Since some of the information you are about to hear is time specific,\nI want to let you know that I am recording this near the end of November\nin 2023.
\nIf you missed the first episode, which introduces this series, you\ncan go back and listen to HPR3996
\nI have been using TryHackMe for several years, and I recommend it to\nall of my students. It is a great environment where people can get hands\non experience with technology that relates to cyber security, all from\nthe comfort of their browser and free year-round.
\nThe TryHackMe Advent of Cyber challenge is a free gamified\nenvironment which focuses on penetration testing, security\noperations/engineering, forensics/incident response, malware analysis,\nmachine learning, and more!
\nThis year\'s challenge opens on December 1, 2023 (Which is the reason\nwhy I am posting twice this week). Typically, the Advent of Cyber\nchallenge includes daily beginner-friendly exercises for people new to\ncybersecurity. These can consist of walkthroughs, video tutorials, and\nchallenges. There are also prizes available based on random drawings and\non participant success.
\nInfosec personalities like John Hammond, Gerald Auger, InsiderPHD,\nand InfoSec Pat are featured in this year\'s challenge.
\nYou can play with last year\'s Advent of Cyber challenge by visiting\nhttps://tryhackme.com/room/adventofcyber4. It outlines\nthe overall story and shows all of the tasks last year\'s participants\nexperienced, including both offensive and defensive topics like: log\nanalysis, OSINT, scanning, brute force attacks, email analysis,\nCyberChef, blockchain smart contracts, malware analysis, memory\nforensics, packet analysis, web application hacking, and more!
\nEverything can be done with a free account from within a browser.
\nIf you want to learn more about cybersecurity, transition your career\ninto infosec, or just have fun playing with cyber challenges, you can\ngive it a try by visiting tryhackme.com or
Please note: I am not affiliated with TryHackMe in any way, other\nthan having been a paying member for many years. Students and others who\nhave participated in previous year\'s Advent of Cyber challenges have\ntold me how much they enjoyed it and learned from it. Even though I have\nbeen an infosec practitioner for more years than I would like to admit,\nI also have enjoyed taking part in this challenge.
\nIf this is not for you, I will be sharing another option for a\nholiday challenge in my next episode.
\n',394,0,0,'CC-BY-SA','Advent of Cyber, TryHackMe, Hands on, cyber, cybersecurity, infosec, holiday, challenge',0,0,1), -(4006,'2023-12-11','Holiday Challenges Ep 3 SANS Holiday Hack Challenge & KringleCon',160,'Discussing the SANS Holiday Hack Challenge & KringleCon to help you enjoy the holiday season','Since some of the information you are about to hear is time specific,\nI want to let you know that I am recording this near the end of November\nin 2023.
\nIf you missed the first episode, which introduces this series, you\ncan go back and listen to HPR3996
\nThe SANS Holiday Hack Challenge is an interactive online technology\nand hacking game combined with a virtual security conference, beginning\nin the second week of December. By the time this episode drops, it may\nalready be live. You can tour the North Pole conference facilities,\nmeeting people, interactive non-player characters (NPC), and maybe even\nsome villains from Holiday Hack Challenges past, as you solve problems\nand gather clues which you use to help save Christmas.
\nEverything can be done from within the browser, and did I mention\nthere is a virtual security conference, called KringleCon? Some of the\nbiggest rock stars (and most humble and brilliant people) in\nCyberSecurity speak each year at KringleCon. Many of their talks also\nprovide clues to solving game challenges.
\nEd Skoudis and his team (The same people who build SANS NetWars) work\ntirelessly year after year to create the most amazing experience,\ncomplete with custom music! This has become one of my favorite holiday\ntraditions each year. You can learn more about the 2023 challenge by\nwatching Ed\'s Inside SANS Holiday Hack Challenge 2023 YouTube video at\nhttps://www.youtube.com/watch?v=X9Gmdr_CxzQ
\nYou can access this year\'s challenge by visiting sans.org/holidayhack\nor https://www.sans.org/mlp/holiday-hack-challenge-2023/
\nThere, you will learn more about all things Holiday Hack before the\ngame opens in the second week of December. If you want to play now, or\njust get a feel for it, you can access three of the previous years\'\nchallenges right now at the same site.
\nI am not associated with SANS or the Holiday Hack Challenge in any\nway, other than to have participated for several years now, and I have\nwatched other people learn and grow by taking part in it.
