A fun and informative cybersecurity audio glossary from the CyberWire.
Please enjoy this encore of Word Notes. The absence of telemetry that could help network defenders detect and respond to hostile attempts to compromise a system. Learn more about your ad choices. Visit megaphone.fm/adchoices
Please enjoy this encore of Word Notes. Ineffectual confirmation of a user's identity or authentication in session management. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-identification-and-authentication-failure Audio reference link: “Mr. Robot Hack - Password Cracking - Episode 1.” YouTube Video. YouTube, September 21, 2016. Learn more about your ad choices. Visit megaphone.fm/adchoices
Please enjoy this encore of Word Notes. An open source Java-based software tool available from the Apache Software Foundation designed to log security and performance information. CyberWire Glossary link: https://thecyberwire.com/glossary/log4j Audio reference link: “CISA Director: The LOG4J Security Flaw Is the ‘Most Serious' She's Seen in Her Career,” by Eamon Javers (CNBC) and Jen Easterly (Cybersecurity and Infrastructure Security Director) YouTube, 20 December 20 2021. Learn more about your ad choices. Visit megaphone.fm/adchoices
Please enjoy this encore of Word Notes. Software users are allowed access to data or functionality contrary to the defined zero trust policy by bypassing or manipulating the installed security controls. Learn more about your ad choices. Visit megaphone.fm/adchoices
Please enjoy this encore of Word Notes. The state of a web application when it's vulnerable to attack due to an insecure configuration. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-security-misconfiguration Audio reference link: “What Is the Elvish Word for Friend?” Quora, 2021. Learn more about your ad choices. Visit megaphone.fm/adchoices
Please enjoy this encore episode of Word Notes. A broad OWASP Top 10 software development category representing missing, ineffective, or unforeseen security measures. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-insecure-design Audio reference link: “Oceans Eleven Problem Constraints Assumptions.” by Steve Jones, YouTube, 4 November 2015. Learn more about your ad choices. Visit megaphone.fm/adchoices
Please enjoy this encore of Word Notes. A broad class of attack vectors, where an attacker supplies input to an applications command interpreter that results in unanticipated functionality. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-injection Audio reference link: “APPSEC Cali 2018 - Taking on the King: Killing Injection Vulnerabilities” YouTube Video. YouTube, March 19, 2018. Learn more about your ad choices. Visit megaphone.fm/adchoices
Please enjoy this encore of Word Notes. Code that fails to protect sensitive information. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-cryptographic-failure Audio reference link: Vandana Verma. “OWASP Spotlight - Project 10 - Top10.” YouTube Video. YouTube, January 4, 2021. Learn more about your ad choices. Visit megaphone.fm/adchoices
Enjoy this encore of Word Notes. The prevention of the first part of an intrusion kill chain model exploitation technique, where the hacker steals valid logging credentials from a targeted victim. CyberWire Glossary link: https://thecyberwire.com/glossary/account-takeover-prevention Learn more about your ad choices. Visit megaphone.fm/adchoices
Please enjoy this encore of Word Notes. The process of proactively searching through networks to detect and isolate security threats, rather than relying on security solutions or services to detect those threats. CyberWire Glossary link: https://thecyberwire.com/glossary/threat-hunting Audio reference link: “My ‘Aha!" Moment - Methods, Tips, & Lessons Learned in Threat Hunting - sans Thir Summit 2019.” YouTube, YouTube, 25 Feb. 2020. Learn more about your ad choices. Visit megaphone.fm/adchoices
The continuous practice of identifying classifying, prioritizing, remediating, and mitigating software vulnerabilities within this. CyberWire Glossary link: https://thecyberwire.com/glossary/vulnerability-management Audio reference link: “Vulnerability Scanning - Comptia Security+ sy0-501 - 1.5.” YouTube, YouTube, 11 Nov. 2017, Learn more about your ad choices. Visit megaphone.fm/adchoices
Please enjoy this encore of Word Notes. A formal record containing the details and supply chain relationships of various components used in building software. Learn more about your ad choices. Visit megaphone.fm/adchoices
Please enjoy this encore of Word Notes. A security philosophy that assumes adversaries have already penetrated the digital environment and tries to reduce the potential impact by limiting access by people, devices, and software to only the resources essential to perform their function and nothing more. Learn more about your ad choices. Visit megaphone.fm/adchoices
