Cyber Threat Intelligence Glossary
A
Access Control: Systems and techniques designed to regulate user interactions with resources in a computing environment.
Account Harvesting: The process of gathering valid account usernames from a system.
Advanced Encryption Standard (AES): A widely used symmetric encryption method for securing data globally.
Advanced Persistent Threat (APT): A long-term, targeted cyberattack in which a threat actor remains undetected within a network for an extended period.
Adware: Software that displays or downloads advertisements automatically when a user is online.
Air Gap: A security technique that isolates a computer or network by preventing it from connecting externally.
Artificial Intelligence (AI) in Cybersecurity: The application of AI and machine learning to identify and mitigate cyber threats.
Attack Surface: The total number of points through which an unauthorised user could gain access or extract data from an environment.
Authentication: The process of confirming the identity of a user, process, or device, typically required to grant access to IT resources.
C
Cache Poisoning: A technique where malicious or false data from a remote name server is cached by another name server, often used in DNS cache poisoning attacks.
Certificate Authority (CA): An entity that issues and manages digital certificates for authenticating identities and securing communications.
Cipher: A mathematical algorithm used for encryption and decryption of data.
Clearweb: Websites that are publicly accessible and have no restrictions or barriers to entry.
Clickjacking: A malicious technique that tricks users into clicking on a deceptive element, exposing them to security risks.
Cloud Security: Strategies and protocols for protecting data, applications, and infrastructure within cloud environments.
Command and Control (C2 or C&C): Processes used by cyber attackers to maintain communication with compromised systems.
Compliance: Adherence to security regulations and standards required by an organisation.
Computer Emergency Response Team (CERT): An organisation that provides incident response services, issues alerts about vulnerabilities, and helps improve computer and network security.
Continuous Security Monitoring (CSM): Automates the tracking of security records, vulnerabilities, and cyber risks to aid corporate risk management decisions.
Credential Stuffing: An automated attack using stolen login credentials to access online services, enabling fraudsters to commit fraud, phishing, and data theft.
Cross-Site Scripting (XSS): A vulnerability that allows malicious scripts to be injected into trusted websites.
Cryptography: The practice of encrypting information to protect it from unauthorised access.
Cyber-espionage: The unauthorised acquisition of sensitive information for political, economic, or military advantage.
Cybersecurity Framework: A set of best practices and guidelines for building and maintaining robust cybersecurity defences.
B
Behavioural Analysis: The examination of user behaviour patterns to detect anomalies that may indicate security issues.
Black-Box: A testing method in which attackers simulate real-world scenarios without knowledge of system internals.
Blockchain Security: Protocols and practices designed to secure blockchain-based networks and applications against cyber threats.
Blue Team: The team responsible for defensive cybersecurity tasks, including configuring firewalls, implementing patching, enforcing strong authentication, and ensuring adequate physical security measures.
Botnet: A group of infected computers, controlled without the owner’s knowledge, used in coordinated cyber attacks.
Brute Force Attack: A method of trying all possible combinations to decrypt a password or key.
Brute Force Protection: Defence mechanisms, such as account lockouts, to guard against brute force attacks.
Bug Bounty Program: A program where organisations reward individuals for reporting security vulnerabilities.
Business Continuity Planning (BCP): The process of preparing for and recovering from potential risks to business operations.
Business Email Compromise (BEC): Fraud targeting companies involved in wire transfers by compromising or impersonating executives' or finance employees' emails, often through phishing, leading to significant financial losses.
D
Dark Net: An overlay network on the internet that requires specific software, configurations, or authorization to access, often using custom communication protocols.
Dark Web: A portion of the internet not indexed by search engines, accessible only through specialised tools.
Data Breach: The unauthorised access and theft of sensitive information.
Databroker: A threat actor who sells datasets or sensitive information, often obtained through unauthorised access or data breaches.
Data Exfiltration: The covert transfer of data from a system without authorization.
Data Loss Prevention (DLP): Tools and processes to prevent unauthorised access, exfiltration, or destruction of sensitive information.
Deepfake technology: The use of AI to create highly realistic but fake audio, video, or images, often used for misinformation, fraud, or identity manipulation.
Defacement: The act of altering a website’s content to "vandalise" it or cause embarrassment to its owner.
Deep Packet Inspection (DPI): A network filtering technique that inspects the content of packets passing through a checkpoint.
Denial of Service (DoS): An attack aimed at disrupting the availability of services by overwhelming a system.
Digital Fingerprint: A unique hash that identifies data, where even the slightest modification to the data results in a completely different hash.
Digital Footprint: The trail of information left by an individual through their online activities on the internet.