\nI hope that you have enjoyed this short series. If there are other\nonline challenges you find interesting or informative, I encourage you\nto record a show about them.
\nHave a wonderful day.
\n',394,0,0,'CC-BY-SA','SANS, KringleCon, holiday, challenge',0,0,0); +(4006,'2023-12-11','Holiday Challenges Ep 3 SANS Holiday Hack Challenge & KringleCon',160,'Discussing the SANS Holiday Hack Challenge & KringleCon to help you enjoy the holiday season','Since some of the information you are about to hear is time specific,\nI want to let you know that I am recording this near the end of November\nin 2023.
\nIf you missed the first episode, which introduces this series, you\ncan go back and listen to HPR3996
\nThe SANS Holiday Hack Challenge is an interactive online technology\nand hacking game combined with a virtual security conference, beginning\nin the second week of December. By the time this episode drops, it may\nalready be live. You can tour the North Pole conference facilities,\nmeeting people, interactive non-player characters (NPC), and maybe even\nsome villains from Holiday Hack Challenges past, as you solve problems\nand gather clues which you use to help save Christmas.
\nEverything can be done from within the browser, and did I mention\nthere is a virtual security conference, called KringleCon? Some of the\nbiggest rock stars (and most humble and brilliant people) in\nCyberSecurity speak each year at KringleCon. Many of their talks also\nprovide clues to solving game challenges.
\nEd Skoudis and his team (The same people who build SANS NetWars) work\ntirelessly year after year to create the most amazing experience,\ncomplete with custom music! This has become one of my favorite holiday\ntraditions each year. You can learn more about the 2023 challenge by\nwatching Ed\'s Inside SANS Holiday Hack Challenge 2023 YouTube video at\nhttps://www.youtube.com/watch?v=X9Gmdr_CxzQ
\nYou can access this year\'s challenge by visiting sans.org/holidayhack\nor https://www.sans.org/mlp/holiday-hack-challenge-2023/
\nThere, you will learn more about all things Holiday Hack before the\ngame opens in the second week of December. If you want to play now, or\njust get a feel for it, you can access three of the previous years\'\nchallenges right now at the same site.
\nI am not associated with SANS or the Holiday Hack Challenge in any\nway, other than to have participated for several years now, and I have\nwatched other people learn and grow by taking part in it.
\nI hope that you have enjoyed this short series. If there are other\nonline challenges you find interesting or informative, I encourage you\nto record a show about them.
\nHave a wonderful day.
\n',394,0,0,'CC-BY-SA','SANS, KringleCon, holiday, challenge',0,0,0), +(3997,'2023-11-28','The Oh No! News.',875,'Sgoti talks about Malware distributed via Google\'s Dynamic Ads and more.','The Oh No! news.
\nOh No! News is Good\nNews.
\n- \n
- TAGS: Oh No, News, Threat analysis, InfoSec, Google\nDynamic Search Ads \n
\n
Threat analysis;\nyour attack surface.
\n- \n
Source:
\n
\n- \n
- A former NHS employee has been found guilty and fined for illegally\naccessing the medical records of over 150 people.
\n \n - Loretta Alborghetti, from Redditch, worked as a medical secretary\nwithin the Ophthalmology department at Worcestershire Acute Hospitals\nNHS Trust when she illegally accessed the records.
\n \n
\n- A former NHS employee has been found guilty and fined for illegally\naccessing the medical records of over 150 people.
Supporting Source:
\n \nSource:
\n
\n- \n
- While NetSupport Manager started off as a legitimate remote\nadministration tool for technical assistance and support, malicious\nactors have misappropriated the tool to their own advantage, using it as\na beachhead for subsequent attacks.
\n \n
\n- While NetSupport Manager started off as a legitimate remote\nadministration tool for technical assistance and support, malicious\nactors have misappropriated the tool to their own advantage, using it as\na beachhead for subsequent attacks.
Source:
\n
\n- \n
- The threat actors are believed to leverage Google\'s Dynamic Search\nAds (DSAs), which automatically generates ads based on a site\'s content\nto serve the malicious ads that take the victims to the infected\nsite.
\n \n
\n- The threat actors are believed to leverage Google\'s Dynamic Search\nAds (DSAs), which automatically generates ads based on a site\'s content\nto serve the malicious ads that take the victims to the infected\nsite.
