Cybersecurity is a world full of technical terms and jargon. At TechCrunch, we Writing about cybersecurity for yearsAnd even we sometimes need to refresh our knowledge of what a particular word or expression means. That’s why we’ve created this dictionary, which includes some of the most common – and not-so-common – words and expressions we use in our articles, and explanations of how – and why – we use them.
This is an evolving book, and we will update it regularly.
The ability to execute malicious commands or code on an affected system, often due to a vulnerability in the system’s software. Arbitrary code execution can be achieved either remotely or through physical access to the affected system (such as someone’s computer). In cases where arbitrary code execution can be achieved over the Internet, security researchers typically call this remote code execution.
Often, code execution is used as a means of planting a backdoor to maintain persistent, long-term access to that system, or to run malware that can be used to access deeper parts of the system or other devices on the same network.
(See also: Remote code execution)
Botnets are networks of hacked Internet-connected devices, such as webcams and home routers, that have been compromised with malware (or sometimes weak or default passwords) for use in cyber attacks. Botnets can consist of hundreds or thousands of devices, and are typically controlled by a command-and-control server that sends commands to the devices involved. Botnets can be used for a variety of malicious reasons, such as using the distributed network of devices to hide and conceal the identity of the user. Protect your internet traffic from cybercriminals, malware deliveryOr exploiting mass bandwidth to maliciously disrupt websites and online services with massive amounts of unwanted Internet traffic.
(See: Command and Control Server; Distributed Denial of Service)
A bug is basically a software malfunction, such as a mistake or problem that causes the software to crash or behave in an unexpected way. In some cases, a bug may also be a security vulnerability.
The term “bug” originated in 1947, at a time when early computers were the size of rooms and consisted of heavy, moving mechanical equipment. The first known instance of a computer bug was when a moth found a computer in a small room. Electronics failure One of these computers is the size of a room.
(See also: And they are weak.)
Command and control servers (also known as C2 servers) are used by cybercriminals to remotely manage and control their fleets of compromised devices and launch cyber attacks, such as delivering malware over the Internet and launching distributed denial of service attacks.
(See also: Botnet; Distributed Denial of Service)
When we talk about data breaches, we ultimately mean the improper removal of data from where it should have been. But Circumstances matter. It can change the terms we use to describe a particular event.
A data breach occurs when improperly protected data is confirmed to have left a system where it was originally stored, usually when someone discovers the compromised data. Most often, we refer to data being leaked by a malicious cyber attacker, or otherwise discovered as a result of unintended exposure. Depending on what is known about the incident, we may describe it in more specific terms where the details are known.
(See also: Display data; Data leak)
A data exposure (a type of data breach) occurs when protected data is stored on a system that does not have access controls, such as human error or misconfiguration. This may include situations where a system or database is connected to the internet but without a password. Just because data has been compromised does not mean it has been actively discovered, but it can still be considered a data breach.
A data leak (a type of data breach) is when protected data is stored on a system in a way that allows it to escape, such as due to a previously unknown security vulnerability in the system or by an insider (such as an employee). A data leak may mean that the data could have been extracted or collected in some other way, but there may not always be technical means, such as logs, to know for sure.
Distributed denial of service, or DDoS, attacks are A type of cyber attack This means flooding targets on the Internet with unwanted web traffic in order to overload and crash servers, causing a service, such as a website, online store, or gaming platform, to go down.
DDoS attacks are launched by botnets, which consist of networks of compromised Internet-connected devices (such as home routers and webcams) that can be controlled remotely by a malicious actor, typically from a command-and-control server. Botnets can consist of hundreds or thousands of compromised devices.
While distributed denial of service (DDoS) attacks are a form of cyberattack, these data flooding attacks are not “hacks” per se because they do not involve the breach and leakage of data from their targets, but instead cause a “denial of service” event to the affected service.
(See also: Botnet; Command and Control Server)
Most modern systems have multiple layers of security protection, including the ability to assign user accounts with more restricted access to the underlying system configurations and settings. This prevents these users—or anyone who has improper access to one of these user accounts—from tampering with the underlying system. However, a “privilege escalation” event could involve exploiting a bug or tricking the system into granting a user more access than they should.
Malware can also take advantage of bugs or flaws caused by privilege escalation by gaining deeper access to a connected device or network, allowing malware to spread.
Exploitation is the method and means by which a vulnerability is abused or taken advantage of, usually to compromise a system.
