A service model for providing a cloud platform with a specific feature set. The PaaS provider supplies the client with a fully configured platform (hardware, OS, DBMS) where all necessary application software can be deployed. Unlike the IaaS model, it… Read Full Article

Packers are used to compress a file. While this may be done for legitimate reasons – to save disk space or reduce data transmission time – packers are also used by cybercriminals as a form of code obfuscation. The packing… Read Full Article

A program or service for data search based on certain rules. The parser processes information according to specified criteria and outputs it in a structured form. The input can take the form of a key phrase or any sequence of… Read Full Article

A cyberattack that circumvents the authorization mechanism in NTLM or LM protocol. The technique uses the hash of a user’s password en-route to the server: generated without salt, it has the same value for each one of the user’s sessions.… Read Full Article

A patch provides additional, revised or updated code for an operating system or application. Except for open source software, most software vendors do not publish their source code: so patches are normally pieces of binary code that are patched into… Read Full Article

A cyberattack aiming to gain unauthorized access to files or folders. Attackers manipulate the expression../ to traverse to the target directory. This type of attack is not due to a coding bug in the vulnerable system, but insufficient validation of… Read Full Article

In the world of malware, the term payload is used to describe what a virus, worm or Trojan is designed to do on a victim’s computer. For example, payload of malicious programs includes damage to data, theft of confidential information… Read Full Article

The term peer-to-peer can be applied to a network system in which there is no dedicated network server and in which each machine has both server and client capabilities. Today, the term P2P is more commonly applied to a temporary… Read Full Article

The modeling of an attack on a computer system or network. The purpose of the test is to identify vulnerabilities in the system and assess the possible damage caused by cybercriminal penetration. The pentest can be based on a closed… Read Full Article

An information security expert who performs penetration tests. During the simulated attack on the target computer system, the pentester: Collects information about the object Searches for entry points Gains access to the system Maintains a presence in the system Removes… Read Full Article

Long-time preservation of an information object’s state. For example, many computer games can record the current user session state to a file to recover it at a later time. In information security, persistence is malware’s ability to remain active after… Read Full Article

Any information that helps identify a particular individual. PII includes given name, surname, passport number, and other information that can be used, directly or indirectly, to identify a person. All PII must be stored and processed in accordance with the… Read Full Article

A type of cyber attack intended to covertly redirect users to a phishing resource owned by the attacker. Pharming works by substituting the IP address of a legitimate site by means of malware installed on the victim’s computer. Redirection is… Read Full Article

What is phishing? What are the different types of phishing? What are vishing, smishing, pharming, spear phishing, and whaling? And what is APWG? Read Full Article

Pig butchering is a type of fraud involving fake investments and prolonged communication between scammer and victim. Read Full Article

A software component used as a part of a program or a website engine that adds specific features to it, so that it can be customized. Commonly used in web browsers.

A demonstration of the feasibility of a particular method. PoC is used to test theoretical calculations and hypotheses in practice. In the field of information security, PoC involves modeling the operation of software or an exploit with a view to… Read Full Article

A property of a malicious program whereby each new copy of it, created through a self-propagation mechanism, has a unique sequence of bytes at the executable file level, but with the same functions as the parent. Polymorphism is used to… Read Full Article

An application-layer protocol for retrieving email from a server to a client device. POP3 uses a TCP connection to transport messages, and is one of the standards supported by most email clients. A major drawback of the protocol is that… Read Full Article

A number assigned to a data packet to determine the process for which it is intended. Ports are essentially used to identify services running on the device and ensure that transmitted information is correctly addressed. There exist several predefined ports… Read Full Article

Port scanning is a method of detecting vulnerable nodes in a network by accessing different ports on a host (a device connected to the network) or the same port on different hosts. It can be used by cybercriminals in the… Read Full Article

The ID of a packet transmitted via TCP/IP. The port number is used to route data within a single host and specifies the process to which a particular packet needs to be delivered. A defined address space of 65,536 numbers… Read Full Article

The term potentially unwanted programs (PUP) or potentially unwanted apps (PUA) is used to describe programs that might have undesirable effects on a computer. This includes adware, pornware, riskware and other programs that interfere with the normal working of the… Read Full Article

Malware distribution technique in which attackers get paid by the customer per click on payload download link. It makes no difference whether the victim has installed malware or left the criminal resource without downloading it.

Malware distribution system in which attackers get paid by the customer per payload installed. The number of hack attempts, spam messages delivered or visitors attracted to the criminal resource is irrelevant. Thus, no payment is due if user follows a… Read Full Article

Pre-boot authentication (PBA) is authentication that occurs after a computer is powered up but before the operating system boots, as well as the underlying technology. Read Full Article

A type of fraud that utilizes social engineering. The purpose is to obtain confidential data. Most often, the objective is financial information: online bank account credentials, credit card PIN codes, etc. Typically, the attacker contacts the victim over the phone,… Read Full Article

The principle of least privilege is a cybersecurity practice in which a user, process, program, or other entity in an IT environment is granted only those rights that are essential to perform its intended tasks. Read Full Article

An increase in the level of access to computer system resources, achieved by exploiting a vulnerability in the system. Usually, privilege escalation refers to cybercriminals acquiring extended rights for the purpose of compromising data or illegally using the victim’s computing… Read Full Article

This is a generic term for technologies used by an anti-malware product to detect new, unknown threats, without the need for a specific signature. They include heuristics, behavioural analysis, application allowlisting and exploit detection. Anti-malware programs have never relied exclusively… Read Full Article

Process Doppelganging is a cyber attack that substitutes a legitimate process for malware in the Transactional NTFS file system. The attacker creates a copy of an executable file in the device memory and injects malicious code into it. Next, the… Read Full Article

A proxy server stands between users on a network and the Internet. When someone on the network requests a web page through their browser, the request goes through the proxy server. The proxy server checks its cache, to see if… Read Full Article

These Trojans are designed to steal passwords from the victim’s computer (although some steal other types of information also: IP address, registration details, e-mail client details, and so on). This information is then sent to an e-mail address coded into… Read Full Article

Pump and dump is a fraudulent scheme that attempts to manipulate the value of a currency or securities by artificially inflating (pumping) the price in order to sell (dump) money or stock at a profit. The first stage generally involves… Read Full Article

Punycode is a special encoding for converting Unicode characters in different languages to ASCII. It is used to correctly transcode a domain name containing non-Latin characters into addresses that comply with DNS standards. Cybercriminals can use Punycode to create phishing… Read Full Article