Digital Forensics: The investigation and analysis of digital data for legal evidence or cybersecurity purposes.
Distributed Denial of Service (DDoS): A type of DoS attack where multiple compromised systems overwhelm a target, making it inaccessible.
Domain Hijacking: An attack where the attacker takes control of a domain by blocking access to the domain's DNS server and replacing it with their own.
Doxxed: The act of publicly revealing an individual’s private or personal information without their consent.
Drive-by Compromise: The unintentional download of malicious code, typically from visiting a compromised website.
E
Encryption: The transformation of data into a coded format to prevent unauthorised access.
Endpoint: A device such as a computer or smartphone that connects to a network.
Endpoint Detection and Response (EDR): Solutions that detect and address threats on endpoints in real time.
Endpoint Protection Platform (EPP): Software deployed on endpoints to prevent malware and detect suspicious activity.
Endpoint Security: Measures taken to secure individual devices against cyber threats.
Exploit: A technique or software used to take advantage of a security flaw.
Exploit Code: Code designed to take advantage of vulnerabilities in systems or software.
Exploit Kit: A toolkit designed to exploit known software vulnerabilities, often distributed via malicious websites.
Exploit Leveraging: The act of exploiting a vulnerability to gain an advantage.
Enumeration: The process of systematically identifying and listing all characteristics or resources of a system.
This class is held in a barre fusion style, integrating ballet-inspired movements, Pilates, and strength training to sculpt and tone muscles, emphasizing flexibility and balance.
Duration: 1 hour
This class is held in a barre fusion style, integrating ballet-inspired movements, Pilates, and strength training to sculpt and tone muscles, emphasizing flexibility and balance.
Duration: 1 hour
This class is held in a barre fusion style, integrating ballet-inspired movements, Pilates, and strength training to sculpt and tone muscles, emphasizing flexibility and balance.
Duration: 1 hour
This class is held in a barre fusion style, integrating ballet-inspired movements, Pilates, and strength training to sculpt and tone muscles, emphasizing flexibility and balance.
Duration: 1 hour
This class is held in a barre fusion style, integrating ballet-inspired movements, Pilates, and strength training to sculpt and tone muscles, emphasizing flexibility and balance.
Duration: 1 hour
This class is held in a barre fusion style, integrating ballet-inspired movements, Pilates, and strength training to sculpt and tone muscles, emphasizing flexibility and balance.
Duration: 1 hour
This class is held in a barre fusion style, integrating ballet-inspired movements, Pilates, and strength training to sculpt and tone muscles, emphasizing flexibility and balance.
Duration: 1 hour
This class is held in a barre fusion style, integrating ballet-inspired movements, Pilates, and strength training to sculpt and tone muscles, emphasizing flexibility and balance.
Duration: 1 hour
This class is held in a barre fusion style, integrating ballet-inspired movements, Pilates, and strength training to sculpt and tone muscles, emphasizing flexibility and balance.
Duration: 1 hour
This class is held in a barre fusion style, integrating ballet-inspired movements, Pilates, and strength training to sculpt and tone muscles, emphasizing flexibility and balance.
Duration: 1 hour
This class is held in a barre fusion style, integrating ballet-inspired movements, Pilates, and strength training to sculpt and tone muscles, emphasizing flexibility and balance.
Duration: 1 hour
This class is held in a barre fusion style, integrating ballet-inspired movements, Pilates, and strength training to sculpt and tone muscles, emphasizing flexibility and balance.
Duration: 1 hour
This class is held in a barre fusion style, integrating ballet-inspired movements, Pilates, and strength training to sculpt and tone muscles, emphasizing flexibility and balance.
Duration: 1 hour
This class is held in a barre fusion style, integrating ballet-inspired movements, Pilates, and strength training to sculpt and tone muscles, emphasizing flexibility and balance.
Duration: 1 hour
F
False Positive: An incorrect identification of a threat, such as a virus, when none exists.
File Integrity Monitoring (FIM): A process of checking files to ensure they have not been altered or tampered with.
Fileless Malware: Malicious software that operates from memory without writing to disk, making it harder to detect.
Firewall: A security system that monitors and filters network traffic based on predefined rules.
Firewall Rule: A specific condition used to determine whether network traffic should be permitted or blocked.
Firmware: Software embedded in hardware, providing low-level control over the device's specific functions.
Forensics: The use of scientific methods to gather evidence in cybersecurity investigations.
Full Disk Encryption (FDE): A method of encrypting all the data stored on a disk to protect it while at rest.
G
Gateway: A node that connects two different networks and enables communication between them.
General Data Protection Regulation (GDPR): European Union legislation governing data privacy and protection.
