Final Exam 2 Flashcards
What is a vulnerability
A flaw in a system that can be taken advantage of to impact the confidentiality, integrity, or availability of the system
What is an exploit
An attack taking advantage of a vulnerability
What is a zero-day
An exploit for a vulnerability that has no fix
What is a virus vs a worm
Virus - malware that replicates locally, often infecting files
Worm - malware that spreads from system to system automatically
What is adware
Malware making money through advertising manipulation
What is spyware
Malware collecting private info
What is scareware
Malware scaring users with threats to coerce actions
How does a credential stealer steal credentials?
Accesses memory, temporary internet files, keylogging
What is a rootkit?
Malware with admin privileges allowing persistent access to a compromised system
What is RAT?
Remote Admin Tool, allows remote access to a system
Biggest email threat and how it propagates
Virus (or worm) sets up a backdoor; propagates via sending spam e-mails that turn systems into “spambots”
What is phishing?
An attempt to gather sensitive info by masquerading a trustworthy entity
Ways of identifying phishing threats/protecting yourself from malware
- incorrect grammar
- email links
- email attachments
- asking for credentials
What is spearphishing
Phishing aimed at specific individuals or companies
What is SMShing
Act of sending fraudulent URL or phone # via SMS
What is OWASP
Open Web Application Security Project
What is an SQL injection
An attack manipulating input and server-side scripts to send malicious SQL commands
What is XSS and two types?
A cyber attack utilizing web vulnerabilities to send malicious code to a diff end user
Stored and reflected XSS
What is social engineering?
the science of manipulating human beings to take an action or divulge info
What are the types of info processing
“Top down - knowledge driven, based on prev exp, goals/expectations drive perception
Bottom up - used when knowledge is lacking, recognition by components, info driven”
Basic Human Tendencies
Reciprocity, social proof, consistency, scarcity, liking, authority
Telltale signs of social engineering
- pretending to know publicly available info
- warnings or inducements of fear/concern
- unrealistic promises
- time urgency
- unverified but “official” info