Source:
\n
\n- \n
- Victims who clicked on the ad were taken to a hacked web page with a\nlink to download the application, which turned out to install over a\ndozen different pieces of malware instead.
\n \n
\n- Victims who clicked on the ad were taken to a hacked web page with a\nlink to download the application, which turned out to install over a\ndozen different pieces of malware instead.
\n
InfoSec; the language\nof security.
\n- \n
- Source:
\n \n
\n
- \n
- Additional Information.\n
- \n
- What is a \"Data\nBreach\"? A data breach is a security violation, in which sensitive,\nprotected or confidential data is copied, transmitted, viewed, stolen,\naltered or used by an individual unauthorized to do so.
\n \n - What is \"Malware\"?\nMalware (a portmanteau for\nmalicious software) is any software intentionally designed to cause\ndisruption to a computer, server, client, or computer network, leak\nprivate information, gain unauthorized access to information or systems,\ndeprive access to information, or which unknowingly interferes with the\nuser\'s computer security and privacy.
\n \n - What is a \"Payload\"?\nIn the context of a computer virus or worm, the payload is the portion\nof the malware which performs malicious action; deleting data, sending\nspam or encrypting data. In addition to the payload, such malware also\ntypically has overhead code aimed at simply spreading itself, or\navoiding detection.
\n \n - What is \"Phishing\"?\nPhishing is a form of
\n \n
\n \n- What is \"Information\nSecurity\" (InfoSec)? Information security, sometimes shortened to\nInfoSec, is the practice of protecting information by mitigating
- \n
- Information Security Attributes:
\n \n
\n - Information Security Attributes:
- What is \"Risk\nmanagement\"? Risk management is the identification, evaluation, and\nprioritization of risks followed by coordinated and economical\napplication of resources to minimize, monitor, and control the\nprobability or impact of unfortunate events or to maximize the\nrealization of opportunities.
\n \n - What is a \"Vulnerability\"\n(computing)? Vulnerabilities are flaws in a computer system that\nweaken the overall security of the device/system. Vulnerabilities can be\nweaknesses in either the hardware itself, or the software that runs on\nthe hardware.
\n \n - What is an \"Attack\nSurface\"? The attack surface of a software environment is the sum of\nthe different points (for \"attack vectors\") where an unauthorized user\n(the \"attacker\") can try to enter data to or extract data from an\nenvironment. Keeping the attack surface as small as possible is a basic\nsecurity measure.
\n \n - What is an \"Attack\nVector\"? In computer security, an attack vector is a specific path,\nmethod, or scenario that can be exploited to break into an IT system,\nthus compromising its security. The term was derived from the\ncorresponding notion of vector in biology. An attack vector may be\nexploited manually, automatically, or through a combination of manual\nand automatic activity.
\n \n - What is\n\"Standardization\"? Standardization is the process of implementing\nand developing technical standards based on the consensus of different\nparties that include firms, users, interest groups, standards\norganizations and governments. Standardization can help maximize\ncompatibility, interoperability, safety, repeatability, or quality. It\ncan also facilitate a normalization of formerly custom processes.\n
- \n
- List of computer\nstandards.
\n \n
\n \n
\n - List of computer\nstandards.
- What is a \"Replay\nattack\"? A replay attack is a form of network attack in which valid\ndata transmission is maliciously or fraudulently repeated or delayed.\nAnother way of describing such an attack is: \"an attack on a security\nprotocol using a replay of messages from a different context into the\nintended (or original and expected) context, thereby fooling the honest\nparticipant(s) into thinking they have successfully completed the\nprotocol run.\"
\n \n - What is a\n\"Man-in-the-middle attack\"? In cryptography and computer security, a\nman-in-the-middle, ..., attack is a cyberattack where the attacker\nsecretly relays and possibly alters the communications between two\nparties who believe that they are directly communicating with each\nother, as the attacker has inserted themselves between the two\nparties.
\n \n - What is \"Transport Layer\nSecurity\" (TLS)? Transport Layer Security (TLS) is a cryptographic\nprotocol designed to provide communications security over a computer\nnetwork. The protocol is widely used in applications such as email,\ninstant messaging, and voice over IP, but its use in securing HTTPS\nremains the most publicly visible.
