2024-05-25T09:59:52+03:00[Europe/Moscow] en true Smishing, Phishing, Spear Phishing, Whaling, Vishing, Man-in-the-Middle, Spoofing, Adware, Trojan Horse, Virus, Worm, Zero-Day Exploit, SQL Injection, Cross-Site Scripting (XSS), Denial of Service (DoS), Distributed Denial of Service (DDoS), Brute Force Attack, Credential Stuffing, Social Engineering, Backdoor, Insider Threat, Botnet, Keylogger, Watering Hole Attack, Ransomware, Rootkit, Session Hijacking, Cross-Site Request Forgery (CSRF), Drive-By Download, DNS Spoofing, DHCP Starvation, Privilege Escalation, Session Fixation, Clickjacking, Rogue Security Software, Fileless Malware, Typosquatting, Rainbow tables, <p>RAT</p> flashcards
Vulnerabilities and attacks 2

Vulnerabilities and attacks 2

Customize
collection saved
Share
Long Term Learning Spaced Repetition
Add to Long Term Learning Desk
Fast learning Repeat this set of flashcards
Preview Test Spell
Play
Match
Review
  • Smishing
    Phishing attacks conducted through SMS messages.
  • Phishing

    the fraudulent practice of sending emails or other messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

  • Spear Phishing
    Targeted phishing attacks aimed at specific individuals or organizations.
  • Whaling
    Phishing attacks directed specifically at senior executives or other high-profile targets within a business.
  • Vishing
    Phishing attacks conducted through voice calls.
  • Man-in-the-Middle
    An attack where the attacker secretly intercepts and relays messages between two parties who believe they are directly communicating with each other.
  • Spoofing
    Deceiving a system or user by masquerading as a legitimate entity.
  • Adware
    Software that automatically displays or downloads advertising material.
  • Trojan Horse
    Malware disguised as legitimate software that, once activated, can steal information or harm the host system.
  • Virus
    Malware that attaches itself to a host file or system and spreads to other files and systems.
  • Worm
    Malware that replicates itself to spread to other computers, often exploiting vulnerabilities in network security.
  • Zero-Day Exploit
    An attack that targets a previously unknown vulnerability in software or hardware.
  • SQL Injection
    An attack that allows attackers to execute arbitrary SQL code on a database.
  • Cross-Site Scripting (XSS)
    An attack where malicious scripts are injected into otherwise benign websites.
  • Denial of Service (DoS)
    An attack aimed at making a service unavailable to its intended users.
  • Distributed Denial of Service (DDoS)
    A large-scale DoS attack that uses multiple compromised systems to target a single system.
  • Brute Force Attack
    An attack that attempts to gain access by systematically trying every possible password combination.
  • Credential Stuffing
    An attack that uses stolen account credentials to gain unauthorized access to user accounts.
  • Social Engineering
    Manipulating individuals into divulging confidential or personal information.
  • Backdoor
    A method of bypassing normal authentication to gain unauthorized access to a system.
  • Insider Threat
    A threat posed by someone within the organization who has inside information and access.
  • Botnet
    A network of private computers infected with malicious software and controlled as a group without the owners' knowledge.
  • Keylogger
    Software or hardware that records keystrokes made by a user, often to gain unauthorized access to passwords and other confidential information.
  • Watering Hole Attack
    An attack where the attacker compromises a specific group’s common online resources to infect its members.
  • Ransomware
    Malware that encrypts a user's files and demands payment for the decryption key.
  • Rootkit
    Software designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.
  • Session Hijacking
    An attack where the attacker takes over a session between a user and a trusted network.
  • Cross-Site Request Forgery (CSRF)

    an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated.

  • Drive-By Download
    Unintended download of malicious code to a device without the user's consent or knowledge.
  • DNS Spoofing
    An attack that changes a domain name system (DNS) record to redirect traffic to a malicious site.
  • DHCP Starvation
    An attack on a network's Dynamic Host Configuration Protocol (DHCP) server, where the attacker floods the server with numerous DHCP requests, using spoofed MAC addresses.
  • Privilege Escalation
    An attack that exploits a vulnerability to gain higher-level access to resources than intended.
  • Session Fixation
    An attack where the attacker sets a user's session ID to a known value and then uses it to gain unauthorized access.
  • Clickjacking
    An attack that tricks users into clicking on something different from what they perceive, potentially revealing confidential information or allowing control of their computer.
  • Rogue Security Software
    Malicious software that deceives or misleads users into paying for fake or simulated removal of malware.
  • Fileless Malware
    Malware that operates in-memory and does not write any part of its activity to the hard drive, making it difficult to detect.
  • Typosquatting
    An attack where attackers register domain names that are misspelled versions of popular sites to deceive users.
  • Rainbow tables

    is a giant list of these hashes, but they’re created ahead of time for many possible passwords. Adding random data (a "salt") to each password before hashing makes rainbow tables ineffective because each password gets a unique hash.

  • RAT

    designed to allow an attacker to remotely control a computer similar to how the Remote Desktop Protocol (RDP) and TeamViewer can be used for remote access or system administration.