The exploitation of a vulnerability or system flaw in a computer program, website, or database, most commonly for personal gain.

A directory service is a method of hierarchically representing objects within a network operating system. Active Directory is developed and supported by Microsoft. It is presently a tool for integrating other services in the Windows Server operating system. Network administrators… Read Full Article

Small programs embedded in web pages and other applications. ActiveX controls can be used to implement both auxiliary elements (buttons, switches, etc.) and individual features (audio/video playback, animation). The technology was developed by Microsoft and deployed actively until the release… Read Full Article

An algorithm for assigning random addresses to various program components in the memory space. ASLR is used in operating systems to reduce the risk of vulnerabilities being exploited to gain access to memory locations, such as buffer overflow. It makes… Read Full Article

An expert responsible for the operation of a computer system, be it a local network, a website, a server, or an individual application. Administrators oversee the configuration, maintenance, and security of the resource(s) entrusted to them. For this purpose, they… Read Full Article

Synonym for 419 Scam

Programs designed to launch advertisements on infected computers and/or to re-direct search engine results to promotional web sites. Adware programs are often built into freeware or shareware programs, where the adware forms an indirect ‘price’ for using the free program.… Read Full Article

AES (Advanced Encryption Standard) is a specification for the encryption of data established by US National Institute of Standards and Technology (NIST) in 2002 as a replacement for the older DES (Data Encryption Standard), which was felt to be susceptible… Read Full Article

In the field of information security, an affiliate program is a scheme for distributing potentially unwanted or malicious software through legitimate installers. App creators pay file-sharing site owners and affiliate program facilitators for covertly installing their developments on the victim… Read Full Article

A method of isolating a section of a computer network where the installation of incoming/outgoing connections is prohibited at the physical, hardware, or software level. The simplest way to create an air gap is to ensure the total lack of… Read Full Article

One method of filtering spam, an allowlist (formerly known as whitelist) provides a list of legitimate e-mail addresses or domain names: all messages from allowlisted addresses or domains are automatically passed on to the intended recipient.

Internal acceptance testing of software performed in the early stages of development. Alpha testing is usually carried out by the product development team. Major bugs in the software implementation are revealed at this stage, and various architectural solutions are examined.… Read Full Article

Type of cyberattack involving amplification of the original action to trigger denial of service in the target system. Unlike the standard DDoS campaigns, amplification implies asymmetric response from the infected machine: in addition to being used to mask the attacker’s… Read Full Article

An anonymiser, or anonymous proxy, masks a person’s activity on the Internet. Typically, this is done using a proxy server. The proxy server acts as a go-between – accessing the Internet on behalf of the client computer, while shielding the… Read Full Article

Antifraud systems are software suites that prevent fraudulent transactions. Antifraud solutions analyze every transaction and tag it according to its level of legitimacy. Traditionally, an antifraud suite comprises a fraud-detection system, a fraud-prevention system, and a fraud-analysis system. How antifraud… Read Full Article

Originally, this term has meant software that counteracted viruses, but now when saying antivirus we mean signature-based system that detects various types of malware. It is a basic component of the majority of modern anti-malware solutions. Sometimes this term is… Read Full Article

Anti-virus databases hold the data needed for a signature-based scanner to find and remove malicious code. The databases contain a series of virus signatures (or definitions), unique sequences of bytes specific to each piece of malicious code. Today, signature analysis… Read Full Article

The engine, the core of any antivirus product, is a software module that is purpose-built to find and remove malicious code. The engine is developed independently of any specific product implementation. So it ‘plugs-in’ equally well into personal products (such… Read Full Article

An API defines the way that a piece of software communicates with other programs, allowing these programs to make use of its functionality. The API provides a series of commonly-used functions that third party developers might need. For example, an… Read Full Article

Technology, that allows to monitor and control the installation and launch of software applications. This proactive layer of protection is also useful for blocking out executable malware, including malicious apps that are yet unknown to the developer.

This term is applied to concerted, stealthy, ongoing attacks against specific organisations — in contrast to speculative, isolated, opportunistic incidents that make up the bulk of cybercriminal activity. Typically, APT-attacks are government based. Such attacks make use of highly sophisticated malware… Read Full Article

ARP spoofing (ARP poisoning) is an attack against the ARP protocol used to determine a device’s MAC address by its IP address. An attacker establishes mapping between a device’s IP address and another device’s MAC address. Read Full Article

A mathematical model or algorithm represented as a system of interconnected nodes (neurons). Each neuron is a processor that converts an incoming signal into an outgoing one. The ANS topology is based on the principles of connections between neurons inside… Read Full Article

An encoding standard for mapping characters to unique numeric codes. It is used in most modern computers to transmit keyboard-entered data. ASCII is a base encoding and contains only 256 characters. Additional standards are used to display extended character sets,… Read Full Article

Cryptographic algorithm that uses two different, but mathematically linked, keys — one public and one private. The public key — which can be shared with anyone — is used to encrypt data. The private key — which must be kept… Read Full Article

Asymmetric encryption is a data encryption method that uses two keys: a public key and a private key. The public key is used to encrypt the data and can be distributed widely and openly. The private key is used to… Read Full Article

Hacking an ATM in order to manipulate the cash dispenser. Jackpotting can be carried out either by hacking bank software or with special equipment. Typically, an attack requires physical access to the bank terminal to upload malware or install a… Read Full Article

A file containing a data sequence used to identify an attack on the network, typically using an operating system or application vulnerability. Such signatures are used by an Intrusion Detection System (IDS) or firewall to flag malicious activity directed at… Read Full Article

The number of potentially vulnerable objects in a computer system. The term is applied when assessing the resources required to protect a specific network or device. An important information security task is to reduce the number of vulnerable points while… Read Full Article

An attack vector is an action, technology or intermediary that cybercriminals use to penetrate a target system. Read Full Article

Authentication is the process of determining if someone (or something) is what they claim to be. In the context of computing, the credentials provided by the person requesting access to a resource are compared to those held by the provider… Read Full Article

Authorization is the process of granting a user or group of users certain permissions, access rights, and privileges in a computer system. The difference between authorization, authentication, and identification Authorization is not to be confused with user identification and authentication. It… Read Full Article