Essential Cybersecurity Terms : You Must Know

1

Rogue Security Software

Fake antivirus software that deceives users into downloading malware under the guise of system protection.

2

Ransomware

Malicious software that encrypts your data and demands payment to unlock it.

3

Rootkit

A stealthy software tool that gives hackers remote access/control of a system while hiding its presence.

4

Cryptojacking

Unauthorized use of someone’s device to mine cryptocurrency, usually slowing down the system.

5

Keylogger

Malicious software that records keyboard inputs to steal login credentials or other sensitive information.

6

Drive-by Download Attack

Malware that installs automatically when a user visits a compromised or malicious website.

7

Memory Injection

A technique where malicious code is inserted directly into a program’s active memory.

8

Zero-Day Exploit

An attack that targets a vulnerability unknown to the software vendor—no fix is available yet.

9

Botnet

A network of compromised computers (bots) controlled remotely by hackers, often used for attacks like DDoS.

10

Encryption

Process of converting data into unreadable form to prevent
unauthorized access.

11

Firewall

A security system that filters incoming and outgoing
network traffic based on security rules.

12

Multi-Factor Authentication (MFA)

A security mechanism requiring two or more verification
methods (e.g., password + OTP).

13

Data Loss Prevention (DLP)

Tools and techniques that prevent sensitive data from being
leaked or sent outside the organization.

14

DMZ (Demilitarized Zone)

A buffer zone between internal networks and external
traffic, used to host public-facing services safely.

15

Exploit Kit

A toolkit (often sold on the dark web) designed to find and
exploit software vulnerabilities automatically.

16

Unpatched / Outdated Software

Applications not updated with the latest security fixes,
making them vulnerable to attacks.

17

Advanced Persistent Threat (APT)

A prolonged, targeted cyberattack where an intruder remains undetected within a network.

18

Phishing

Fraudulent emails or websites designed to trick users into revealing sensitive information.

19

Smishing

SMS-based phishing that tricks users into clicking malicious links or sharing personal data.

20

Vishing

Voice call-based phishing scams pretending to be from legitimate sources.

21

Insider Threats

Risks originating from within the organization—current or former employees or contractors.

22

Salami Logic

A type of fraud where small amounts are skimmed off multiple transactions to evade detection.

23

Data Diddling

Tampering with input data or records, often for fraudulent gain.

24

Black Hat Hacker

A malicious hacker who exploits system vulnerabilities for personal or criminal benefit.

25

Ethical Hacking

Authorized hacking performed to find and fix vulnerabilities—done by “White Hat” hackers.

26

Indicators of Compromise (IOC)

Forensic evidence of a security breach (e.g., malware signatures, IP addresses).

27

Command and Control (C2)

A system used by attackers to remotely manage and control compromised machines.

28

Threat Intelligence

Curated knowledge of known threats, used to inform and improve cyber defenses.

29

Red Team

A group that simulates attacks to test and strengthen an organization’s security defenses.

30

Vulnerability Assessment (VA)

A process that identifies and prioritizes security weaknesses in systems.

31

Penetration Testing (PT)

Simulated cyberattacks conducted to evaluate system resilience against real-world hacking attempts.

32

Security Operations Centre (SOC)

A centralized team that monitors and responds to cybersecurity incidents 24/7.

33

CSIRT (Computer Security Incident Response Team)

A specialized group responsible for managing and resolving security incidents within an organization.

34

SIEM (Security Information and Event Management)

A system that collects and analyzes security data in real time to detect threats and anomalies.