Cybersecurity Glossary



Account Compromise

Account compromise occurs when unauthorized parties gain access to a user's account for malicious purposes, often via phishing, malware, weak passwords, or security vulnerabilities.

Account Hijacking

Account hijacking is the malicious process of gaining unauthorized access and control over user online accounts, including email and social media accounts. Cybercriminals exploit vulnerabilities to compromise and take over these accounts for nefarious purposes.

Ad Blocker

An ad blocker is software designed to block advertisements, including pop-ups, when users visit websites. It enhances user experience by preventing unwanted ads from displaying on web pages.

Ad Fraud

Ad fraud occurs when advertisers pay for ads based on false impressions. This deceptive practice can involve various schemes, and it's essential for advertisers to distinguish between genuine ad exposure and fraudulent activities. (Synonym: Invalid traffic)

Ad Rotator

An ad rotator allows the alternating display of two or more ads in the same location on a website. This dynamic rotation occurs when a user refreshes or revisits the site, providing a variety of ad content.

Address Bar

The address bar is the text box in your web browser that displays the web page URL or IP address. It serves as a navigation tool, showing the current location or allowing users to enter a new destination. In some cases, it functions as a search bar for invalid URLs.

Address Bar Spoofing

Address bar spoofing is a deceptive technique where cybercriminals replace the legitimate URL on a browser's address bar with a rogue one. This misleading action can lead to potential data or financial theft by tricking users into interacting with fraudulent websites.

Address Resolution Protocol (ARP)

Address Resolution Protocol (ARP) is the system or process used to map or find the physical address associated with an IP address within a local network. ARP plays a crucial role in facilitating communication between devices on the network.


Adware is, literally, advertising software. That sort of program is created to show you the advertisements forcibly. To do so, viruses make several changes to your system - primarily in the web browsers and networking settings.


Adware.gen is a stealthy threat characterized by adware behavior, including the display of ads, installation of extensions, and discreet data transfer to external servers.

Arkei (ArkeiStealer)

Arkei is a type of malicious software designed to steal information from Windows operating systems. It specifically focuses on extracting sensitive data, including passwords, browser cookies, and cryptocurrency wallets.


Amonetize disguises itself as a PUP (Potentially Unwanted Program) but is, in reality, deceptive adware. It inundates users with unwanted ads, redirects web traffic, surreptitiously collects data, and installs without user consent.


Antiviruses and anti-malware have a lot in common. They both are globally classified as cybersecurity tools. Both of these types may have active and passive protection facilities. According to its technical definition, the difference hides in the system recovery abilities: an antivirus program can perform all sorts of recovery operations after virus attacks.


Explore the realm of anti-spyware, a cybersecurity tool designed to detect and remove spyware—malware secretly installed on devices to collect user data. Recognize its role within comprehensive cybersecurity packages and bolster your defenses against the covert threats posed by spyware.

Application Allow-listing

Application allow-listing is a curated list of applications permitted to exist or perform actions on a device. These applications must adhere to specific conditions at all times to operate. The purpose is to prevent malware and unauthorized software from executing actions on a device.


The Advanced Persistent Threats are considered the most dangerous hazard, which requires a ton of effort to detect and prevent. The final target of this attack - the sensitive data - and the midpoint elements touched during the cyberattack must be protected at the highest level. Cybersecurity specialists who establish and assist with running the EDR solutions must foresee all possible attack vectors.

Async RAT

Async RAT, an open-source remote administration tool, is utilized by cyber threat actors for surveillance, data theft, and remote access to targeted devices.

Attack Signature

An attack signature is a specific characteristic associated with a known type of cyber attack or malicious activity. It serves as a set of rules used to detect and identify common attacks or exploits. Attack signatures find common use in intrusion detection and prevention systems (IDS/IPS), antivirus software, and other cybersecurity tools by analyzing the behavior, code, or characteristics of previous attacks, malware samples, or malicious activities.

Atomic Stealer

Atomic Stealer is a malicious software designed to pilfer sensitive information from macOS devices, specifically targeting cryptocurrency wallet credentials and other passwords.


AZORult, a trojan renowned for its proficiency in data and cryptocurrency theft, is also capable of downloading additional malware onto compromised devices.


Atraps belongs to a family of Windows trojans designed to illicitly gather sensitive information from infected devices, with the potential to integrate them into the ZeroAccess botnet.


AutoKMS is a type of riskware that is associated with tools designed to bypass or manipulate software licensing mechanisms. It is often used for unauthorized activation of Microsoft Windows and Microsoft Office products.


AutoIt.Gen is a Trojan capable of infecting Windows devices, leading to a range of issues, including alterations to web browser settings and unauthorized access to sensitive data.

Autorun Worm

Autorun worms are malware spreading through removable media like CDs or USB drives. When connected to a device, these worms automatically execute malicious code, potentially stealing personal data or compromising system security.



BabLock is ransomware that targets Windows and Linux devices, infecting them and encrypting files. Its focus is primarily on small and medium-sized businesses.


A backdoor is any method that allows someone to access your device without your permission or knowledge remotely. Stakeholders can install a backdoor on your device using malware, vulnerabilities in your software, or even directly installing a backdoor in your device's hardware/microware. These interested parties could be hackers, government officials, IT professionals, etc. As they infiltrate your machine without your knowledge, they can use backdoors for various reasons, such as surveillance, sabotage, data theft, cryptojacking, or malware attack.


Baiting is a social engineering attack where victims are tricked into installing malicious software on their devices. It takes digital forms like authentic-looking work email attachments or enticing ads, leading to background installation of malware.

Banker Trojan

Banker Trojan is a malicious program enabling attackers to access private user data stored and processed by online banking platforms. It redirects traffic to the attacker's site, installs itself on the host system during activation, and conceals its presence by making folders and setting registry entries.

BIA (Business Impact Analysis)

Business Impact Analysis is the analysis that is performed to estimate the effects of the incident that takes place in the company. BIA does not strictly concentrate on a certain factor, gathering and analyzing all possible cases and factors. Among the ones that usually create the vast majority of incidents are natural disasters, political situations, equipment issues, and, of course, cyberattacks.


Beaconing is a signal sent by malware to a command and control server, indicating successful infection and requesting further instructions. It can also be utilized to transmit collected data, such as login credentials or credit card details. The attacker configures the frequency of these signals, and the malware may remain dormant until specific conditions are met, activating its payload.


Bifrose, classified as a backdoor trojan, has the potential to transform your device into an instrument for cybercriminal operations. Gain insights into effective methods for detecting Bifrose.

BlackCat (ALPHV)

BlackCat is a ransomware variant designed to infiltrate both Windows and Linux systems. Its primary function is to encrypt the files of victims, demanding a ransom in cryptocurrency for the decryption key.


BlackEnergy is a complex malware strain initially designed for launching distributed denial-of-service (DDoS) assaults. Over time, its capabilities expanded to include espionage activities, data demolition, and overall system breaches. This cyber menace frequently targets critical infrastructure industries, such as power, water, transportation, and governmental bodies.

Blended Threat

Blended threats combine multiple attack methods, such as virus worms, network intrusions, and social engineering, to exploit system vulnerabilities, making them challenging to detect and counter.


BlueBorne is a cyberthreat that exploits Bluetooth vulnerabilities to attack Android, iOS, Linux, Windows, and IoT devices. Attackers use it to take control of devices, accessing user data and networks to steal information, spy on users, or spread malware. Its ability to attack unpaired devices, even in non-discoverable mode, makes it a particularly dangerous threat that can compromise devices undetected.


Bluebugging is a cyberattack that exploits discoverable Bluetooth connections to infiltrate the victim's device. The attacker pairs their machine with the target device, installing malware that grants them control. Once compromised, the hacker can make and listen to calls, read and send messages, and modify or steal contacts.


A bootkit is a malicious program or malware that modifies a computer’s master boot record. As an advanced form of rootkit, it allows a malicious program to run before loading the operating system. With components outside the Windows file system, it is challenging for ordinary operating system processes to identify an infection caused by a bootkit.


Botnet is a network of devices infected with the same malware, that subordinate to a single (group of) command servers. It can consist of different device types, or even different operating systems. While a significant porting of botnets is used for spamming purposes, hackers may rent them to deliver particular malware.

Browser Hijacker

One of the most widespread and annoying types of unwanted software throughout the Web is browser hijackers. They target web browsers - programs like Chrome, Safari, Edge, Firefox, or other software serving as gateways to the Internet and websites. A web browser is not just a frameless window but a complex program, giving a lot of room for a user or, in our case, an exogenous program to modify and alter it. Browser hijackers are sometimes called browser modifiers.

Browser Isolation

Enhance your cybersecurity with browser isolation, a software solution that confines your web browsing activity within a secure, isolated environment such as a virtual machine or sandbox. This protective measure shields your devices from potential malware threats and bolsters overall network security. By separating web browsing from your devices, you establish a robust defense against malicious webpages, ensuring the safety of your devices even in the face of cyberattacks. Explore the advantages of browser isolation for safeguarding your online activities.

