Gloassary
Anti-virus Software
A software program designed to protect your computer or network against computer viruses
App
Also referred to as a mobile application, an app is a term for software that is commonly used for a smartphone or tablet.
Attachment
A file sent with an email message
Authenticator App
An app used to confirm the identity of a computer user to allow access and control used within multi factor authentication
Antivirus
Software that helps prevent viruses from stealing your data, hacking your machine, or other cyber crime. They typically use a huge amount of your device’s resources (ie. memory, RAM, etc).
Biometrics
The identification of a person by the measurement of their biological features, e.g. fingerprint or voice.
Bitcoin
A digital currency (cryptocurrency), used on the Internet for various services.
Brute Force Attack
A type of attack that generates millions of character combinations per second. They are effective against short or single word passwords
Black Hat
Used in many industries the idea is those that “wear” black hats do their work with dark or bad purposes.
Bring Your Own Device (BYOD )
An organisational policy that allows employees to use their own personal devices for work purposes. These devices connect to and utilise the organisations’ network, data and resources.
Bad Rabbit
Bad Rabbit is a type of ransomware attack where the users file tables are encrypted and then a Bitcoin payment is demanded to decrypt them.
Blockchain
A distributed database that maintains a continuously growing list of records, called blocks, secured from tampering and revision. Each block contains a timestamp and a link to a previous block. By design, blockchains are inherently resistant to modification of the data—once recorded, the data in a block cannot be altered retroactively.
Bot
A program that performs automated tasks. In a cyber security context, a malware-infected computer that carries out tasks set by someone other than the device’s legitimate user.
Botnet
A collection of computers infected by bots, remotely controlled by an actor to conduct malicious activities without the user’s knowledge, such as to send spam, spread malware, conduct denial of service activities or steal data.
Brute force
A typically unsophisticated and exhaustive process to determine a cryptographic key or password that proceeds by systematically trying all alternatives until it discovers the correct one.
Checkpoint
Check Point is a multinational provider of software and combined hardware and software products for IT security, including network security, endpoint security, cloud security, mobile security, data security and security management.
Cloud
Instead of something being “on earth” it is in “the cloud” – how it translates in digital terms is that your data is not stored locally on your machine, or at a server at say Microsoft’s HQ, but on the cloud at two (it is typically two or more) locations worldwide at a server farm.
Cyber Criminal
Any individual who illegally hacks a computer system to damage or steal information.
Citrix
An American multinational software company that provides server, application and desktop virtualisation, networking, software as a service, and cloud computing technologies.
Clickbait
Clickbait is a form of false advertisement which uses hyperlink text or a thumbnail link that is designed to attract attention and entice users to follow that link and read, view, or listen to the linked piece of online content, with a defining characteristic of being deceptive, typically sensationalised or misleading.
Cloud computing
A service model that enables network access to a shared pool of computing resources such as data storage, servers, software applications and services.
Computer network
Two or more interconnected devices that can exchange data.
Cookie
A small text file that is transmitted by a website and stored in the user’s web browser, used to identify the user and prepare customized webpages. A cookie can be used to track a user’s activity while browsing the internet.
Cross domain solution
A system capable of implementing comprehensive data flow security policies with a high level of trust between two or more differing security domains.
Data
Data is information including files, text, numbers, pictures, sound or videos.
Dark web
The dark web is made up of sites that are not indexed by search engines and are only accessible through specialty networks such as The Onion Router (ToR). Often, the dark web is used by website operators who want to remain anonymous. The ‘Dark Web’ is a subset of the ‘Deep Web’.
Default Settings
Something a computer, operating system or program has predetermined for the user
Dictionary Attacks
A type of attack that generates millions of potential attempts based on rules and databases. These are effective against less complex and commonly used passphrases. Where attackers use ‘password dictionaries’ or long lists of the most commonly-used passwords and character combinations against a password in order to guess it and break into a system.
Distributed Denial of Service
A denial-of-service (DoS) where the source is comprised of multiple unique IP addresses used to flood the bandwidth or resources of a targeted system or network.
Domain Name System
The naming system that translates domain names into IP addresses.