\n \n - What is a \"Handshake\"\n(computing)?. In computing, a handshake is a signal between two\ndevices or programs, used to, e.g., authenticate, coordinate. An example\nis the handshaking between a hypervisor and an application in a guest\nvirtual machine.
\n \n - What is Security\ntheater? The practice of taking security measures that are\nconsidered to provide the feeling of improved security while doing\nlittle or nothing to achieve it.
\n \n
\n - What is a \"Data\nBreach\"? A data breach is a security violation, in which sensitive,\nprotected or confidential data is copied, transmitted, viewed, stolen,\naltered or used by an individual unauthorized to do so.
\n
- \n
- License:
\n![\"Creative](\"https://i.creativecommons.org/l/by-sa/4.0/88x31.png\")
This\nwork is licensed under a\nCreative\nCommons Attribution-ShareAlike 4.0 International License. \n
aNONradio: https://anonradio.net
\nTildeRadio: https://tilderadio.org
Volumio: https://volumio.com/
\nmoOde Audio: https://moodeaudio.org/
Holiday\nChallenges Series - Ep 1 - Advent of Code
\nSince some of the information you are about to hear is time specific,\nI want to let you know that I am recording this near the end of November\nin 2023.
\nWhichever holidays you celebrate this time of year, life generally\ngets busy and stressful.
\nIt could be shopping
\nor cooking
\nor cleaning
\nor school activities
\nor buying, assembling, wrapping, and delivering gifts
\nor planning time with family
\nor dealing with visiting family
\nor scheduling time off from work
\nor managing extra work while others have scheduled time off
\nor a whole plethora of other things.
\nThis time of year can be stressful.
A few years ago, I discovered a fun activity, which challenged my\nmind and helped me focus and detach from the stress for a little while\neach day, through the month of December. It helped me manage the stress\nin an enjoyable way.
\nSince then, I have found and tried several other similar activities,\nso I wanted to share a little about them with you for the next few\nepisodes so you can see what might work for you.
\nThe first I would like to share is called the Advent of Code\nChallenge (https://adventofcode.com/). In HPR episodes 2973 (
But the TLDR (Or maybe the TLDL -- Too Long Didn\'t Listen?) for\nAdvent of Code is that it is a 25 day challenge which begins on December\n1. Once you register at adventofcode.com, Each day, you will be\npresented with a problem to solve and some sample data to use for\nverification that your program works. You can choose to use any\nprogramming language or application you desire produce the answer. Last\nyear, I used this to brush up on my Python skills. Others use Visual\nBasic, C (and all its variants), Rust, Go, etc. I have seen people use\nCobol, Fortran, and Pascal, or even Microsoft Excel. It is really up to\nyou. You are then presented a dataset which is unique to your login, and\nagainst which you run your code. When complete, you submit the answer\ncame up with on the adventofcode.com web site and they will tell you if\nyou are correct or not.
\nIf you are competitive (And REALLY GOOD) there is a Global\nLeaderboard. If you want to compete with a group of friends, you can\nbuild your own leaderboard and invite others to take part with you.
\nThere are tons of resources online, from youtube channels to reddit\n(https://www.reddit.com/r/adventofcode/), to Discord (
So, if you are looking for a way to challenge your mind and detach\nfrom holiday stress, Advent of Code may be something you might try.
\nIf this is not your cup of tea, I will be sharing several other\noptions for holiday challenges in future episodes.
\n',394,0,0,'CC-BY-SA','Advent of Code, holiday, challenge',0,0,1), (3999,'2023-11-30','Holiday Challenges Series Ep 02 TryHackMe Advent of Cyber Challenge',183,'Discussing the TryHackMe Advent of Cyber challenge to help you enjoy the holiday season','Since some of the information you are about to hear is time specific,\nI want to let you know that I am recording this near the end of November\nin 2023.
\nIf you missed the first episode, which introduces this series, you\ncan go back and listen to HPR3996
\nI have been using TryHackMe for several years, and I recommend it to\nall of my students. It is a great environment where people can get hands\non experience with technology that relates to cyber security, all from\nthe comfort of their browser and free year-round.
\nThe TryHackMe Advent of Cyber challenge is a free gamified\nenvironment which focuses on penetration testing, security\noperations/engineering, forensics/incident response, malware analysis,\nmachine learning, and more!