Brute Force Attack

A brute force attack attempts to break the code (password, passphrase, encryption key, etc.) by consecutively trying all possible character combinations until the right one is found. Such an attack can be characterized as systematic guessing. In cryptography, the “brute force” term reflects virtually unlimited time or computing power the hacker needs to perform the attack effectively, not the nature of the code breaker’s interaction with the targeted system.



Cactus is a ransomware variant that exploits vulnerabilities in specific VPN software to infiltrate corporate networks. It employs file encryption tactics and demands a ransom.


Carberp is a malware type targeting computers, specifically designed to pilfer sensitive information, especially financial data. It operates covertly, monitoring online activities such as banking transactions and login credentials.

CDN SSL/TLS Security

CDN SSL/TLS security is a layer of protection at the intermediary server between servers and user content. Besides providing the continuity of access, this protection also ensures that no counterfeits and spoofs appear on the way from a client to the server. Its importance is quite hard to see without the detailed explanation of each of its elements.


Content Disarm and Reconstruction system is a specific type of security application that aims at dealing with threats incorporated into genuine files. It uses a specific approach to analyze the files and detect threats inside, if the ones are present. Afterwards, it removes the threat and reassembles the initial file while keeping its benevolent contents unchanged. This, however, is a simplified explanation of how CDR can work. Depending on its type, the way it mitigates the threat may differ from extracting malicious code to making it impossible to execute.

Cerber Ransomware

Cerber ransomware operates as software as a service (SaaS), with cybercriminals licensing it for their attacks and paying a portion of their revenues to its creators. The ransomware spreads through phishing emails and malicious websites, installing itself on victims' devices and encrypting their files.


Chargeware is a specific type of mobile rogue software, that bills your phone number or bank card via the subscriptions to some paid services. It usually tries to mimic some legitimate application available at Google Play or App Store and may even have the claimed functionality. But besides what the developers promise it will do, this app manages to make money for their developers and some other crooks in a very sly way.


Clickjacking or UI redress attack is based on a visual trick to make the user click on an element of the web page that is invisible or disguised as another element. The main goal of a clickjacking attack is to get unsuspecting website visitors to act on another website (the target website).

Clop Ransomware

Clop ransomware encrypts victim files, demanding a ransom for decryption. Known for targeting larger entities, it employs sophisticated tactics and primarily affects Windows systems.

Cobalt Strike Beacon

Cobalt Strike is an extensive kit for malware delivery and control, initially designed as a tool for red team penetration testers. Hackers acquired it as well, appreciating its extensive potential.

Code Injection

Code injection (a.k.a. remote code execution) is an attack based on the input of improper data into a program. If hackers manage to exploit program vulnerabilities, they may succeed in injecting malicious code through the input line or uploaded file with the subsequent execution of this code. Those files usually exist as a DLL or a script, placed somewhere on your disk. Hackers may download them after the initial compromise and use them only when it comes.


CoinMiner is a malware that concentrates on earning cryptocurrencies by mining them on victims’ CPU or GPU.

Command And Control

Command and Control Server, or C&C, is a common name for a server that is used to control the botnets – networks of computers infected with certain malware. Command servers are created by crooks and maintained within a certain period of time – in order to manage the malware. Through these servers, malicious software receives a command to attack a specific target, download additional malware, execute certain commands, or self-destruct.

Computer Network Attack

A computer network attack aims to disrupt the normal functioning of a system by exploiting weaknesses in software or hardware. This form of attack includes spreading malware and initiating denial-of-service campaigns. Vigorous protection strategies are essential to defend against such malicious attempts.

Computer Virus

Computer virus is malware that replicates its code into other programs and files. Then, this replicated part replicates itself into other files, so the destruction goes exponentially.


Conduit operates as a browser hijacker capable of affecting both Windows and Mac devices. It modifies system settings, redirects users to unexpected websites, and installs unauthorized toolbars.

Container Breakout

Container breakout is a security vulnerability where an attacker gains unauthorized access to the underlying host system from within a contained environment, such as a virtual machine. It exploits weaknesses in container isolation mechanisms to escape and access sensitive data or execute malware on the host system.

Conversation Interception

Conversation interception is a form of email attack wherein the assailant specifically targets email accounts, compromising them to eavesdrop on ongoing conversations. In a conversation-interception attack, attackers can also initiate new discussions by impersonating one of the participants. For instance, consider two businesses engaged in email communication, such as a supplier and a buyer. Through a conversation-interception attack, an intruder can intervene in the conversation, monitoring the content. Moreover, the same intruder can masquerade as either the buyer or the seller, potentially disrupting deals or causing other detrimental effects. Perpetrators of conversation interception typically gain access to mailboxes or message archives by either hacking or infecting them with malware. Alternatively, they may acquire message archives from specific email accounts through dark web transactions, enabling them to execute conversation interception.


Crack, or software crack, is a specific change in the files of a program or its integral part that aims at disabling the license checking mechanism. The name of an entire process related to software cracking is called software piracy.

Credential Harvesting

Credential Harvesting involves the systematic gathering of user accounts from a system, service, or database using various methods, such as malware or phishing attacks. This unauthorized collection of account credentials poses a significant security risk.


Crimeware is a specific noun that means all malicious software that is applied in cyberattacks. The vast majority of the viruses spread in the modern computer environment can be called crimeware, but that term has not caught on.


CryptBot refers to an infostealer targeting Windows operating systems. Its primary goal is to pilfer sensitive information, including account passwords stored in browsers, cookies, payment information, and cryptocurrency wallets. The stolen data is then archived and transmitted back to the criminals for illicit use.


Cryptocurrency is a digital mean of payment, that is backed by decentralised calculations. It acts like peer-to-peer transactions, so it does not rely on banks to verify transactions, allowing anyone to send and receive payments regardless of location. Unlike the physical money we are used to wearing and exchanging in the real world, cryptocurrency payments exist solely as digital records in an online database describing specific transactions. This database is called blockchain. All cryptocurrency is stored in digital wallets.

CryptoLocker Ransomware

CryptoLocker ransomware, a trojan virus targeting Windows devices, searches local storage and connected media for files to encrypt. Using asymmetric encryption, it locks these files and displays a message informing users that their files are encrypted and will be destroyed unless a ransom is paid.


Cryptovirology explores the fusion of cryptographic techniques and computer virology to develop potent malware, including ransomware. This field leverages cryptography for offensive purposes rather than defensive ones. Originally a study to understand how cryptography could be misused, cryptovirology has been increasingly employed by hackers to orchestrate damaging ransomware attacks.

Crypto Malware (Cryptojacking)

Crypto malware, or cryptojacking, is malicious software that clandestinely mines cryptocurrencies on the victim’s computer without their knowledge or consent. Distributed through malicious websites, software downloads, or email attachments, the malware utilizes the victim’s resources to mine cryptocurrency, leading to device slowdowns or overheating.

Crysis (Dharma)

Crysis ransomware infiltrates systems through exposed Remote Desktop Protocol (RDP) ports, gaining access to install itself. Since 2016, it has been scanning for specific file extensions (documents, images, and databases), encrypting them, and demanding a ransom.

CTB Locker

CTB Locker stands as a type of ransomware belonging to the crypto-ransomware family. Discovered in 2014, it spreads through infected emails and deceptive downloads, such as fake Flash updates.


Define the term 'cybercriminal' as an individual engaged in cybercrimes—criminal acts involving information technologies as a means or target. Explore the diverse activities encompassed by cybercriminal actions, including data theft, identity theft, online scams, malware dissemination, denial-of-service attacks, and cybervandalism.


Cybersecurity is defined as the defense of networks, data, and information from unauthorized access, tampering, or destruction. All the networks, data, and knowledge have something in common; they're the equivalent of data and data stored in a bank. An attacker can physically access the building and manipulate the security systems to get into the bank's vaults.


Cyberterrorism involves using computer technology for attacks that terrorize individuals, companies, and countries. Various cyberattacks fall under this category, including hacking, denial-of-service (DDoS) attacks, malware distribution, ransomware, phishing, and identity theft.



DanaBot is a banking trojan renowned for its ability to pilfer sensitive financial information. Its numerous variants and adaptable nature make it a versatile threat, capable of being repurposed for activities such as spam distribution.


DarkHotel is a cyberespionage group targeting high-profile individuals and organizations by sending deceptive emails with harmful links or attachments. They use malware to steal sensitive information.


Darknet refers to a private and encrypted network where users can remain anonymous. It is often associated with illegal activities, as it provides a platform for the exchange of goods, services, and information outside of conventional online channels. Darknet websites typically use specialized software and encryption tools to ensure user anonymity and privacy. While not all activities on the Darknet are illegal, it has gained a reputation for hosting illicit transactions and services due to its anonymity features.


A data store serves as a digital repository for various data types, including relational databases, NoSQL databases, object-oriented databases, or file systems. Tailored to specific application or service requirements, data stores, managed by companies or third-party suppliers, enhance organizational safety by offering features such as data replication, backup and recovery, data encryption, and access control. They play crucial roles in data analytics, archiving, recovery, business intelligence, and transaction processing, safeguarding against malware attacks.