Encryption
The conversion of electronic plaintext data into unreadable ciphertext using algorithms. Encryption protects the confidentiality of data at rest and in transit. Both encryption and decryption are functions of cryptography.
End to end encryption
A method of secure communication where only the communicating users can read data transferred from one end system or device to another.
End User Device
A personal computer, personal digital assistant, smart phone, or removable storage media (e.g. USB flash drive, memory card, external hard drive, writable CD or DVD) that can store information.
Encryption
The process of making data unreadable by others for the purpose of preventing others from gaining access to its contents.
Endpoints
Much like the word suggests, an endpoint is the final point where the data or information ends up, or originates. For example, if you were to log on to your internet banking on your laptop, the laptop is one endpoint, and between that is the web browser, and all the network connections all the way to the bank’s server.
Endpoint security
A methodology of protecting a network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats.
Firewall
A network device that filters incoming and outgoing network data based on a series of rules.
Five Eyes
The Five Eyes is an Anglophone intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom and the United States of America.
General Data Protection Regulation
The General Data Protection Regulation is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.
Grey hat
A hacker or computer security expert who may sometimes violate laws or typical ethical standards, but may not have the malicious intent typical of a black hat hacker. See also ‘white hat’ and ‘black hat’.
Hacker
A hacker is someone who uses their technical, online skills to infiltrate your computer or phone. They typically place malware on your device, to steal data, or hold you ransom, and a myriad of other things. Potentially the most scary aspect is hackers often are operating without the users knowledge, sometimes never being caught, and are (on average) only discovered six months after the event.
HTTP Strict Transport Security
HTTP Strict Transport Security is a web security policy mechanism that helps to protect websites against man in the middle attacks such as protocol downgrade attacks and cookie hijacking.
HummingBad
Hummingbad is Android malware. Researchers say that the malware installs more than 50,000 fraudulent apps each day and displays 20 million malicious advertisements.
IDCARE
IDCARE is Australia and New Zealand’s national identity and cyber support service. IDCARE offers free phone consultations and advice from specialised identity and cyber security counsellors.
Identity theft
Where a victim’s personal details are stolen and used to perpetrate crime – commonly fraud. Identity theft is a serious crime and can result in long term and far-reaching negative consequences for victims.
Internet
The global system of interconnected computer networks that use standardised communication protocols to link devices and provide a variety of information and communication facilities.
Internet of Things
The network of physical objects, devices, vehicles, buildings and other items which are embedded with electronics, software, sensors, and network connectivity, which enables these objects to connect to the internet and collect and exchange data.
IP Address
Also known as an “IP number” or simply an “IP”, short for Internet Protocol. A code made up of a string of numbers that identifies a particular computer on the Internet. Every computer requires an IP address to connect to the Internet.
iOS
iOS (formerly iPhone OS) is a mobile operating system created and developed by Apple Inc. exclusively for its hardware. It is the operating system that presently powers many of the company’s mobile devices, including the iPhone, and iPod Touch; it also powered the iPad prior to the introduction of iPadOS in 2019.
Keystroke logging (or keylogger)
Malicious software that records and ‘logs’ each key you press. These programs may be used to capture confidential information (such as login or financial details) and send to an attacker. Hackers can potentially log the keys you press on your computer or mobile and use that information to your detriment.
LastPass
LastPass is a freemium password manager that stores encrypted passwords online.
Like farming
Use of social engineering, such as compelling stories or photos, to persuade large numbers of users to ‘like’ a social networking page. Many of the stories are fake, and are part of a scam which makes money from the exposure generated by people liking and hence sharing the page.
Local Area Network
A computer network that interconnects devices within a limited area such as a residence, school, laboratory, or office building.
Machine learning
A type of artificial intelligence (AI) that allows software applications to become more accurate in predicting outcomes without being explicitly programmed. The basic premise of machine learning is to build algorithms that can receive input data and use statistical analysis to predict an output value within an acceptable range.
Malicious advertising
Malicious advertising is the use of online advertising to spread malware. It typically involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages.