Please enjoy this encore of Word Notes. Hardware and software designed to detect and prevent cyber adversary campaigns that target industrial operations. Learn more about your ad choices. Visit megaphone.fm/adchoices
Please enjoy this encore episode of Word Notes. The difference between organizational employee job requirements and the available skillsets in the potential employee pool. Learn more about your ad choices. Visit megaphone.fm/adchoices
Please enjoy this encore episode of Word Notes. The use of technology to radically improve the performance or reach of the business. Learn more about your ad choices. Visit megaphone.fm/adchoices
Please enjoy this encore episode of Word Notes. Cloud services intended for cyber criminals and other bad actors designed to obstruct law enforcement and other kinds of government investigations, and to provide some protection against competitors. Learn more about your ad choices. Visit megaphone.fm/adchoices
The practice of securing a device that connects to a network in order to facilitate communication with other devices on the same or different networks. Learn more about your ad choices. Visit megaphone.fm/adchoices
President Biden's May, 2021 formal compliance mandate for federal civilian executive branch agencies, or FCEBs, to include specific shortterm and longterm deadlines designed to enhance the federal government's digital defense posture. Learn more about your ad choices. Visit megaphone.fm/adchoices
Phase of a typical cyber adversary group's attack sequence, after the initial compromise and usually after the group has established a command and control channel, where the group moves through the victims network by compromising as many systems as it can, by looking for the data, it has come to steal or to destroy. Learn more about your ad choices. Visit megaphone.fm/adchoices
A public list sponsored by the US government and designed to uniquely identify, without the need to manually cross- reference, all the known software vulnerabilities in the world. Learn more about your ad choices. Visit megaphone.fm/adchoices
A forensic technique where practitioners capture an entire image of a system and analyze the contents offline. Learn more about your ad choices. Visit megaphone.fm/adchoices
Please enjoy this encore episode of Word Notes. A supply chain cybersecurity accreditation standard designed for the protection of controlled unclassified information that the U.S. Department of Defense, or DoD, will require for all contract bids by October, 2025. Learn more about your ad choices. Visit megaphone.fm/adchoices
Please enjoy this encore episode of Word Notes. A collection of people, process, and technology that provides an organization the ability to detect and respond to cyber attacks. Learn more about your ad choices. Visit megaphone.fm/adchoices
Please enjoy this encore episode of Word Notes. Cybercriminals who lack the expertise to write their own programs use existing scripts, code, or tools authored by other more skilled hackers. Learn more about your ad choices. Visit megaphone.fm/adchoices
Please enjoy this encore episode of Word Notes. An isolated and controlled set of resources that mimics real world environments and used to safely execute suspicious code without infecting or causing damage to the host machine, operating system, or network. Learn more about your ad choices. Visit megaphone.fm/adchoices
Please enjoy this encore episode of Word Notes. A stack of security software solutions and tools that allow organizations to orchestrate disparate internal and external tools which feed pre-built automation playbooks that respond to events or alert analysts if an event meets a certain threshold. Learn more about your ad choices. Visit megaphone.fm/adchoices
A term of legal art that defines the types of data and circumstances that permits a third party to directly or indirectly identify an individual with collected data. Learn more about your ad choices. Visit megaphone.fm/adchoices
Enjoy this encore episode. A security architecture that incorporates the cloud shared responsibility model, a vendor provided security stack, an SD-WAN abstraction layer, and network peering with one or more of the big content providers and their associated fiber networks. Learn more about your ad choices. Visit megaphone.fm/adchoices
Enjoy this encore episode. The practice of emulating known adversary behavior against an organization's actual defensive posture. Learn more about your ad choices. Visit megaphone.fm/adchoices
Please enjoy this encore episode of Word Notes. A layer seven security orchestration platform deployed at the boundary between internal workloads slash data storage and untrusted sources that blocks incoming and outgoing network traffic with rules that tie applications to the authenticated user and provides most of the traditional security stack functions in one device or software application. Learn more about your ad choices. Visit megaphone.fm/adchoices
