Everything you need to know to understand CyberLite Issue 7. Read the issue here.
Virtual Machines: A virtual machine is a software that behaves like an actual computer. It can be thought of as a computer created within a computer. One physical computer system can be used to run multiple virtual machines. Each virtual machine runs its own operating system and functions separately from the other virtual machines, even when they are all running on the same physical computer system.
Spoofing: Disguising a communication from an unknown source as being from a known, trusted source.
Stored Cross-Site Scripting: This attack is possible when an application receives data from an untrusted source and then displays that data so that any site visitor can view it. An example would be a site that allows users to submit comments but doesn’t check what users are submitting. An attacker can embed a malicious script in their comment which will run whenever a user views that comment. It’s called a Stored Cross-Site Scripting Attack because the malicious code sent by the attacker is being permanently stored on the website’s server.
Cryptocurrency: This is a far too complicated topic to summarise into a quick definition; if I did it wouldn’t do it justice. So here’s a great youtube video from SciShow.
Ransomware: Ransomware blocks access to a computer system until a sum of money is paid. It does this by encrypting all of the victim’s files. It’s increasingly common for criminals to now threaten to leak the files they’ve encrypted online to further encourage victims to pay the ransom.
Buffer Overflow: A buffer is a memory storage region that holds data that is being used temporarily. A buffer overflow occurs when the volume of data exceeds the capacity of the buffer. This can cause processes to crash and behave in unanticipated ways.
In some cases it can be exploited by attackers to execute their own code. When an attacker overflows a buffer by inserting too much data it will start to overwrite the data that is next to the buffer - if this memory contains code that is being executed by the processor then overwriting it will cause the attacker’s code to be executed instead. This type of vulnerability occurs most prominently in the C programming language. When a developer creates a buffer but doesn’t set “bounds” or checks on what can be inserted into it.
Spear Phishing: Sending fraudulent emails from a known or trusted sender in order to induce targeted individuals to reveal confidential information or give money. Spear-phishing differs from regular phishing because it is targeted and relies on specific information about an individual. An example attack would be a scammer pretending to be one of your close friends who urgently needed money. The scammer may use details about your friend from social media to try and make the scam and the situation they’re in more believable.
Cryptojacking: The malicious use of someone's computer to mine cryptocurrencies without consent
Cryptocurrency Mining: Where users are paid a small amount of currency for verifying cryptocurrency transactions.
Bug Bounty: A reward offered to a person who identifies an error or vulnerability in a computer program or system.