Data Breach

A data breach occurs due to a cyberattack that allows cybercriminals to gain unauthorized access to a computer system or network and steal the customers' personal, confidential, and financial data.

Data Breach Prevention

Data breach prevention involves the implementation of various strategies, policies, and tools to protect sensitive information from unauthorized access, disclosure, or misuse. The goal is to secure digital data against cyberattacks, including hacking, malware infections, or insider threats, that could compromise personally identifiable information (PII), financial details, or trade secrets.

Data Execution Prevention

Data execution prevention is a Windows security feature that prevents the system from executing code from specific memory locations, typically the stack and heap, to protect against malware.

Data Exfiltration

Examine the menace of unauthorized data transfer from devices, known as data exfiltration. Recognize the pivotal role data exfiltration plays in data breaches and cyberattacks. Understand the methods employed by criminals, including malware infections, ransomware, and social engineering, to extract sensitive information from devices. Bolster your defenses against data exfiltration.

Data Loss

Data loss is the unintentional loss of data stored on electronic devices due to human error, hardware failure, malware attacks, natural disasters, or power outages. Data backup is crucial to prevent such losses.


A Denial-of-Service (DDoS) attack is a malicious attempt to disrupt the normal functioning of a targeted server, service, or network by overwhelming it with a flood of internet traffic. The goal is to make the target inaccessible to its users by causing a temporary or prolonged outage. DDoS attacks can be executed using various techniques, such as sending a massive volume of traffic, exploiting vulnerabilities, or using a network of compromised computers (botnets). The intent behind DDoS attacks can range from mischief to extortion or ideological motivations.

Deception Technology

Deception Technologies in Cybersecurity aims at baiting the hackers to break in and collect information about indicators of compromise, typical actions, and targets.

Defense In-Depth

Defense in Depth, also known as DiD, represents a cybersecurity strategy involving multiple layers of defense mechanisms and diverse measures to safeguard networks and computer systems. This approach functions akin to a series of security barriers; if one layer fails, another steps in to thwart potential cyber attacks. The Defense In-Depth architecture proves effective in comprehensively addressing various attack vectors, including network attacks, malware infections, and social engineering attempts.

Digital Footprint

Digital Footprint is the compound of your network activity, visualised in different forms. It can be represented as a list or as the image of your person - generally depending on the type of footprint that is supposed (or available) for use. A passive digital footprint consists of browsing history, cookies, and similar information - they don’t say much about the person.

Djvu Ransomware

Djvu Ransomware (also known as STOP Ransomware) is a type of malware that encrypts files on a victim's computer. This ransomware variant is known for appending specific file extensions to the encrypted files, such as ".djvu" or ".stop" After encryption, the attackers demand a ransom payment, usually in cryptocurrency, in exchange for providing the decryption key.

DNS Blocking

DNS blocking prevents devices on networks from accessing specific websites or pages. It’s employed to mitigate cyberattacks, stop malware infections, or restrict access to certain sites like gambling sites in workplaces.

DNS Filtering

DNS filtering is a security measure that blocks access to malicious, disreputable, or prohibited websites and applications at the DNS level. Organizations implement DNS filtering to secure company data and maintain control over employee access on managed networks. By preventing the loading of threatening sites at the IP address level, DNS filtering safeguards against various risks, including those associated with gambling, adult content, and known malware.

DNS Firewall

A DNS firewall is a protective measure that filters and controls DNS traffic to prevent users on a specific DNS network from accessing malicious or unwanted websites or resources. It utilizes various techniques, including threat intelligence and DNS response policies, to block or redirect access to known malicious locations, thereby enhancing network security and safeguarding against potential threats.

DNS Hijacking

DNS hijacking (also DNS Poisoning or DNS Redirecting) is a type of cyberattack in which a hacker tries to manipulate DNS requests to redirect users to malicious websites. DNS stands for Domain Name System. It is essentially the Internet phone book, translating your friendly web addresses, such as, into an IP address understood by computers.

DNS Rebinding Attack

DNS Rebinding is a type of cyber attack where an attacker tricks a victim's web browser into making requests to a domain under the attacker's control. This typically involves exploiting the way web browsers handle multiple DNS (Domain Name System) responses for a single domain.

DNS Tunneling

The DNS is essentially the vast phone book of the Internet. And DNS is also the underlying protocol that allows administrators to query the DNS server database. DNS Tunneling attack turns the domain name system into a weapon for cybercriminals. Because DNS is a highly trusted and widely used system on the Internet, this attack takes advantage of this protocol. It allows malicious traffic to penetrate the organization's protection (the victim).

DNS-based Blackhole List

In cybersecurity, a DNS-based Blackhole List (DNSBL) or Real-time Blackhole List (RBL) comprises domain names and IP addresses recognized as sources of spam, malware, or other malicious activities. DNSBLs filter incoming network traffic, allowing servers to reject or mark messages from listed sources as spam, thereby reducing potential harm. While effective, careful management is crucial to avoid unintentionally blocking legitimate traffic.

Domain Spoofing

Domain spoofing involves attackers creating fake websites or email addresses resembling legitimate ones, aiming to deceive users into disclosing sensitive information, downloading malware, or falling victim to phishing attacks.


Doxing (or Doxxing) is a type of online harassment that involves revealing someone's personal information, such as their real name, phone number, address, job, or other identifying information, and publicly disclosing it, usually online. Doxing occurs without the victim's consent with the intent to disclose information intended to preserve privacy.

Downloader Trojan

A downloader trojan is a malicious software designed to surreptitiously install harmful files or software on a victim’s device, such as a computer or smartphone. Disguised as legitimate software, this trojan focuses on downloading and executing additional malware, acting as a covert gateway for viruses, ransomware, or spyware to infiltrate the compromised system.


Dridex is potent malware infiltrating Windows computers to steal valuable financial information, often spreading through phishing emails, malware-infected sites, drive-by downloads, or USB drives.


A dropper is a type of Trojan that delivers and initiates the installation of malware. Appearing as an innocent-looking program, antivirus software often fails to recognize it as malicious, allowing it to enter the system. There are two types of droppers: persistent, which remain hidden and provide ongoing access after system restart, and non-persistent, which install malware and automatically delete themselves.

Dropper.Gen, Dropper.MSIL

Dropper.Gen and Dropper.MSIL are generic terms for malware, commonly used to refer to malicious programs designed to facilitate the installation of additional malware on a system.


Duqu refers to a sophisticated and stealthy malware discovered in 2011, categorized as an advanced persistent threat (APT) with similarities to the Stuxnet worm. Primarily focused on espionage and data theft, Duqu targets industries such as aerospace, energy, and telecommunications.


Dyreza is trojan malware discovered in 2014, targeting online banking users to steal financial information such as login credentials and account numbers. Understand the tactics employed by Dyreza and bolster your awareness to protect against this specific type of malware.


Early Launch Anti-Malware

Early launch anti-malware (ELAM) is a security feature safeguarding computers during the boot-up process, preventing malware, especially rootkits, from loading before most other software starts. ELAM ensures that security software has the opportunity to run before potential threats can take hold.

EDR (Endpoint Detection And Response)

Endpoint Threat Detection and Response, usually shortened to fit the “EDR” abbreviation, is a new look at anti-malware software. However, it is not about fitting all possible needs like “classic” anti-malware apps pretend to do. EDR, as you can understand from the abbreviation, is a system that must protect endpoints rather than individual computers.

Email Attack

An email attack refers to a malicious activity or strategy where cybercriminals use email as a vector to deliver harmful content or manipulate recipients into taking actions that compromise security. Common types of email attacks include phishing, where attackers trick users into revealing sensitive information, and malware distribution, where malicious software is delivered through email attachments or links. Email attacks often exploit social engineering tactics to deceive recipients and gain unauthorized access to information or systems.

Encrypted File Transfer

Encrypted file transfer ensures the secure sharing of files between devices or over a network, maintaining the confidentiality and integrity of data. Encryption renders the information inside a file unreadable without a decryption key or password. It is essential for preventing unauthorized access by parties, viruses, or other types of malware to files containing sensitive data.

Evil Maid Attack

An evil maid attack is a type of cyberattack that targets unattended devices. If the device is unprotected, the attacker may attempt to steal data or infect the device with malware. If the device is protected, the evil maid attack may involve imperceptible tampering, such as altering firmware to create a fake password prompt for stealing user credentials later on.


Exploit is a program or a piece of code designed to make use of vulnerabilities. It is never a stand-alone element but a complementary element of a large-scale cyberattack. While being available for application even in home user systems, they are mostly seen in attacks on companies.

Exploit Kit

An exploit kit is a malicious toolkit employed by cybercriminals to identify and exploit vulnerabilities in a user's software or operating system. Hosted on malicious websites, these kits probe the user's system for security flaws, delivering and executing malware payloads. Exploit kits have the capability to distribute various types of malware, including ransomware, Trojans, and keyloggers.