Please enjoy this encore of Word Notes. A network designed to obfuscate the location of a cyber adversary's command and control server by manipulating the domain name system, or DNS, in a way that rotates the associated IP address among large numbers of compromised hosts in a botnet. Learn more about your ad choices. Visit megaphone.fm/adchoices
Enjoy this Word Notes encore. The process of converting plain text into an unrecognizable form or secret code to hide its true meaning. Learn more about your ad choices. Visit megaphone.fm/adchoices
Please enjoy this encore episode of Word Notes. Software or hardware that records the computer keys pressed by a user. Learn more about your ad choices. Visit megaphone.fm/adchoices
Enjoy this encore of Word Notes. Digital assets that are cryptographically protected on a blockchain and contain unique identification codes and metadata that makes them one of a kind. Learn more about your ad choices. Visit megaphone.fm/adchoices
Enjoy this special encore episode. The use of two or more verification methods to gain access to an account. Learn more about your ad choices. Visit megaphone.fm/adchoices
Enjoy this special encore episode. A programming technique where the developer doesn't specify each step of the algorithm in code, but instead teaches the algorithm to learn from the experience. Learn more about your ad choices. Visit megaphone.fm/adchoices
Enjoy this special encore episode. The process of turning raw information into intelligence products that leaders use to make decisions with. Learn more about your ad choices. Visit megaphone.fm/adchoices
Enjoy this special edition of Word Notes: A cloud-based software distribution method where app infrastructure, performance, and security are maintained by a service provider and accessible to users, typically via subscription, from any device connected to the internet. Learn more about your ad choices. Visit megaphone.fm/adchoices
Enjoy this special encore episode. A cryptographic hack that relies on guessing all possible letter combinations of a targeted password until the correct codeword is discovered. Learn more about your ad choices. Visit megaphone.fm/adchoices
Enjoy this special encore of Word Notes. A process of converting encrypted data into something that a human or computer can understand. Learn more about your ad choices. Visit megaphone.fm/adchoices
Enjoy this encore episode: A cyber attack designed to impair or eliminate access to online services or data. Learn more about your ad choices. Visit megaphone.fm/adchoices
Please enjoy this special encore episode of Word Notes. A type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer's Random Access Memory or RAM during the reboot process in order to steal sensitive data. Learn more about your ad choices. Visit megaphone.fm/adchoices
On-demand pay-as-you-go Internet delivered compute, storage, infrastructure, and security services that are partially managed by the cloud provider and partially managed by the customer. Learn more about your ad choices. Visit megaphone.fm/adchoices
An acronym for Advanced Persistent Threat to describe hacker groups or campaigns normally, but not always, associated with nation state cyber espionage and continuous low-level cyber conflict operations. Learn more about your ad choices. Visit megaphone.fm/adchoices
An undocumented or publicly unknown method to access a computer system undetected or to break a cypher used to encode messages. Learn more about your ad choices. Visit megaphone.fm/adchoices
From the intrusion kill chain model, a technique where the hacker compromises sites commonly visited by members of a targeted community in order to deliver a malicious payload to the intended victim. Learn more about your ad choices. Visit megaphone.fm/adchoices
Network observation systems designed to monitor globally unreachable but unused Internet address space or the Deep Web in order to study a wide range of interesting Internet phenomena. Learn more about your ad choices. Visit megaphone.fm/adchoices
A best practice for framing cyber intelligence critical information requirements that recommends collecting and consolidating data from three specific sources: endpoint, network and log. Learn more about your ad choices. Visit megaphone.fm/adchoices
Also known as a third-party attack or a value-chain attack, advisory groups gain access to a targeted victims network by first infiltrating a business partner's network that has access to the victim's systems or data. Learn more about your ad choices. Visit megaphone.fm/adchoices
The process of software engineers checking the flow of user input in application code to determine if unanticipated input can affect program execution in malicious ways. Learn more about your ad choices. Visit megaphone.fm/adchoices