Two or more computers linked in order to share resources.
– Applying updates to firmware or software to improve security and/or enhance functionality.
– Short for penetration test. An authorised test of a computer network or system designed to look for security weaknesses so that they can be fixed.
– An attack on network infrastructure that results in a user being redirected to an illegitimate website despite the user having entered the correct address.
– Untargeted, mass emails sent to many people asking for sensitive information (such as bank details) or encouraging them to visit a fake website.
– The basic hardware (device) and software (operating system) on which applications can be run.
– Malicious software that makes data or systems unusable until the victim makes a payment.
– A network device which sends data packets from one network to another based on the destination address. May also be called a gateway.
software as a service (SaaS)
– Describes a business model where consumers access centrally-hosted software applications over the Internet.
– Using electronic or physical destruction methods to securely erase or remove data from memory.
– Phishing via SMS: mass text messages sent to users asking for sensitive information (eg bank details) or encouraging them to visit a fake website.
– Manipulating people into carrying out specific actions, or divulging information, that’s of use to an attacker.
– A more targeted form of phishing, where the email is designed to look like it’s from a person the recipient knows and/or trusts.
– A type of malware or virus disguised as legitimate software, that is used to hack into the victim’s computer.
two-factor authentication (2FA)
– The use of two different components to verify a user’s claimed identity. Also known as multi-factor authentication.
– Programs which can self-replicate and are designed to infect legitimate software programs or systems. A form of malware.
Virtual Private Network (VPN)
– An encrypted network often created to allow secure connections for remote users, for example in an organisation with offices in multiple locations.
– A weakness, or flaw, in software, a system or process. An attacker may seek to exploit a vulnerability to gain unauthorised access to a system.
water-holing (watering hole attack)
– Setting up a fake website (or compromising a real one) in order to exploit visiting users.
– Highly targeted phishing attacks (masquerading as a legitimate emails) that are aimed at senior executives.
– Authorising approved applications for use within organisations in order to protect systems from potentially harmful applications.
Source: National Cyber Security Centre (a part of GCHQ)