Executable File

An executable file is a digital file containing a software application designed to be run ("executed") by the host device’s operating system. To enhance security against malware attacks, executable files often undergo digital signing for the purpose of verifying their authenticity and ensuring integrity.


Facial Recognition

Facial recognition is a system of personal identification or authorization by the face. We will review the purposes in a separate part of the article, so let’s concentrate on how it is done. There are several ways to recognize the face - depending on the hardware and software used in that procedure.

FakeAV (Fake AntiVirus)

FakeAV encompasses a wide range of malicious software designed to deceive users into buying counterfeit antivirus products or downloading other malware.

File-infecting Virus

A file-infecting virus is a type of malware that attaches itself to legitimate executable files on a system. When the infected file is executed, the virus activates and runs alongside the intended program, spreading to other executable files and carrying out malicious activities.

Fileless Malware

Fileless malware operates without planting files, residing directly in RAM. It's difficult to detect, commonly distributed through infected websites, and leverages JavaScript to execute malicious commands.

Fileless Attacks

A fileless attack is a cyberattack that uses malicious code executed directly in memory or leverages legitimate system tools. Unlike traditional malware relying on files stored on a disk, fileless attacks operate stealthily, evading detection by most antivirus software and security solutions.


FileRepMalware is a designation commonly assigned by antivirus programs to potentially harmful files. It serves as a notification from an antivirus provider indicating the presence of malware on your device. While the malware may range from relatively benign adware that generates browser ads to more severe threats, it poses a significant risk.

File Format

A file format refers to the specific way in which information is stored in a computer file. It defines the structure and organization of data within the file, including how data is represented, encoded, and formatted. File formats are essential for ensuring that different software applications can correctly interpret and process the information stored in a file.


A firewall is a complex tool designed to protect internal networks from external sources (internet, for example) threats like malware or threat actors. It may consist of a hardware device (network router or switch) or software (firmware or a specific app in the OS).

Fraud As A Service

Fraud as a Service involves selling services to cybercriminals, ranging from phishing kits or malware tools to comprehensive packages including UI, payment systems, security measures, tutorials, and customer support, often transacted on the dark web.

Floxif (Win32/Floxif)

Floxif is a group of trojan viruses designed to modify Windows files, enabling unauthorized surveillance of your device and creating a backdoor for other malicious software.

Fork Bomb

A Fork Bomb operates by using the fork() call to create a new process that is a copy of the original. By repeatedly creating new processes, it can consume all available processes on a machine, leading to system instability or crash.


FormBook is a type of spyware designed to infiltrate devices, pilfering files and data from a variety of applications. It captures screenshots and transmits the acquired information back to the attacker.

Form-Based Authentication

Form-Based Authentication utilizes web forms to prompt users for username and password information. It's a common method used for user authentication on web applications, requiring users to input credentials via web-based forms.


FusionCore is an adware bundler designed to clandestinely introduce unwanted components, such as applications, into your system during software installation.



GandCrab is a ransomware type of malware that encrypts a victim’s files and demands a ransom for decryption. Widely spread in 2018 and early 2019, GandCrab is notable for being one of the first ransomware to be sold as a service, operating under the business model known as Ransomware-as-a-Service (RaaS). This model allowed other cybercriminals to use the software for a share of the profits.

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that impacts the European Union and its citizens. It imposes stringent regulations on organizations regarding the control, processing, and storage of personally identifiable information (PII). Learn more about how businesses can assess their readiness for GDPR in this informative post.


Ghostware is a type of malware designed to evade detection by traditional security measures. It is used to gain access to sensitive information from high-value targets such as governments. Due to its ability to escape regular antivirus scans, ghostware can remain undetected for extended periods.

Globally Unique Identifier (GUID)

A Globally Unique Identifier (GUID) is a distinctive number generated by Microsoft applications to uniquely identify components, hardware, files, user accounts, and more.


Glupteba functions as a modular trojan, serving as a backdoor, remote access trojan, and at times, a cryptojacking virus. Gain insights into its multifaceted capabilities below.

Gootkit (Waldek)

Gootkit is a sophisticated banking trojan initially identified in 2014. It specifically focuses on Windows devices within critical sectors such as finance, law, and healthcare.

Godfather Android Malware

The Godfather Android malware is a Trojan designed to infiltrate banking and cryptocurrency apps. Learn how to eliminate the Godfather malware from your smartphone.

Graphical User Interface (GUI)

A Graphical User Interface (GUI) is a user-friendly interface that enables users to control and manipulate software easily. In contrast to command line programs, GUIs are designed to be intuitive and user-friendly.

Green Hat Hacker

Green hat hackers are newcomers focused on learning and developing their skills. Whether harboring malicious intentions or training to become white-hat hackers, they pose a potential threat. In their experimentation with cyberattack techniques and malware, new hackers may inadvertently cause irreversible damage without understanding the consequences or how to remedy a misstep.


Greyware is a category of software that performs annoying, disruptive, or undesirable tasks without reaching the level of malicious intent. It is distinct from more harmful forms of malware. Also referred to as Grayware.


Juice Jacking

Stay vigilant against juice jacking, a cyberattack leveraging public USB charging ports to steal data or install malware on your device. This nefarious technique puts passwords, credit card information, and personal data at risk. Learn how to protect yourself from this form of attack, preventing unauthorized access and potential data breaches.



Hacking is a process of breaking into a particular system with methods that were not foreseen by the person who designed this system. Hacking is identifying weaknesses in a computer system or a network to exploit the security to gain unauthorized access to data.


Hawkeye is a sophisticated remote access trojan and keylogger crafted to illicitly acquire sensitive data, such as credit card numbers and passwords, from Windows devices.


HermeticWiper is a type of disk-wiping malware designed to infiltrate Windows devices and incapacitate them by destroying files, corrupting the master boot record (MBR), and compromising physical drives. Discovered in Ukrainian organizations on February 23, 2022, it has been compared to WhisperGate and linked to PartyTicket, a decoy ransomware. The malware's name is derived from the digital certificate used to sign it, issued by a company named 'Hermetica Digital Ltd.' The attackers behind HermeticWiper remain elusive, using a potentially shell company or defunct business to obtain the digital certificate.

Heuristic Analysis

In cybersecurity, heuristic analysis is a technique for detecting unknown malware or new variations of known malware based on behavioral patterns. This method, employed by many antivirus applications, protects against threats that traditional signature-based methods might overlook.

Heuristic Virus

A malware is termed 'heuristic' because antivirus software identifies viruses through behavioral analysis. The software flags files or code exhibiting suspicious behavior as potentially dangerous, allowing modern antivirus programs to detect new types of malware before causing harm to your device.


A hoax is a deceptive message falsely presenting something as true. Hoaxes can be rumors, urban legends, or pseudoscience, and in the cyber realm, they can involve misleading messages prompting users to download malware under the guise of protection.


Honeypot is a particular system established at the endpoint to monitor the activities from applications and incoming connections, imitating the original endpoint. In this manner, the security system and the specialists can detect potentially malicious activities and create a counteraction. That may be the counterfeit of an internal server, a computer in the network, a website server, or whatever can attract cybercriminals.

Host-Based ID

Host-based intrusion detection systems (IDS) use information from operating system audit records to monitor all operations on the host where the intrusion detection software is installed. This data is compared against a predefined security policy to detect potential security breaches. However, this analysis imposes significant overhead on the system due to increased processing power requirements.

Host-Based Firewall

A host-based firewall is installed directly on an individual device, providing protection against malware. Users install them to safeguard their devices, while larger companies use them to control the spread of malicious software in a network if one device is compromised.


Hupigon poses a significant threat as a trojan, enabling unauthorized remote access to your device for potential involvement in DDoS attacks. Learn how to detect and eliminate Hupigon from your device.


IcedID (BokBot)

IcedID is a banking trojan targeting Windows devices, designed to pilfer financial credentials and extract funds from victim accounts.


ILOVEYOU, also known as the Love Bug or Love Letter, stands as one of the most notorious computer worms in malware history. It emerged in May 2000, rapidly spreading globally and causing significant damage.

Indicator Of Compromise (IoC)

An indicator of compromise (IoC) is a piece of forensic data, such as a system log entry or a file hash, that identifies potentially malicious activity on a system or network. IoCs serve as evidence that a cybersecurity breach may have occurred or is actively taking place. They are utilized in incident response, forensics, and malware defense to gain a better understanding of the threat landscape and strengthen an organization’s defenses.


Industroyer, also known as CrashOverride, is a highly sophisticated and destructive malware targeting industrial control systems (ICS) in critical infrastructure sectors like energy, transportation, and manufacturing.

Inference Attack

Inference Attacks rely on users to make logical connections between seemingly unrelated pieces of information. These attacks exploit the disclosure of seemingly harmless data to deduce sensitive information or patterns.


InstallCore is a potentially unwanted software that deploys multiple applications on a user's computer, typically bundling a well-known program with one or more adware components.

Intellectual Property

Intellectual Property encompasses creations of the mind, including inventions, art, designs, names, and commercial images. Laws regarding intellectual property vary across countries, generally protecting the rights of the individual or company credited with the creation.

