.
Quarantine isolates suspected malicious files, emails or hosts to prevent further spread.[24] Security tools vault payloads for offline analysis in sandboxes or air-gapped labs. Network Access Control (NAC) can auto-quarantine compromised endpoints pending remediation. Well-defined runbooks ensure safe restoration or secure disposal of quarantined assets.
Ransomware encrypts or steals data and demands payment for decryption keys or suppression of leaks.[5] Double- and triple-extortion models add data theft and DDoS threats to amplify pressure. Initial access via phishing, RDP brute-force or VPN exploits enables payload deployment. Immutable backups, recovery drills and network segmentation underpin resilient defences.
Social engineering manipulates human biases—authority, urgency, reciprocity—to bypass technical controls and gain illicit access.[12] Pretexting, baiting, vishing and deep-fake media expand the threat landscape. Defences include multi-factor authentication, user-centric training and simulated phishing exercises. Cultivating a speak-up culture reduces the chance victims comply with malicious requests.
Threat intelligence is actionable knowledge about adversaries, their TTPs, IOCs and campaigns to inform defence strategies.[12] Strategic TI advises board-level risk decisions; operational TI powers SOC workflows; tactical TI feeds detection rules. STIX/TAXII standards automate intel sharing across platforms and communities. ROI depends on relevance, timeliness and confidence scoring to reduce alert fatigue.
URL filtering constrains web access by referencing reputation databases, content categories and dynamic analysis engines.[35] DNS sinkholing redirects requests for malicious domains to null routes. Granular policies enforce compliance and curb shadow-IT SaaS adoption. SSL/TLS inspection is crucial as over 90% of web traffic is encrypted.
A vulnerability is a flaw in software, hardware or process that adversaries exploit to compromise security.[37] CVE identifiers provide a universal reference system; CVSS scores prioritize remediation efforts. Secure development lifecycles, code reviews and fuzz testing reduce new vulnerabilities. Rapid patch management and virtual patching via WAFs contain risk during fix windows.
Watering-hole attacks compromise websites frequented by a target cohort to silently deliver exploits.[27] Adversaries map victim interests, inject malicious scripts and fingerprint visitors. Selective payload delivery limits exposure and delays detection by mass scanning tools. Browser sandboxing, CSPs and supply-chain vetting reduce watering-hole risks.
Cross-Site Scripting (XSS) allows attackers to inject malicious scripts into trusted web pages viewed by other users.[35] Reflected, stored and DOM-based XSS differ in injection and execution vectors. Consequences include session hijacking, defacement and credential theft. Output encoding, Content Security Policy and modern framework sanitisation minimise XSS risk.
XXE is an injection attack that abuses XML parsers to access local files or SSRF vectors.[1] Maliciously crafted DOCTYPE declarations fetch internal resources or exfiltrate data. Disabling external entity processing and using safe XML libraries prevent XXE exploits. Input validation and least-privilege parser configurations are essential safeguards.
YARA rules are signature-based patterns used to identify and classify malware families and variants.[12] Rules combine strings, hex patterns and regex conditions with logical operators. Enterprise deployments scan endpoints, sandboxes and repositories for hidden threats. Maintaining rule accuracy requires continuous tuning, false-positive testing and community collaboration.
A zero-day is a vulnerability unknown to the vendor and unpatched at disclosure, enabling high-impact exploits.[34] Adversaries weaponize zero-days for initial access or privilege escalation before detection. Bug-bounty programs and coordinated disclosure reduce zero-day windows of exposure. Virtual patching, host-based controls and attack-surface reduction mitigate immediate risk.