(See also: insect; And they are weak.)
Short for “information security,” it is an alternative term used to describe defensive cybersecurity that focuses on protecting data and information. “Information security” is perhaps the preferred term among industry veterans, while “cybersecurity” has become more widely accepted. In modern times, the two terms have become largely interchangeable.
Jailbreaking is used in many contexts to mean using security vulnerabilities and other hacking techniques to circumvent the security of a device, or to remove manufacturer-imposed restrictions on hardware or software. In the context of iPhones, for example, jailbreaking means Technique to remove Apple restrictions When installing applications outside of their so-called “walled garden,” or to gain the ability to Conducting security research on Apple deviceswhich is usually very restrictive. In the context of AI, jailbreaking means finding a way to make a chatbot Giving information that you should not give.
Malware is a general term that describes malicious software. Malware can come in many forms and is used to exploit systems in different ways. As such, malware used for specific purposes can often be referred to as its own subcategory. For example, the type of malware used to perform surveillance on people’s computers is also called “spyware,” while malware that encrypts files and demands money from its victims is also called “ransomware.”
(See also: Spyware)
Metadata is information on Metadata is digital data, not its contents. This can include details about the size of a file or document, who created it, when, or in the case of digital photos, where the photo was taken and information about the device that captured the photo. Metadata may not identify the contents of a file, but it can be useful in identifying the source of the document or who authored it. Metadata can also refer to information about an exchange, such as who made a call or sent a text message, but not the contents of the call or message itself.
Remote code execution refers to the ability to run malicious commands or code (such as malware) on a system over a network, often the Internet, without requiring any human interaction. Remote code execution attacks can vary in complexity, but can be extremely damaging vulnerabilities when exploited.
(See also: Execute arbitrary code)
A broad term, like malware, that covers a range of surveillance software. Spyware is typically used to refer to malware made by private companies, such as NSO Group’s Pegasus, Intellexa’s Predator, and Hacking Team’s Remote Control System, among others, which the companies sell to government agencies. In more general terms, these types of malware are similar to remote access tools, allowing their operators—usually government agents—to spy on and monitor their targets, giving them the ability to access a device’s camera and microphone, or extract data. Spyware is also referred to as commercial or government spyware, or mercenary spyware.
(See also: Stalkerware program)
Stalkerware is a type of surveillance malware (and a form of spyware) that is typically sold to regular consumers under the guise of child or employee monitoring software but is often used to spy on the phones of unwitting individuals, often spouses and domestic partners. Spyware grants access to the target’s messages, location, and more. Spyware typically requires physical access to the target’s device, giving the attacker the ability to install it directly on the target’s device, often because the attacker knows the target’s passcode.
(See: Spyware)
What are you trying to protect? Who are you concerned about that might attack you or target your data? How might these attackers gain access to the data? The answers to these types of questions will lead you to create a threat model. In other words, threat modeling is the process that an organization or individual goes through to design secure software, and devise techniques to secure it. The threat model can be focused and specific depending on the situation. For example, a human rights activist in an authoritarian state faces a different set of adversaries and data to protect than a large corporation in a democratic country concerned about ransomware.
When we describe “unauthorized” access, we are referring to gaining access to a computer system by breaking any of its security features, such as a login or password prompt, which is illegal under the U.S. Computer Fraud and Abuse Act, or CFAA. Supreme Court in 2021 The U.S. Computer Fraud and Compliance Authority (CFAA) has made it clear that accessing a system that lacks any means of authorization — for example, a database without a password — is not illegal, as you cannot break a security feature that does not exist.
It is worth noting that the term “unauthorized” is a widely used term that is often used by companies personally, and thus has been used to describe malicious hackers who steal someone’s password to gain access to internal access incidents or misuse by employees.
A vulnerability (also referred to as a security flaw) is a type of error that causes software to crash or behave in an unexpected way that affects the security of a system or its data. Sometimes, two or more vulnerabilities can be used in tandem—known as a “vulnerability chain”—to gain deeper access to a targeted system.
A zero-day vulnerability is a specific type of vulnerability that has already been discovered or exploited, but the vendor that makes the affected hardware or software has not been given any time (or “zero days”) to fix the problem. Therefore, there may not be an immediate fix or mitigation to prevent the affected system from being compromised. This can be a particular problem for devices that are connected to the Internet.
(See also: And they are weak.)