Internationalized Domain Names (IDN)

Internationalized Domain Names (IDN) are domain names that include at least one non-ASCII character. They enable users worldwide to create and register domain names using their native language characters.

Internet Of Things (IoT)

The Internet of Things (IoT) represents a network of internet-connected devices that operate without direct human input. Explore more about IoT security and its principles in this blog post.

Internet Service Provider (ISP)

An Internet Service Provider (ISP) is a company that offers internet services, including basic connections, broadband, web hosting, and various other services to users.

Internet Worm

An internet worm is a self-replicating malware that distributes copies of itself across a network, infecting computers without showing signs to users. Leveraging bugs in computer software, internet worms pose a greater threat than other malware types, as they spread autonomously and can bypass many forms of network security, such as firewalls.


An Intranet is a private network with restricted access, typically established by or for a company, allowing only its members to access the network resources.

IoT Botnet

Grasp the concept of IoT botnets, networks of infected IoT devices that respond to commands from malicious actors. Understand the implications of IoT device vulnerabilities and the role they play in cyber threats. Explore measures to protect your IoT devices from becoming part of a botnet.

IP Address

An IP address looks like a string of numbers separated by dots. More precisely, it is a set of four numbers — an example address will be Each number in an IP address set can go from 0 to 255. The full IP address range varies from to



Kerberos is a system developed at the Massachusetts Institute of Technology (MIT) that relies on passwords and symmetric cryptography (DES) to implement a ticket-based, peer entity authentication service, and access control service distributed in a client-server network environment. It provides secure authentication between entities in a networked environment.

Key Generator

A Key Generator, commonly known as keygen, is software designed to generate random keys, such as software product keys. It enables users to activate and operate a program without purchasing it.


Keylogger is an effective spying tool to see what the victim is typing and where it clicks. It may be used both separately and as a part of spyware.


Killware is a cyberattack aimed at causing serious physical harm or death. Hackers deploy various methods, including ransomware and malware, to execute killware attacks. Examples include cyberattacks against critical systems like power grids, hospitals, airports, banks, directly impacting people’s lives.


Kovter, a fileless malware, conceals itself in a device's memory and executes commands to engage in ad fraud. Discover effective methods to detect and eliminate this threat from your computer.



Leakware, a subtype of ransomware, attacks victims by stealing and threatening to leak sensitive or confidential information. Unlike classic ransomware, which encrypts files and demands a ransom, leakware collects sensitive data and threatens exposure unless the victim complies with the attacker’s demands.

Local Area Network (LAN)

A Local Area Network (LAN) is a network of computers and devices spread over a relatively small space, such as a building or group of buildings. Typically, these devices connect to a server or group of servers using ethernet or Wi-Fi.


On any given system, Localhost refers to 'This computer.' It utilizes the IP address for loopback functionality, allowing access to resources stored on the system itself.

Lokibot (Loki Password Stealer)

LokiBot is a prevalent trojan designed to pilfer credentials or provide attackers with backdoor access to both Windows and Android devices.

Locky Ransomware

Confront the global threat of Locky ransomware, known for encrypting sensitive data using complex algorithms such as RSA and AES. Understand the ransom demands and the decryption key process. Trace the evolution of Locky ransomware variants and stay vigilant against this persistent threat causing data loss across various industries.

Loopback Address

The loopback address ( is a pseudo IP address that always refers back to the local host and is never sent out onto a network. It allows a computer to communicate with itself, often used for testing and troubleshooting network-related issues.



Madware refers to aggressive advertising on mobile devices, specifically tablets and smartphones.


MacBooster is a potentially unwanted program marketed as a system optimization tool and is commonly bundled with other software.

Macro Virus

Macro is a small applet used in Microsoft Office to increase the interactivity of the document. The flaws of this format made it possible to exploit it for malevolent purposes.

Malicious Code

Malicious code is a collective term for various harmful computer programming scripts designed to exploit or create vulnerabilities within systems. The consequences of malicious code include security breaches, theft of information and data, and damage to files and systems. In some cases, it may establish a backdoor, providing permanent access to networks and devices.


Malvertising uses malicious ads to steal data or install malware on victims’ devices, exploiting online advertising as an avenue for cyberattacks.


Malware (malicious software), is a blanket term for any kind of computer software with malicious intent. Most modern computer threats are malicious software.


Malware-as-a-service operates similarly to legitimate business models like software-as-a-service, providing users with a user-friendly interface and control panel to remotely manage malicious software's activities. In this arrangement, cybercriminals act as service providers, handling the technical aspects of malware creation, distribution, and maintenance. This allows less tech-savvy individuals to engage in malicious activities for a subscription fee.

Malware Obfuscation

Malware obfuscation is the practice of modifying malicious software (malware) to increase the difficulty of identification by cybersecurity measures. This involves transforming the structure, logic, and appearance of the malware without affecting its core functionality.

Malware Sandboxing

Malware sandboxing is a method where experts and analysts execute potentially dangerous code or files in a protected space known as a sandbox. This secure environment allows close study and evaluation of malware behavior without putting the main system at risk.

Medusa Ransomware (MedusaLocker)

MedusaLocker is a form of malicious software designed to encrypt files on a target computer. It then demands payment in cryptocurrency to unlock and restore access to these files.

Memory Forensics

Memory forensics is a process that analyzes and extracts information from a computer’s volatile memory, known as RAM. Active processes, network connections, user activity, and potential malware or intrusions can be understood by examining RAM. It plays a crucial role in cybersecurity investigations.


Metadata is information about data, providing details such as origin, relevance, and creation. Examples include geotags in media files indicating the location of a photograph and authorship details in document files.

Metamorphic Malware

Discover the intricacies of metamorphic malware, a sophisticated type of malicious software that dynamically rewrites its code as it navigates through a system. Unlike other malware employing encryption keys, metamorphic malware adapts its structure without relying on encryption, evading detection by antivirus software. Unravel the unique capabilities of this malware variant and understand its evasion techniques.

MFA (Multi-Factor Authentication)

Multi-Factor Authentication or MFA is a user identification that requires the user to provide two or more identity verification factors to access a resource. This can be an application, an Internet account, or a VPN. MFA is a core component of a strict Identity and Access Management (IAM) policy. The primary goal of MFA is to create a layered defense that will prevent an unauthorized person from accessing a target, such as a physical location, computing device, network, or database. Even if one factor is compromised, an attacker still has at least one or more barriers to overcome before successfully penetrating a target.

MITM (Man In The Middle)

The Man in the Middle attack (MITM) is a specific case of eavesdropping in cybersecurity. In this case, the third party tries to overhear what you send to the server and what it sends to you.

Mobile Code

Mobile code enables various functions on mobile devices but poses security risks due to potential inclusion of malicious code like viruses, malware, or Trojans that can compromise device data and user privacy.

Mobile Malware

Mobile malware targets smartphones, tablets, and other mobile devices to exploit and access private data, often infecting devices through malicious apps, text messages, or phishing emails.

Money Mule

A money mule is an individual tricked into accepting money from scammers, holding it in their account temporarily, and then forwarding it to another account. Also known as money muling or muling.

Multipartite Virus

Multipartite malware infiltrates systems through diverse attack routes, combining traits from different malicious software types. Its adaptability and difficulty of detection stem from propagation through compromised files, downloads, or bootable media, causing significant harm to the system.


NGAV (Next-Generation Antivirus)

Next-generation antivirus, or NGAV, is a general conception of a security application that popped out as a substitution for classic antivirus. Contrary to the latter, NGAV is generally backed by malware detection through proactive methods, in particular, heuristics and neural engines. Next-generation solutions also feature a wider control area, which makes it possible to minimize the number of attack surfaces. It is especially relevant when we talk about next-generation tools for corporate protection.

NDR (Network Detection And Response)

NDR solutions monitor network traffic and incoming/outgoing connections using proactive neural networks or heuristic engines. Together with SIEM, EDR/XDR, UBA and distributed deception platform, NDR form a pack of corporate security tools that provides surveillance, threat detection and response on all surfaces.

Nemucod (JS.Nemucod)

Nemucod functions as a trojan downloader or dropper, facilitating the delivery of ransomware and other types of malware. Its propagation occurs through malicious JavaScript and PHP files, as well as email attachments.

Netwalker Ransomware

Netwalker ransomware encrypts victim data, demanding a ransom for decryption. It targets businesses, exploiting vulnerabilities in remote access tools or using phishing emails for initial entry and rapidly spreading within networks.


NetWiredRC.Gen is a backdoor trojan with the capability to transform your device into a tool for engaging in cybercriminal activities. Gain insights on how to identify and detect NetWiredRC.Gen.


NanoCore is a remote administration tool utilized by cybercriminals for activities such as surveillance, data theft, and manipulation of systems on targeted devices.

Neshta (Neshuta)

Neshta is a virus that infects executable (.exe) files, acting as a file infector. It operates surreptitiously in the background, gathering information about the system and its users.