\nThis year\'s challenge opens on December 1, 2023 (Which is the reason\nwhy I am posting twice this week). Typically, the Advent of Cyber\nchallenge includes daily beginner-friendly exercises for people new to\ncybersecurity. These can consist of walkthroughs, video tutorials, and\nchallenges. There are also prizes available based on random drawings and\non participant success.
\nInfosec personalities like John Hammond, Gerald Auger, InsiderPHD,\nand InfoSec Pat are featured in this year\'s challenge.
\nYou can play with last year\'s Advent of Cyber challenge by visiting\nhttps://tryhackme.com/room/adventofcyber4. It outlines\nthe overall story and shows all of the tasks last year\'s participants\nexperienced, including both offensive and defensive topics like: log\nanalysis, OSINT, scanning, brute force attacks, email analysis,\nCyberChef, blockchain smart contracts, malware analysis, memory\nforensics, packet analysis, web application hacking, and more!
\nEverything can be done with a free account from within a browser.
\nIf you want to learn more about cybersecurity, transition your career\ninto infosec, or just have fun playing with cyber challenges, you can\ngive it a try by visiting tryhackme.com or
Please note: I am not affiliated with TryHackMe in any way, other\nthan having been a paying member for many years. Students and others who\nhave participated in previous year\'s Advent of Cyber challenges have\ntold me how much they enjoyed it and learned from it. Even though I have\nbeen an infosec practitioner for more years than I would like to admit,\nI also have enjoyed taking part in this challenge.
\nIf this is not for you, I will be sharing another option for a\nholiday challenge in my next episode.
\n',394,0,0,'CC-BY-SA','Advent of Cyber, TryHackMe, Hands on, cyber, cybersecurity, infosec, holiday, challenge',0,0,1), -(4006,'2023-12-11','Holiday Challenges Ep 3 SANS Holiday Hack Challenge & KringleCon',160,'Discussing the SANS Holiday Hack Challenge & KringleCon to help you enjoy the holiday season','Since some of the information you are about to hear is time specific,\nI want to let you know that I am recording this near the end of November\nin 2023.
\nIf you missed the first episode, which introduces this series, you\ncan go back and listen to HPR3996
\nThe SANS Holiday Hack Challenge is an interactive online technology\nand hacking game combined with a virtual security conference, beginning\nin the second week of December. By the time this episode drops, it may\nalready be live. You can tour the North Pole conference facilities,\nmeeting people, interactive non-player characters (NPC), and maybe even\nsome villains from Holiday Hack Challenges past, as you solve problems\nand gather clues which you use to help save Christmas.
\nEverything can be done from within the browser, and did I mention\nthere is a virtual security conference, called KringleCon? Some of the\nbiggest rock stars (and most humble and brilliant people) in\nCyberSecurity speak each year at KringleCon. Many of their talks also\nprovide clues to solving game challenges.
\nEd Skoudis and his team (The same people who build SANS NetWars) work\ntirelessly year after year to create the most amazing experience,\ncomplete with custom music! This has become one of my favorite holiday\ntraditions each year. You can learn more about the 2023 challenge by\nwatching Ed\'s Inside SANS Holiday Hack Challenge 2023 YouTube video at\nhttps://www.youtube.com/watch?v=X9Gmdr_CxzQ
\nYou can access this year\'s challenge by visiting sans.org/holidayhack\nor https://www.sans.org/mlp/holiday-hack-challenge-2023/
\nThere, you will learn more about all things Holiday Hack before the\ngame opens in the second week of December. If you want to play now, or\njust get a feel for it, you can access three of the previous years\'\nchallenges right now at the same site.
\nI am not associated with SANS or the Holiday Hack Challenge in any\nway, other than to have participated for several years now, and I have\nwatched other people learn and grow by taking part in it.
\nI hope that you have enjoyed this short series. If there are other\nonline challenges you find interesting or informative, I encourage you\nto record a show about them.
\nHave a wonderful day.
\n',394,0,0,'CC-BY-SA','SANS, KringleCon, holiday, challenge',0,0,0); +(4006,'2023-12-11','Holiday Challenges Ep 3 SANS Holiday Hack Challenge & KringleCon',160,'Discussing the SANS Holiday Hack Challenge & KringleCon to help you enjoy the holiday season','Since some of the information you are about to hear is time specific,\nI want to let you know that I am recording this near the end of November\nin 2023.
