Acronyms
What is Confidentiality, Integrity, and Accountability?
Phony email campaign targeted at a general audience, intended to either fool users into giving information, spending money on fake items, or other scams.
What is Phishing?
Retains a log of keyboard inputs (and sometimes mouse movements) to be read by a potentially malicious actor at a later time
What is a keylogger?
An attacker sends a structured command into an input field on a website and gets an output that would not have occurred with input validation
What is an SQL injection?
Methods that use manipulation and deceit to gather information or gain unauthorized access from users without force.
What is social engineering?
This list defines what a firewall lets in and out
What is Access Control List ACL?
You closed the door behind you because a sign reminded you to prevent occurrences of this due to people sneaking in behind others.
What is Tailgaiting?
Poses as a legitimate application while delivering a malicious payload in the background
What is a Trojan?
An attacker places a script for users to unknowingly run on their machines when visiting the comments on a social media post
What is Cross Site Scripting?
Physical barrier to protect entrances of buildings or restrict entry to driving paths
What are Bollards?
Uses multiple computers to interrupt services to a targeted network or server as an attack (The definition of the acronym for this)
What is a distributed denial of service attack?
The example describes this: The Chief Financial Officer of a company receives an email and opens it, clicks on a link, then deletes the email thinking nothing of it. A week later, he is contacted with newly taken compromising pictures in an attempt to extort him. He discovered a virus on the computer he opened the email on that has opened his webcam and microphone and is sending the stream to a remote website.
What is Whaling?
Sometimes standalone, sometimes part of otherwise legitimate applications, records users activities to report for many purposes, but often not for advertising anymore.
What is spyware?
An attack that was unknown until the day it was detected the first time
What is a Zero Day?
Consists of two doors that are never to be opened at the same time, controls entry to a location
What is an Access Control Vestibule? (mantrap but learn the current term)
Lists known vulnerabilities and exposures in software, publicly available (Definition of the acronym)
What is Common Vulnerabilities and Exposures?
This is the reason you shred all materials that may contain any personal/company/private data before disposal
What is dumpster diving?
Malware that operates at elevated privilege levels, sometimes undetectable besides the use of resources, often operates at the kernal level. The creators of Playstation included one on music CDs for a short time in the late 2000's.
What is a Rootkit?
Attacks passwords in a methodical way, can be defeated with methods that limits number of incorrect inputs by rate or number
What is a Brute Force attack?
Attack that uses a list of passwords and hashes to guess a password
What is a rainbow table attack?
Uses phrases, images, and timing tests to determine if an interaction was likely performed by a human instead of a bot (the acronym only)
What is Captcha?
Ray fell victim to this at an airport when he wasn't careful about where his screen could be seen in public.
What is shoulder surfing?
Malware that encrypts data until a condition is met or the key is obtained through other means.
What is Ransomware?
Uses known words to guess passwords, can be customized to the target based on information gathered
What is a Dictionary Attack?
You're using this when you get a notification on your phone to authenticate a login on your PC
What is multifactor/two factor authentication?