Cybersecurity

Phishing

a type of cyberattack where fraudsters impersonate legitimate organizations through emails, text messages, or websites to trick victims into revealing sensitive information like passwords, account numbers, or Social Security numbers

Malware

which is any program designed to harm data, devices, or users without consent. Common types include viruses, ransomware, and spyware.

DoS & DDoS Attacks

attacks both aim to disrupt a target system's availability by overwhelming it with excessive traffic, but a DoS attack uses a single machine while a DDoS attack uses a botnet (multiple compromised machines) to launch a more potent and harder-to-block attack

Man-in-the-Middle (MitM)

a cyberattack where a perpetrator secretly intercepts and alters communication between two parties, often to steal data or credentials by impersonating one of the communicating entities. The attacker positions themselves between the victim and the target, capturing data, redirecting traffic, injecting malware, or modifying content without either party realizing their communication has been compromised. 

SQL Injection

a code injection technique used to attack data-driven applications by inserting malicious SQL statements into an input field for execution. These attacks exploit vulnerabilities in an application's software, targeted data-base based websites after which they can view, delete and edit the databases

Zero-Day Exploit

uses a security vulnerability in software or hardware that the developer is unaware of or has not yet patched, allowing attackers to infiltrate systems before a fix is available

1. Insider Threats

a security risk originating from someone within an organization, such as an employee, contractor, or partner, who has authorized access to sensitive data or systems but misuses it

Password attack

malicious attempt to gain unauthorized access to accounts, systems, or networks by cracking or guessing login credentials. These attacks frequently target and exploit human errors like using weak or reused passwords. 

cryptojacking

where hackers secretly use a victim's computing power—their computer, tablet, or server—to mine cryptocurrency for their own profit, without the user's knowledge or consent. Attackers achieve this by installing malware through phishing emails or malicious links, or by compromising legitimate websites and injecting mining scripts into the visitor's browser.

watering hole attack

cyberattack that compromises a legitimate website frequently visited by a targeted group, infecting it with malware to infect those visitors. Attackers use this strategy because users tend to trust the websites they regularly visit, making them vulnerable to an attack when they click on infected elements or download files from the site.

education required for cybersecurity job

bachelor’s degree

caesar cipher

A simple example uses a shift of 3: The plaintext message "ATTACK AT DAWN" becomes the ciphertext "DWWDFN DW GDZQ" because each letter is shifted three places forward in the alphabet (A becomes D, T becomes W, and so on, wrapping around from Z to A, B, C).  

playfair cipher

a digraph substitution cipher invented by Charles Wheatstone in 1854 and popularized by Lord Playfair. It uses a 5x5 keyword matrix to encrypt pairs of letters (digraphs) based on specific rules for letters in the same row, column, or forming a rectangle. Used historically by British and Australian forces in WWI and the Boer War, it was considered sufficient for protecting non-critical battlefield data until it was decrypted

atbash cipher

a simple substitution cipher that reverses the alphabet, so A becomes Z, B becomes Y, C becomes X, and so on. To use it, you replace each letter in your message with its "mirrored" counterpart in the alphabet. For example, the message "HELLO" would be encrypted as "SVOOL", and the word "atbash" becomes "ZGYZHS"