NotPetya, also known as Petya, is a destructive cyberattack masquerading as ransomware. Unlike typical ransomware, NotPetya permanently damages the master boot record, rendering file recovery impossible even after a ransom payment. It was designed for disruption rather than financial gain.


A not-a-virus notification from antivirus, indicates potential threats in a file or application that are not viruses. While often associated with hidden adware or riskware, not-a-virus notifications may also arise in response to legitimate programs like IRC clients, password managers, and FTP services.

Null Session

Null Session, also known as Anonymous Logon, enables an anonymous user to retrieve information like user names and shares over the network or connect without authentication. Certain applications, such as explorer.exe, use Null Sessions to enumerate shares on remote servers.



Obfuscation occurs when malware deliberately conceals its true intent from potential victims and attempts to hide portions of code from malware researchers during analysis.


OfferCore is categorized as a Potentially Unwanted Program (PUP) and operates as adware, seizing control of your browser to display intrusive and bothersome ads during your browsing experience.

One-Way Encryption

One-Way Encryption involves the irreversible transformation of plaintext to ciphertext. Even if the cryptographic key is known, the plaintext cannot be recovered from the ciphertext by means other than exhaustive procedures.

OSINT (Open-Source Intelligence Tools)

Open-Source Intelligence is a method for getting information on any person or organization. OSINT likely existed as long as social networks do. Completing the jigsaw of personal data is very amusing, especially if you like games of this sort.


Packet Sniffing

Packet sniffing involves inspecting online traffic across networks. While used by admins for valid reasons like issue detection, it’s exploited by hackers to steal credentials, monitor behavior, spy on businesses, or install malware.

Packet Switching

Packet switching involves the division of data into smaller chunks for secure and efficient network transfer. This method enhances monitoring capabilities, allowing organizations and users to easily detect security threats, such as malware and other malicious activities that pose risks to sensitive user data. Despite the advantages, hackers employ various methods to exploit vulnerabilities, emphasizing the importance of continuous data security practices.


Padodor poses a significant threat as a backdoor, enabling malicious actors to exploit your device remotely and pilfer sensitive information. Learn how to eliminate this threat from your computer.

Parite, W32/Parite, Packed.Parite

Parite is a computer virus designed to exploit Windows operating systems, spreading by infecting executable files and dynamic link libraries like a worm.

Password Sniffer

Learn about password sniffers, a type of malware designed to intercept and steal data packets carrying login credentials over computer networks. Discover the heightened risks on unsecured or public networks and understand how password sniffers can compromise accounts and pave the way for more extensive cyberattacks. Strengthen your defenses against this stealthy threat.


A Software Patch is a common noun for any applique or update for the program. It can have the properties of a routine update or some new functions.


Permutation is a process that maintains the same letters within a text but alters their positions to scramble the message. It's a cryptographic technique used to obfuscate information by rearranging characters without changing them.

Personal Firewall

A personal firewall monitors and manages network traffic to and from a device, adding an extra layer of security against unauthorized access and potential threats, crucial for safeguarding devices on public wifi networks.


Petya is a family of encrypting ransomware that emerged in 2016, targeting Microsoft Windows-based systems. This destructive malware denies users access to their systems, demanding ransom in Bitcoin for restoration. Unlike traditional ransomware, Petya encrypts the master file table (MFT) and replaces the master boot record (MBR) with malicious code, rendering the entire system unusable.


In cybersecurity, Pharma, short for 'pharmacy,' refers to spam or websites that engage in the trafficking of fake or illegal medication. These sites may also sell legal medication but in violation of local laws.


Pharming is a procedure of phishing with the use of precursor malware. It supposes the crooks to redirect the hacked user to spoofed websites in order to steal money, credentials or so.


Phishing is a kind of attack of tricking you into sharing login/password, credit card, and other sensitive information by posing as a trusted institution or private person in an email or on-site.

Polymorphic Malware

Explore the concept of polymorphic malware, a versatile category of malicious software that can dynamically change its code and appearance to evade detection. Gain insights into the various forms of polymorphic malware, including viruses, worms, trojans, bots, and keyloggers, and learn how to mitigate the risks associated with these adaptive threats.

Pop-Up Ad

Pop-up ads are one of the advertising forms, particularly the most massive and cheapest one. Besides being a legitimate promotion tool, it is often exploited by rascals for easy income.


Poweliks is a Trojan malware type that hides in the Windows Registry, making detection and removal challenging. Functioning as a downloader or dropper, Poweliks typically introduces additional malicious payloads such as banking Trojans, ransomware, or adware. It often infiltrates systems through exploit kits, malicious email attachments, or drive-by downloads, using various techniques to evade detection.

Private Addressing

Private Addressing refers to three reserved address ranges designated by IANA (Internet Assigned Numbers Authority) for use by private or non-Internet connected networks. Defined in RFC 1918, these address blocks are: to (10/8 prefix), to (172.16/12 prefix), and to (192.168/16 prefix).

Promiscuous Mode

Promiscuous Mode occurs when a machine reads all packets off the network, disregarding their addressed recipients. It's employed by network administrators for diagnosing network issues but can also be used by unauthorized entities attempting to eavesdrop on network traffic, potentially accessing sensitive information like passwords.

Proxy Server

Proxy Server is a protective server that stands in your connection between you and the server you are trying to connect. It may have various properties and functions, depending on what the provider offers.


Pseudoransomware mimics ransomware behavior without actually encrypting user files. It deceives users by claiming to have encrypted files and demands a ransom, relying on fear to trick users into paying. Pseudoransomware is quicker to develop than true ransomware and can be effective against less tech-savvy users who may not realize their files are untouched.

PSW.Stealer, Trojan-PWS

PSW.Stealer, also known as Trojan-PWS, is a malicious program designed to extract passwords and sensitive data from Windows systems.


PUABundler is a category of potentially unwanted applications that are known for bundling multiple software programs together during the installation process. Users may encounter PUABundler when downloading and installing software from various sources, especially freeware and shareware websites.



In cybersecurity, quarantine is the isolation of a potentially malicious file in a secure location by onboard security software. This prevents harm while users decide how to handle it.

Quasar RAT

Quasar RAT is an open-source remote access trojan employed by cybercriminals to conduct surveillance, pilfer sensitive data, and establish remote control over targeted devices.

Qbot (QakBot)

Qbot, also known as QakBot, is an advanced banking trojan designed to pilfer sensitive information, including login credentials, from Windows-based systems.



Ramnit is a malicious computer worm that specifically targets Windows operating systems, infecting EXE, DLL, and HTML files. Its primary functionalities include the installation of backdoors, password theft, and providing attackers with full access to the compromised system.

RAM Scraping

RAM scraping involves cybercriminals extracting sensitive data from a computer's RAM, exploiting vulnerabilities or malware to access valuable information like credit card numbers or login credentials.


Ransomware is malware that encrypts the files on the victim's PC and then asks for the ransom payment. Ransomware injection is one of the most dangerous forms of cyber attacks.


RAR files, like other archives, are data containers storing one or more files in compressed form. WinRAR is the software typically used for compression. RAR files have the .rar extension.

Red Hat Hacker

A red hat hacker is a digital activist or vigilante who uses hacking knowledge to convey a message. Motivations may be political, social, religious, or ideological. Red hat hackers can execute single attacks to expose confidential information or participate in broader campaigns, using tools such as botnets, malware, and vulnerability exploits. They may collaborate with white hat hackers if their views align on specific issues.

Replay Attack

A replay attack occurs when hackers intercept your internet traffic to gain unauthorized access to your accounts and online profiles. To execute a replay attack, they first need to compromise your network, either by implanting malware on the victim's device or setting up a hotspot. This falls under the category of man-in-the-middle attacks (MITM).

Reverse Engineering

Reverse engineering is the process of software or hardware item disassembling to understand how that works or which specific elements it has.

Reverse Lookup

Reverse Lookup is a process that involves finding the hostname corresponding to a specific IP address. In the context of networking, particularly the Internet Protocol (IP), this method is used to determine the domain name associated with a given IP address. It provides a way to map IP addresses back to their respective domain names, aiding in network diagnostics and identification.

Reverse Proxy

A Reverse Proxy is a server that handles public HTTP requests and forwards them to back-end webservers to retrieve content. Instead of clients connecting directly to the webserver, they interact with the reverse proxy, which acts as an intermediary. The reverse proxy then relays the content from the webserver back to the clients. This setup provides several benefits, including load balancing, security, and caching, enhancing the performance and security of web applications.

REvil Ransomware

REvil ransomware encrypts victim files and demands a ransom for their release. Operating as ransomware-as-a-service (RaaS), it is rented to other hackers by its developers, who take a cut of the profits.


A robocall is an automated phone call delivering a recorded message. While commonly used by political parties, schools, and telemarketing companies, scammers are known to abuse robocalls.


Rogueware, short for "Rogue Security Software" or "Scareware" refers to malicious software that deceptively presents itself as legitimate security software or system optimization tools. It typically tricks users into downloading and installing the software by displaying false or exaggerated security threats on their computers.


