Everything you need to know to understand CyberLite Issue 9. Read the issue here.
Third-Party Cookies: Third-party cookies are those not created by the domain your currently visiting. So if you’re visiting amazon.com and a cookie from facebook.com is running then the Facebook cookie is known as a third-party cookie. They’re primarily used by advertisers to track what websites you’re using and serve you targeted ads next time you visit their own site.
Zero-Day: Refers to vulnerabilities that are unknown to the parties responsible for patching or fixing them.
Web Shell: A piece of code that enables a server to be controlled/administrated remotely. A user with access to a web shell for a server can send any commands they want to the server. Web shells are commonly accessed via a web browser.
Ransomware: Ransomware blocks access to a computer system until a sum of money is paid. It does this by encrypting all of the victim’s files. It’s increasingly common for criminals to now threaten to leak the files they’ve encrypted online to further encourage victims to pay the ransom.
Phishing: Phishing is a method of trying to gather personal information using deceptive e-mails and websites.
Botnet: A botnet is a collection of internet-connected devices, which may include PCs, servers and mobile devices that are infected and controlled by the same malware e.g. Emotet. Botnets are commonly used to carry out DDoS attacks.
Use after Free Vulnerabilities: Pointers are used in the C family of programming languages to point to a specific location in computer memory. After you’ve finished using a section of memory it’s important to “free” that memory so that it can be used again later in the program or by other programs. However, you also have to “clear” any pointers that were pointing to the memory that you’ve now freed. The reason for this is that if that section of memory is used for something else suddenly that pointer that you haven’t cleared will point to something completely different. This could cause your program to crash as a value that your program can’t handle is inserted, or more dangerously, an attacker could insert malicious code into that memory location.