Everything you need to know to understand CyberLite Issue 11. Read the issue here.
Credential Stuffing: When a cybercriminal uses stolen account credentials to try and access user accounts online via large-scale, automated login requests. It’s a brute force technique where attackers try as many combinations of stolen credentials as they can, aiming to get unauthorized access to user accounts.
Botnet: A botnet is a collection of internet-connected devices, which may include PCs, servers, and mobile devices that are infected and controlled by the same malware e.g. Emotet. Botnets are commonly used to carry out DDoS attacks.
Universal Cross-Site Scripting: A cross-site scripting attack is where attackers inject malicious code into websites that users consider to be trusted. Universal cross-site scripting or UXSS executes its malicious code by exploiting client-side browser vulnerabilities or client-side browser extension vulnerabilities to inject the malicious code.
Phishing: Phishing is a method of trying to gather personal information using deceptive e-mails and websites.
Memory Corruption: Memory corruption is when a computer system’s memory is altered without an explicit assignment. The contents of a memory location are modified due to programming errors that enable attackers to execute arbitrary code. Buffer and Stack Overflows are examples of memory corruption flaws.
Zero-Day: Vulnerabilities that are unknown to the parties responsible for patching or fixing them.
Ransomware: Ransomware blocks access to a computer system until a sum of money is paid. It does this by encrypting all of the victim’s files. It’s increasingly common for criminals to now threaten to leak the files they’ve encrypted online to further encourage victims to pay the ransom.
Spear-Phishing: Sending fraudulent emails from a known or trusted sender in order to induce targeted individuals to reveal confidential information or give money. Spear-phishing differs from regular phishing because it is targeted and relies on specific information about an individual. An example attack would be a scammer pretending to be one of your close friends who urgently needed money. The scammer may use details about your friend from social media to try and make the scam and the situation they’re in more believable.