Royal is a Ransomware-as-a-service (Raas) that emerged in September 2022. Its primary focus has been on critical infrastructure, including healthcare, education, and manufacturing.

Remcos (Remcos RAT)

Remcos, created by Breaking Security, is a remote administration tool commonly employed in malicious activities to take control of a target system.

Remote Access Trojan (RAT)

A remote access trojan disguises itself as a harmless program but includes a back door for administrative control over the target device. This administrative control allows the trojan to perform various actions on the target computer, including accessing private data, monitoring device behavior, and distributing additional malware.

Resident Virus

A resident virus embeds itself in computer memory, enabling it to infect other files without execution. By loading its replication module into RAM, the virus can be triggered whenever the operating system loads or performs functions, making it a highly impactful form of malware that can interfere with regular system operation and affect the entire system.


A rootkit is a malware-type infection that allows other viruses to execute with escalated privileges. It relies on various vulnerabilities in operating systems and third-party software.


Safe Mode

Safe Mode is a boot option loading only essential drivers needed for Windows to run. Users can select different sets of drivers based on the type of Safe Mode required.


Sality is a computer virus capable of infecting files within a Windows system. It propagates by attaching itself to executable files and has the ability to modify its code to elude detection.

SAML (Security Assertion Markup Language)

SAML (Security Assertion Markup Language) is a markup language that is used to create a secure login environment for multiple places while using only one account.


Scareware tricks users into downloading malware by displaying fear-inducing messages, claiming devices are infected. The software downloaded is, in reality, designed to steal personal data.

Screened Subnet Firewall

A screened subnet firewall is a network security architecture providing an additional layer of protection against third-party attacks. Comprising three interfaces – the public interface connecting to the internet, the screened subnet or demilitarized zone (DMZ) acting as a buffer, and the internal network interface – it enhances network security by isolating sensitive systems from the internet, minimizing the risk of unauthorized access, viruses, malware, and other cyber threats.


SECaaS, a cloud-based model, allows users to access security services hosted and managed by providers via the internet on a subscription basis. It encompasses firewalls, intrusion detection/prevention, identity/access management, data encryption, and antivirus/malware protection.

Security Software

Security Software aims to safeguard data, systems, and networks from unauthorized access, damage, theft, and various security threats. It ensures information integrity, availability, and confidentiality. These applications encompass antivirus and anti-malware tools, firewalls, virtual private network software, intrusion prevention and detection systems, and encryption tools.


SEO, short for search engine optimization, comprises marketing techniques aimed at increasing a website's popularity. The goal is to achieve a high ranking in search results for specific relevant keywords.

Session Hijacking

Hijacking the session means stealing the authorization of the users connected to the server, making it possible to act from the user’s name.


SHA-1 (Secure Hash Algorithm 1) is a one-way cryptographic hash function. It takes an input (or 'message') and produces a fixed-size string of characters, which is typically a 160-bit hash value. SHA-1 is widely used for data integrity and digital signatures, though it is considered deprecated for security-sensitive applications due to vulnerabilities that allow for collision attacks.

SQL Injection (SQLi)

SQL Injection (SQLi) is a type of cyber attack where malicious SQL (Structured Query Language) code is injected into input fields of a web application, exploiting vulnerabilities in the application's database layer. This can allow attackers to manipulate the database, execute unauthorized queries, and potentially access, modify, or delete sensitive data. SQL Injection attacks are a significant security concern, and developers use various techniques, such as parameterized queries and input validation, to prevent such exploits and secure web applications against this type of threat.

Shadow Copy

Shadow copy is a technology used by operating systems to create backup copies or snapshots of computer files and folders at specific points in time. These copies enable users to recover and restore data in cases of accidental deletion, data corruption, or system failures. Shadow copies are especially valuable in mitigating the impact of ransomware attacks, allowing users to restore files to their previous states without paying a ransom.

Shadow Password Files

Shadow Password Files are system files designed to enhance security by storing encrypted user passwords in a separate file, preventing unauthorized access to sensitive login credentials. This separation adds an extra layer of protection, as the actual passwords are not readily available to individuals attempting to compromise the system. The use of shadow password files is a security best practice, commonly employed in Unix-like operating systems.


Shamoon is a destructive malware created to overwrite and wipe targeted files, rendering infected systems inoperable. Named after a code string within the software, Shamoon exemplifies a trend of aggressive cyberattacks on critical infrastructure. Its ability to spread across networks amplifies the scale of damage, leading to significant data loss and extended system downtime.


Shareware is software distributed for free, often with limited features, for a specified period. After this period, users may be required to pay for continued use.


Shylock is a sophisticated banking Trojan malware notorious for its capability to pilfer sensitive financial information and carry out fraudulent transactions. It primarily targets Windows operating systems, with a focus on compromising online banking systems.

SIEM (Security Information And Event Management)

Security Information and Event Management (shortly SIEM) is a bunch of tools and techniques for researching the events in the environment where this system is applied. SIEM consists of two technologies that were growing separately from each other - Security Event Management (SEM) and Security Information Management (SIM). The former is responsible for monitoring and alarming the incoming events in the network (new connections, possible issues, and dubious behavior). SIM, on the other hand, is about analyzing logs and providing the corresponding conclusions to the analysts' team.


In computer security, a signature is a specific pattern enabling cybersecurity technologies to recognize malicious threats. Signature-based detection is a methodology used to identify known malware based on predefined patterns.


SilverSparrow is a type of malware designed for macOS operating systems. It primarily propagates through deceptive software packages found on the internet.


Smishing is a specific type of phishing that supposes using SMS services. Same as classical phishing, it aims at stealing the confidential data of the victim.

Snake Malware

Snake malware stands as a sophisticated cyber-espionage tool developed by the Federal Security Service (FSB) of Russia in 2003. Its purpose is to steal confidential information, such as international relations documents or diplomatic communications, and transmit it to the FSB using a covert peer-to-peer (P2P) network of compromised devices. Typically targeting high-profile entities or critical infrastructure systems, Snake malware is considered highly dangerous due to its ability to evade detection, modifiability, and robust programming.

Social Engineering

Social Engineering is a mass of approaches and techniques that describe the ways of influencing the opinions and actions of others. It may be separate individuals, as well as crowds. These methods usually focus attention on the problems and propose the chosen thing as the solution to this problem.


Spam refers to unwanted or unsolicited electronic messages, often sent in bulk, that can include emails, messages, or comments. These messages are typically sent for malicious purposes, such as spreading malware, phishing for sensitive information, or promoting fraudulent schemes. Spam is a common vector for various cyber threats, and individuals and organizations often use filters and security measures to minimize its impact and protect against potential risks.


Spigot is categorized as adware, commonly bundled with files obtained from untrustworthy or compromised websites. Upon running the downloaded file, Spigot discreetly installs undesirable browser extensions or additional software, leading to the display of intrusive advertisements on your device.


Spoofing is an Internet fraud technique that cheats on unaware users with messages that mislead users by their mere appearance. Spoofing exploits such human vulnerability as inattentiveness.


SpyEye is a type of malware utilizing keystroke logging to steal sensitive information from a user’s device, particularly targeting online banking credentials. Infected computers secretly monitor users’ online activities, compromising banking transactions, login credentials, and personal data.


Spyware is malicious software that logs and records sensitive data like passwords, login info, bank account information, credit card numbers, etc.


Uncover the world of steganalysis in cybersecurity, a process dedicated to detecting hidden information within digital media. Through techniques such as file format analysis, content analysis, statistical analysis, and steganography-specific methods, steganalysis plays a crucial role in uncovering covert communication and identifying steganographic malware. Explore its applications in forensic investigations and enhance your cybersecurity knowledge.


In cybersecurity, a stream refers to a flow of data in one or both directions. It can also denote a sequence of data elements.


Threat Landscape

The threat landscape represents the comprehensive view of potential risks and dangers individuals, organizations, or businesses may face online. It encompasses a range of cybersecurity risks, from malware attacks and stolen data to data breaches, that can cause harm.
Third-party cookies enable third parties to track and collect user browsing history, facilitating personalized advertising. However, these cookies pose higher risks than first-party cookies, as they share data with external websites, increasing vulnerability to hacker attacks. Cybercriminals can exploit third-party cookies to track and steal user data without detection, potentially compromising usernames, passwords, and card details.

Tech Support Scam

Guard against tech support scams, fraudulent activities where scammers pose as legitimate technical support representatives from well-known technology companies. Recognize the tactics employed, including scare tactics, to convince individuals of non-existent computer issues. Strengthen your defenses against potential malware installation, data theft, and financial exploitation.


TeslaCrypt, a variant of ransomware, is malicious software that encrypts files on a victim's computer, demanding payment for decryption. Initially discovered in 2015, TeslaCrypt primarily targeted game-play data for specific computer games. However, newer versions expanded to affect other file types, posing a threat to a wide range of users globally.

Time Bomb

Time Bomb is a way to launch malicious software activated under certain time conditions. It can aim at both mischief or launching the crimeware.