Malicious email
A malicious email is an email which has been deliberately crafted to cause problems on the server or on the client. This could be due to the message containing a virus, or it could be due to the message being crafted in such a way as to take advantage of a weakness in the receiving mail client.
Malicious software
Malicious software is any software that brings harm to a computer system. Malware can be in the form of worms, viruses, trojans, spyware, adware and rootkits etc., which steal protected data, delete documents or add software not approved by a user.
Malware
Malicious software used to gain unauthorised access to computers, steal information and disrupt or disable networks. Types of malware include trojans, viruses and worms. In contrast to “software”, malware is malicious. The idea being that once this malware is on your machine it will run (just like software) to perform an operation that will bring harm to you or your computer.
Multi-factor authentication
A method of computer access control in which a user is granted access only after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge (something they know), possession (something they have), and inherence (something they are).
Network
A collection of computers, servers, mainframes, network devices, peripherals, or other devices connected to one another to allow the sharing of data.
Operating System
Software installed on a computer’s hard drive that enables computer hardware to communicate with and run computer programs. It manages hardware and software resources and provides common services for executing various applications on a computer.
Phishing
Typically this looks like an email from someone pretending to be someone else; for instance, someone from your bank asking you to reset your PIN and to provide your ID number, and login details. They work because they can target 10,000,000 people at once and if just 1% of people fall for it they have enough information to work with.
Padlock (https://)
A padlock display in a browser is intended to indicate a secure connection or website, although it may not always be a reliable indicator. Users should look instead for ‘HTTPS’ at the beginning of the address bar and check the website’s SSL certificate.
Password manager
Password managers are a type of software that offer greater security through the capability to generate unique, long, complex, easily changed passwords for all online accounts and the secure encrypted storage of those passwords either through a local or cloud based vault.
Pharming
A way of harvesting personal information, where a hacker puts a malicious code on your computer that redirects you to a fake site.
Phishing
Untargeted, mass emails sent to many people asking for sensitive information (such as bank details), encouraging them to open a malicious attachment, or visit a fake website that will ask the user to provide sensitive information or download malicious content.
Privacy settings
Settings which control how a user’s data is shared with other people or systems. Privacy settings apply to web browsers and social networking services.
Privileged user
A user who can alter or circumvent a system’s security measures. This can also apply to users who could have only limited privileges, such as software developers, who can still bypass security measures. A privileged user can have the capability to modify system configurations, account privileges, audit logs, data files or applications.
Public Wi-Fi
Public Wi-Fi means any Wi-Fi service established and owned by a contributing group that is provided for use by its customers on a wireless device. Public Wi-Fi may be unsecured, password protected or have other secure authentication protocols established and managed by such contributing group.
Ransomware
Malicious software that makes data or systems unusable until the victim makes a payment.
Real time vs reactive
With current trends in cyber crime, you want software that will detect and remove a threat immediately (ie. in real time) as opposed to one that reacts, oftentimes when it is too late.
Remote access
Access to a system that originates from outside an organisation’s network and enters the network through a gateway, including over the internet.
Remote access scam
Remote access scams, are when a scammer pretends to be affiliated with a tech or computer company, such as Apple, Microsoft, or with their technical support division. The scammer usually tries to convince you that you have a computer or internet problem and you need to buy new software to fix the problem.
Romance scams
A type of scam involving feigning romantic intentions towards a victim, gaining their affection, and then using that goodwill to commit fraud. This may involve access to the victim’s money, bank accounts, credit cards, passports, email accounts, or national identification numbers or forcing the victims to commit financial fraud on their behalf. Often called dating and romance scams.
Sandbox
A virtual space in which new, untrusted or untested software or coding can be run safely without risking harm to the hosting computer.
Scam
A scam is a fraudulent scheme performed by a dishonest or deceitful individual, group, or company, in an attempt to obtain money or something else of value.
Scareware
Malware that causes frightening messages to appear (for example, that your computer is infected with malware or that you are guilty of a crime), and attempts to extort money from you to resolve the alleged issue. Similar to ransomware.
Secure Sockets Layer
Secure Sockets Layer is a networking protocol designed for securing connections between web clients and web servers over an insecure network, such as the internet.