\nIf you missed the first episode, which introduces this series, you\ncan go back and listen to HPR3996
\nThe SANS Holiday Hack Challenge is an interactive online technology\nand hacking game combined with a virtual security conference, beginning\nin the second week of December. By the time this episode drops, it may\nalready be live. You can tour the North Pole conference facilities,\nmeeting people, interactive non-player characters (NPC), and maybe even\nsome villains from Holiday Hack Challenges past, as you solve problems\nand gather clues which you use to help save Christmas.
\nEverything can be done from within the browser, and did I mention\nthere is a virtual security conference, called KringleCon? Some of the\nbiggest rock stars (and most humble and brilliant people) in\nCyberSecurity speak each year at KringleCon. Many of their talks also\nprovide clues to solving game challenges.
\nEd Skoudis and his team (The same people who build SANS NetWars) work\ntirelessly year after year to create the most amazing experience,\ncomplete with custom music! This has become one of my favorite holiday\ntraditions each year. You can learn more about the 2023 challenge by\nwatching Ed\'s Inside SANS Holiday Hack Challenge 2023 YouTube video at\nhttps://www.youtube.com/watch?v=X9Gmdr_CxzQ
\nYou can access this year\'s challenge by visiting sans.org/holidayhack\nor https://www.sans.org/mlp/holiday-hack-challenge-2023/
\nThere, you will learn more about all things Holiday Hack before the\ngame opens in the second week of December. If you want to play now, or\njust get a feel for it, you can access three of the previous years\'\nchallenges right now at the same site.
\nI am not associated with SANS or the Holiday Hack Challenge in any\nway, other than to have participated for several years now, and I have\nwatched other people learn and grow by taking part in it.
\nI hope that you have enjoyed this short series. If there are other\nonline challenges you find interesting or informative, I encourage you\nto record a show about them.
\nHave a wonderful day.
\n',394,0,0,'CC-BY-SA','SANS, KringleCon, holiday, challenge',0,0,0), +(3997,'2023-11-28','The Oh No! News.',875,'Sgoti talks about Malware distributed via Google\'s Dynamic Ads and more.','The Oh No! news.
\nOh No! News is Good\nNews.
\n- \n
- TAGS: Oh No, News, Threat analysis, InfoSec, Google\nDynamic Search Ads \n
\n
Threat analysis;\nyour attack surface.
\n- \n
Source:
\n
\n- \n
- A former NHS employee has been found guilty and fined for illegally\naccessing the medical records of over 150 people.
\n \n - Loretta Alborghetti, from Redditch, worked as a medical secretary\nwithin the Ophthalmology department at Worcestershire Acute Hospitals\nNHS Trust when she illegally accessed the records.
\n \n
\n- A former NHS employee has been found guilty and fined for illegally\naccessing the medical records of over 150 people.
Supporting Source:
\n \nSource:
\n
\n- \n
- While NetSupport Manager started off as a legitimate remote\nadministration tool for technical assistance and support, malicious\nactors have misappropriated the tool to their own advantage, using it as\na beachhead for subsequent attacks.
\n \n
\n- While NetSupport Manager started off as a legitimate remote\nadministration tool for technical assistance and support, malicious\nactors have misappropriated the tool to their own advantage, using it as\na beachhead for subsequent attacks.
Source:
\n
\n- \n
- The threat actors are believed to leverage Google\'s Dynamic Search\nAds (DSAs), which automatically generates ads based on a site\'s content\nto serve the malicious ads that take the victims to the infected\nsite.
\n \n
\n- The threat actors are believed to leverage Google\'s Dynamic Search\nAds (DSAs), which automatically generates ads based on a site\'s content\nto serve the malicious ads that take the victims to the infected\nsite.
Source:
\n
\n- \n
- Victims who clicked on the ad were taken to a hacked web page with a\nlink to download the application, which turned out to install over a\ndozen different pieces of malware instead.
\n \n
\n- Victims who clicked on the ad were taken to a hacked web page with a\nlink to download the application, which turned out to install over a\ndozen different pieces of malware instead.
\n
InfoSec; the language\nof security.
\n- \n
- Source:
\n \n
\n
- \n
- Additional Information.\n
- \n
- What is a \"Data\nBreach\"? A data breach is a security violation, in which sensitive,\nprotected or confidential data is copied, transmitted, viewed, stolen,\naltered or used by an individual unauthorized to do so.