Tor, short for 'The Onion Router,' is a software project designed to enhance online privacy and anonymity. It achieves this by preventing the collection of user data on locations and browsing habits.


A torrent refers to a torrent descriptor file used by BitTorrent clients to send and receive large files over the internet. These files have the .torrent extension.


TrickBot is a sophisticated modular malware with capabilities encompassing system reconnaissance, data theft, and ransomware delivery. Initially designed as a banking trojan for Windows devices in 2016, TrickBot has evolved into a significant threat across various sectors, infecting over a million devices worldwide.


Trigona is a ransomware variant that focuses on Windows SQL servers, encrypting files and issuing threats to leak them unless a ransom is paid.


Trackware is a type of program used to collect system information and/or user activity from computing devices. It then sends this information to a third-party entity.

Trojan Virus

Trojan Viruses are malicious code or software that claim to be doing something useful but are doing something harmful. Trojans can take various forms, such as applications, documents, and scripts.


Trojan.Agent is a type of malicious software that conceals itself within apparently harmless files or software, enabling unauthorized access to your device and facilitating the installation of additional malware.


Typosquatting is a social engineering attack involving a fake website accessed by the victim through mistyped URLs. The fake website, resembling its legitimate counterpart, is registered under a similar domain. Typosquatting websites may employ scripts to infect the victim’s browser, trick them into downloading malware, or steal credentials.


UBA (User Behavior Analytics)

User Behavior Analytics process aims at early detection of malicious user behavior. It is handy for counteracting the insider threat.

UEFI Rootkit

A UEFI (Unified Extensible Firmware Interface) rootkit is a type of malware that infects a computer’s motherboard firmware, specifically targeting UEFI firmware. UEFI replaces the traditional BIOS and provides low-level software for hardware initialization during the boot process, enabling communication between the operating system and hardware components.

Unwanted Program (PUP Or PUA)

Unwanted programs are a sort of software product that is not recommended for usage since they can be hazardous for the system.

URL Hijack

URL hijacking involves tricking users into visiting websites with malicious content or malware. Attackers take advantage of common typos or misspellings made by users when entering a URL, redirecting them to fake sites set up by registering domain names similar to the intended site. This deceptive tactic compromises the user's online security.

URL Redirection Attack

A URL redirection attack is a web-based threat where the attacker manipulates URLs to redirect users from a legitimate website to a malicious one. The primary goal is to steal sensitive information or distribute malware.


Delve into the realm of UXSS, a security vulnerability allowing attackers to inject malicious code directly into users' browsers. Unlike traditional cross-site scripting, UXSS poses a broader threat, enabling malware execution across various websites, even those considered secure. Understand the implications of UXSS and fortify your defenses against this pervasive security risk.



Virut is a polymorphic file infector and a botnet that specifically targets Windows devices. It establishes connections to predetermined IRC servers, enabling unauthorized access to the compromised device.

VPN (Virtual Private Network)

VPN (a virtual private network) - is the name of various services that allow you to encrypt incoming and outgoing user traffic for protection, hide user data, and alter some of this data for the benefit.



The Wabbit virus is self-replicating malware that adversely affects computer systems, spreading rapidly like rabbits. It consumes excessive resources, potentially leading to system slowdowns or crashes.


Wacatac is an umbrella detection for a wide range of malicious software with dropper capabilities. It is commonly used to deliver ransomware and shares functionality and code across its variants.


Warez is an internet slang term referring to software that has been illegally copied and made available to users. It is crucial to distinguish warez from legitimate software, such as shareware or freeware, as the distribution of warez often infringes on copyrights and licensing agreements.

Warm Boot

In computing, a warm boot, also known as a soft boot, is a process that restores the system to its initial state without a complete shutdown. This method is often employed when applications are hanging or frozen, or after installing software. In Windows, for example, a warm boot can be initiated by choosing 'Restart' in the shutdown menu. Contrastingly, a cold boot involves a full system restart.

Watering Hole Attack

A watering hole attack is a cyberattack where the attacker targets websites frequently used by employees of a specific organization and infects them with malware.

Web Cache Poisoning

Understand the security vulnerability of web cache poisoning, where attackers manipulate web cache content to serve malware or fake information to unsuspecting users. Grasp the potential for advanced phishing attacks and malware distribution through compromised web caches. Strengthen your defenses against web cache poisoning threats.

Web Security Gateway

A web security gateway is a cybersecurity solution that provides robust protection for organizational networks and users against online threats. Serving as a barrier between the internal network and the internet, it controls and filters web traffic. Through in-depth analysis of data packets, the web security gateway detects and prevents harmful content, unauthorized access attempts, and potential security risks. It employs advanced techniques for web filtering, limiting access to malicious or inappropriate sites and preventing users from inadvertently downloading malware or falling victim to phishing attacks. Additionally, it enforces secure browsing policies, such as blocking specific website categories or implementing encryption protocols to reduce the risk of data leakage or unauthorized data transmission.

Web Protection

Web protection encompasses a set of security measures defending users and their devices during online activities. These precautions counteract various online hazards, including malware and phishing attacks, ensuring a secure and confidential online experience. Web protection tools and approaches can be applied to specific devices, across networks, or even by service providers.


WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access) are security protocols for wireless networks. WEP was an early encryption standard designed to secure Wi-Fi connections, but it is now considered insecure due to vulnerabilities. WPA, introduced as a more robust successor to WEP, provides stronger data protection through improved encryption methods, making it a more secure choice for Wi-Fi networks.


WHOIS, pronounced 'who is', is an internet service used to look up information about domain names. It helps identify the entity responsible for a specific domain.


A computer worm is a type of malicious software that can self-replicate and spread independently across computer networks. Unlike viruses, worms don't require a host program to attach to and can propagate by exploiting vulnerabilities in network protocols or software. Worms often aim to harm or disrupt systems, steal sensitive information, or create a network of compromised computers, and they can spread rapidly, causing widespread damage.


XDR (Extended Detection And Response)

XDR is a corporate security solution that manages the whole corporate network to prevent the deployment of malware. It also features an extended threat analysis functionality.

XMRig Malware

XMRig trojan is a miner malware – one that parasites on its victim’s hardware to mine cryptocurrencies, particularly Monero (XMR).

XSS (Cross-Site Scripting)

XSS or Cross-Site Scripting, is a vector of a malware attack where a threat actor injects malicious scripts into a certain website. Then, all other users who open this site are getting infected.


Yellow Hat Hacker

Yellow hat hackers, also known as social media hackers, specialize in compromising social media accounts for malicious purposes. Operating with criminal intent, they share similarities with black hat hackers. Utilizing various hacking tools, yellow hat hackers hijack social media accounts to engage in activities such as brand embarrassment, malware distribution, revenge, or misuse of personal information.


Yontoo is adware designed for Windows and Mac systems. While presenting enhanced web functionality through web apps and browser plugins, such as the ability to download YouTube videos with the Best Video Downloader, Yontoo simultaneously engages in browser hijacking, behavior tracking, and the display of questionable advertisements.


Zero Trust

Zero Trust is a cybersecurity framework that assumes no implicit trust within a network, even for users or systems inside it. It requires verification for anyone or anything trying to access resources, regardless of their location, emphasizing continuous authentication and strict access controls to enhance overall security posture.

Zero-Day Attack

Zero-day vulnerabilities make it impossible to have a proper stage of readiness for the cyberattack. It makes the possible vector of invasion random and will likely strike you pretty hard if you ignore that something is happening.

Zip Bomb

A Zip Bomb or "Decompression Bomb" is a malicious archive file that contains a lot of repeated data that can crash the program reading it.


Zombies in cybersecurity refer to Internet-connected computers that have been compromised by hackers, viruses, or trojan horses. Typically part of a botnet, these compromised machines unknowingly perform malicious tasks remotely, with their owners often unaware, likening them metaphorically to zombies.

Zombie Process

Also known as a defunct process, a zombie process is what you call a process in its terminated state. In programs with parent-child functions, a child usually sends an exit status message to its parent after executing. Unless the parent receives and acknowledges this message, the child is in a 'zombie' state. This means that it has executed but hasn’t exited, leading to potential resource wastage.


Also known as Zoom squatting, Zoombombing occurs when an unauthorized user joins a Zoom conference, either by guessing the Zoom meeting ID number, reusing a Zoom meeting ID from a previous meeting, or using a Zoom ID received from someone else. In the latter case, the Zoom meeting ID may have been shared with the Zoombomber by someone who was invited to the meeting or circulated among Zoombombers online. This disruptive behavior can compromise the security and privacy of the online meeting.


3AM Ransomware

The 3AM ransomware represents a recently identified strain with the purpose of encrypting and exfiltrating files from your device, coercing a ransom for their release.

3-Way Handshake

The 3-way handshake operates as follows: Machine A initiates communication by sending a packet to Machine B with a SYN flag set. Machine B acknowledges this SYN by responding with a SYN/ACK. Finally, Machine A acknowledges the SYN/ACK from Machine B by sending an ACK, establishing a successful three-step process for initiating a connection.

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Gridinsoft Anti-Malware