Smart appliances
Smart appliances are appliances that are able to stay connected to the internet via Wi-Fi or other protocol such as the Zigbee specification and can be accessed and controlled remotely from any internet accessible computer or mobile device.
Smart devices
A smart device is an electronic device, generally connected to other devices or networks via different wireless protocols such as Bluetooth, Zigbee, NFC, Wi-Fi, LiFi, 3G, etc., that can operate to some extent interactively and autonomously.
Software vulnerabilities
Software vulnerabilities involve bugs in software. Bugs are coding errors that cause the system to make an unwanted action.
Spam
Unsolicited electronic messages, especially containing advertising, indiscriminately transmitted to a large number of people.
Spoof
A type of attack where a message is made to look like it comes from a trusted source. For example, an email that looks like it comes from a legitimate business, but is actually trying to spread malware.
Spyware
A program that collects information on the user’s activities without their consent. Spyware may be installed on a system illegitimately, or as a part of other software without the user’s knowledge.
Symantec
A leading software company in internet security technology.
Screen capture
Hackers have the ability to “capture”your screen, meaning they can read what is on it and use that information to your detriment.
Sentry Bay
Leading experts in cyber crime prevention developed a tool for users’ safety , and they named that product SentryBay. Based in England, their software is used worldwide, and it’s our software of choice to promote here at Redite.
Software
Commonly referred to as programs, collection of instructions that enable the user to interact with a computer, its hardware or perform tasks.
Spyware
A program designed to gather information about a user’s activity secretly – usually installed without a user’s knowledge when they click a link.
The Cloud
A network of remote servers that provide massive, distributed storage and processing power.
Token
A physical device that can usually fit on a keyring, which generates a security code for use with networks or software applications.
Trojans
A type of malware that is often disguised as legitimate software, used by cyber criminals to gain access to users’ systems.
Transport Layer Security
Transport layer security is a widely adopted security protocol designed to facilitate privacy and data security for communications over the internet.
Trend Micro
Trend Micro is a multinational cyber security and defence company with global headquarters in Tokyo, Japan. The company develops enterprise security software for servers, containers, and cloud computing environments, networks, and end points.
Two-factor authentication
A form of multi-factor authentication (see definition) to confirm a user’s claimed identity by combining two different pieces of evidence.
User experience (UX)
The overall experience of a person using a product such as a website or computer application, especially in terms of how easy or pleasing it is to use.
User Interface (UI)
The means by which the user and a computer system interact, in particular the use of input devices and software.
Virtual Private Network
A network that maintains privacy through a tunnelling protocol and security procedures. VPNs may use encryption to protect traffic.
Virus
A program designed to cause damage, steal personal information, modify data, send email, display messages or a combination of these actions. A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code.
Vulnerability assessment
A vulnerability assessment can consist of a documentation-based review of a system’s design, an in-depth hands-on assessment or automated scanning with software tools. In each case, the goal is to identify as many security vulnerabilities as possible.
White hat
An ethical computer hacker, or a computer security expert, who specialises in penetration testing and in other testing methodologies to legally and legitimately ensure the security of an organisation’s information systems. Used in many industries the idea is those that “wear” white hats do their work with good intentions, typically in response to harmful black hat work.
Wi-Fi
A set of wireless communication protocols that can transmit traffic to Wi-Fi enabled devices within a local area. A Wi-Fi enabled device such as a laptop or mobile device can connect to the internet when within range of a wireless network connected to the internet. An area covered by one or more Wi-Fi access points is commonly called a hotspot.
Worm
Self-replicating malware that uses a network to distribute copies of itself to other computer devices, often without user intervention. Worms need not attach themselves to existing programs.
Web app
Short for “website application”, we almost all use web apps every day. Google Maps, Spotify, Mail, Contacts, WhatsApp – there are tens of thousands of apps, some design for your phone, some for desktop or phone.
Networking
The linking of computers to allow them to operate interactively.
Zero Day (also referred to as 0-day)
A software exploit that hasn’t been disclosed or patched by the software vendor.
Sources
We got most of the above information from two of Australia’s most respected cyber security sites: