Cybersecurity Lecture Notes

Flashcards covering cybersecurity concepts and threats.

Tailgating

Exploits politeness to gain access to restricted systems or data.

Identity Theft

Stealing personal data to impersonate someone for fraud, system access, or theft.

Phishing

Tricking individuals into giving login info or personal data via fake emails.

Data Breach

Breaking into large company databases to steal user information.

Keyloggers

Secretly recording everything typed, like passwords.

Dumpster Diving

Searching trash for sensitive documents.

Public Wi-Fi Attacks

Intercepting traffic on unsecured Wi-Fi to steal data.

Cyberstalking

Using digital platforms to harass, intimidate, or monitor victims.

Zero Trust

A security model assuming no user/device is trustworthy by default, requiring continuous verification.

Exploit

Code that exploits a vulnerability to cause harm or gain unauthorized access.

Patch

Software update to fix vulnerabilities or improve functionality.

Threat Actor

Individual or group responsible for a cyberattack or threat.

Social Engineering

Manipulates the human mind to bypass technical security, exploiting emotions.

Attack Surface

All the points at which a malicious actor could try to exploit a vulnerability

Attack Vector

The specific path or method that a threat actor uses to exploit a vulnerability.

Spoofing

Falsifying the source of a communication to appear from a trusted entity.

Vishing (Voice Phishing)

Attackers calling pretending to be tech support, your bank, or even the police, in order to trick/scam you.

Pretexting

Creating a fabricated situation/story to gain trust and extract information from victims.

Baiting

Luring victims with tempting items like usb drives, and leading them to compromise their security.

Quid Pro Quo

Offering a fake deal where the attacker gives something in return for information.

Risk

The likelihood and potential impact of a threat exploiting a vulnerability to harm an asset.

Control

A measure or mechanism designed to prevent, detect, or respond to threats and reduce risks.

Attack

An intentional act to exploit a vulnerability and compromise an information asset.

Breach

Unauthorized access to sensitive data, compromising confidentiality, integrity, or availability.

Incident

Any event that disrupts normal operations or compromises security.

Encryption

Converting data into a coded format to prevent unauthorized access.

Penetration Testing

Legal simulation of a cyberattack to test a system's defenses.

Social Engineering

Manipulating individuals to divulge sensitive information or perform actions that compromise security.

Vulnerability Assessments

Finding and reporting weaknesses in systems.

Black Hat Hackers

Criminal hackers who hack without permission.

Gray Hat Hackers

Hackers who don't ask permission but don't have bad intentions.

Script Kiddies

Unskilled hackers using pre-made tools.

Green Hat Hackers

New hackers eager to learn.

Red Hat Hackers

Cyber vigilantes who hunt and take down black hats.

Nation-State Hackers

Highly skilled hackers working for the government.

Hacktivists

Hackers using hacking techniques to promote political, social, or ideological causes.

Polymorphic Phishing

Using AI to generate unique emails to evade filters.

Spear Phishing

Targeted phishing attack with a fake message crafted specifically for the victim.

Watering Hole Attack

Compromising websites that a specific group of users are likely to visit.

Angler Phishing

Impersonating customer service representatives on social media.

Whaling

A type of spear phishing aimed at high-profile people like company executives.

Authorization

Determines what an authenticated user is allowed to do.

Least Privilege Principle

Users/devices get only the permissions necessary for their tasks.

Separation of Duties

Prevents single users from having conflicting permissions.

Accounting

Keeping logs of what the authenticated users did.

RADIUS

A network protocol that helps manage authentication, authorization, and accounting

White Hat Hackers

the ethical hackers. they hack legally to help organizations and governments to find and fix vulnerabilities before criminals exploit it.

Information Asset

Any data, device, or resource that has value to an organization and requires protection.

Threat

Any potential danger that could exploit a vulnerability to harm an information asset.

Vulnerability

A weakness or flaw in a system, process, or control that can be exploited by a threat.

Authentication

The process of identifying a user, or a process to verify the identity of a user/device.