\n \n - What is \"Malware\"?\nMalware (a portmanteau for\nmalicious software) is any software intentionally designed to cause\ndisruption to a computer, server, client, or computer network, leak\nprivate information, gain unauthorized access to information or systems,\ndeprive access to information, or which unknowingly interferes with the\nuser\'s computer security and privacy.
\n \n - What is a \"Payload\"?\nIn the context of a computer virus or worm, the payload is the portion\nof the malware which performs malicious action; deleting data, sending\nspam or encrypting data. In addition to the payload, such malware also\ntypically has overhead code aimed at simply spreading itself, or\navoiding detection.
\n \n - What is \"Phishing\"?\nPhishing is a form of
\n \n
\n \n- What is \"Information\nSecurity\" (InfoSec)? Information security, sometimes shortened to\nInfoSec, is the practice of protecting information by mitigating
- \n
- Information Security Attributes:
\n \n
\n - Information Security Attributes:
- What is \"Risk\nmanagement\"? Risk management is the identification, evaluation, and\nprioritization of risks followed by coordinated and economical\napplication of resources to minimize, monitor, and control the\nprobability or impact of unfortunate events or to maximize the\nrealization of opportunities.
\n \n - What is a \"Vulnerability\"\n(computing)? Vulnerabilities are flaws in a computer system that\nweaken the overall security of the device/system. Vulnerabilities can be\nweaknesses in either the hardware itself, or the software that runs on\nthe hardware.
\n \n - What is an \"Attack\nSurface\"? The attack surface of a software environment is the sum of\nthe different points (for \"attack vectors\") where an unauthorized user\n(the \"attacker\") can try to enter data to or extract data from an\nenvironment. Keeping the attack surface as small as possible is a basic\nsecurity measure.
\n \n - What is an \"Attack\nVector\"? In computer security, an attack vector is a specific path,\nmethod, or scenario that can be exploited to break into an IT system,\nthus compromising its security. The term was derived from the\ncorresponding notion of vector in biology. An attack vector may be\nexploited manually, automatically, or through a combination of manual\nand automatic activity.
\n \n - What is\n\"Standardization\"? Standardization is the process of implementing\nand developing technical standards based on the consensus of different\nparties that include firms, users, interest groups, standards\norganizations and governments. Standardization can help maximize\ncompatibility, interoperability, safety, repeatability, or quality. It\ncan also facilitate a normalization of formerly custom processes.\n
- \n
- List of computer\nstandards.
\n \n
\n \n
\n - List of computer\nstandards.
- What is a \"Replay\nattack\"? A replay attack is a form of network attack in which valid\ndata transmission is maliciously or fraudulently repeated or delayed.\nAnother way of describing such an attack is: \"an attack on a security\nprotocol using a replay of messages from a different context into the\nintended (or original and expected) context, thereby fooling the honest\nparticipant(s) into thinking they have successfully completed the\nprotocol run.\"
\n \n - What is a\n\"Man-in-the-middle attack\"? In cryptography and computer security, a\nman-in-the-middle, ..., attack is a cyberattack where the attacker\nsecretly relays and possibly alters the communications between two\nparties who believe that they are directly communicating with each\nother, as the attacker has inserted themselves between the two\nparties.
\n \n - What is \"Transport Layer\nSecurity\" (TLS)? Transport Layer Security (TLS) is a cryptographic\nprotocol designed to provide communications security over a computer\nnetwork. The protocol is widely used in applications such as email,\ninstant messaging, and voice over IP, but its use in securing HTTPS\nremains the most publicly visible.
\n \n - What is a \"Handshake\"\n(computing)?. In computing, a handshake is a signal between two\ndevices or programs, used to, e.g., authenticate, coordinate. An example\nis the handshaking between a hypervisor and an application in a guest\nvirtual machine.
\n \n - What is Security\ntheater? The practice of taking security measures that are\nconsidered to provide the feeling of improved security while doing\nlittle or nothing to achieve it.
\n \n
\n - What is a \"Data\nBreach\"? A data breach is a security violation, in which sensitive,\nprotected or confidential data is copied, transmitted, viewed, stolen,\naltered or used by an individual unauthorized to do so.
\n
- \n
- License:
\n
This\nwork is licensed under a\nCreative\nCommons Attribution-ShareAlike 4.0 International License. \n