Geofencing: Technology that creates virtual boundaries, triggering actions when devices enter or exit specific locations.
Grey Hat: A “hacker” who violates laws or ethical guidelines without malicious intent.
Grid Computing Security: Techniques for securing distributed computing systems that share processing power across multiple locations.
Group Policy: A Windows feature for managing and configuring settings across multiple users and devices.
Guest Network: A separate network designed for visitors, keeping them isolated from sensitive internal systems.
Guided Hacking: Education or instruction in ethical hacking and cybersecurity techniques.
H
Hardware Security Module (HSM): A physical device that manages and safeguards digital keys and performs cryptographic operations.
Hash Collision: When two different inputs produce the same hash value.
Hash Function: A mathematical function that generates a unique output from an input, often used for data integrity verification.
Hashing: The process of converting input data into a fixed-size output string using a hash function.
Hacker: An individual who seeks to exploit vulnerabilities in computer systems or networks.
Honeynet: A network designed to attract and study cyber attacks.
Honeypot: A decoy system set up to detect, deflect, or study potential attackers.
Host Intrusion Detection System (HIDS): A system that monitors and detects suspicious activity on individual hosts or devices.
H
Identity and Access Management (IAM): A framework of policies and technologies to ensure appropriate access to technology resources.
Incident Management: The process of responding to and managing security incidents in real time.
Incident Response: A structured approach to handling the aftermath of a cyber attack or data breach.
Initial Access Broker: A threat actor who sells access to a compromised network or system.
Indicators of Attack (IoA): IoAs provide real-time insights into potential attack behaviours, helping to anticipate threats by analysing unknown attributes, IOCs, and contextual information such as organisational intelligence and risk.
Indicator of Compromise (IoC): IoCs are the signs or evidence that confirm a cyber-attack has occurred.
Input Validation Attacks: Attacks where unusual input is sent to confuse and exploit vulnerabilities in an application.
Insider Threat: A security risk posed by individuals within an organisation who have access to sensitive information.
Integrity: The assurance that data is accurate, trustworthy, and protected from unauthorised changes.
Internet Control Message Protocol (ICMP): A protocol used to report errors during IP data transmission and to exchange information about the status of the IP network.
Intrusion Detection System (IDS): Software that monitors a network for malicious activity or policy violations.
Intrusion Prevention System (IPS): Technology that detects and prevents potential security breaches.
IP Spoofing: The falsification of an IP address to mask the identity of the sender or impersonate another device.
J
Jailbreaking: The act of removing restrictions on iOS devices to access unauthorised applications or features.
Jamming Attack: An attack that disrupts wireless communications by overwhelming the network with interference.
JavaScript Malware: Malicious software written in JavaScript that executes harmful actions in a browser.
Jitter: Variability in packet delay that can affect the performance of real-time communications on a network.
Juice Jacking: A type of attack where charging stations are used to transfer malware or steal data from connected devices.
Jump Server (Jump Box): A secure system used by administrators to access devices in different security zones.
Just-In-Time (JIT) Access: The practice of granting access to systems only when needed and for a limited time.
JWT (JSON Web Token): A compact token used for secure information exchange and authentication
K
Key Exchange: The process of securely exchanging cryptographic keys between parties to establish a secure communication channel.
Keylogger: Surveillance software that records keystrokes on a device.
Kerberos: A network authentication protocol that uses secret-key cryptography to verify user identities.
Kill Chain: A cybersecurity model describing the stages of a cyber attack, from reconnaissance to exfiltration.
L
Least Privilege: A security principle where users are granted the minimum access
required to perform their tasks.
Loader: A system used to distribute malware.
Log Analysis: The process of reviewing logs to detect and investigate security incidents.
Logic Bomb: Malicious code that activates under certain conditions, executing a harmful function.
Log Management: The practice of collecting and analysing system logs for security monitoring and compliance.
M
Malvertising: The distribution of malware through malicious advertisements.
Malware: Software designed with the intent to cause harm, steal data, or disrupt systems.
Malware Information Sharing Platform (MISP): A threat intelligence platform designed for collecting, sharing, storing, and correlating Indicators of Compromise (IoCs) related to cyber-attacks, threat intelligence, financial fraud, vulnerabilities, and counter-terrorism information.
Malware lifecycle: The stages malware goes through, including creation, distribution, exploitation, infection, persistence, and execution, followed by detection and removal.
Man-in-the-Middle (MitM) Attack: An attack where a third party secretly intercepts and possibly alters communications between two parties.
Managed Security Service Provider (MSSP): A third-party vendor that manages and monitors an organisation's security systems.
Masquerade Attack: An attack in which one system entity pretends to be another to gain illegitimate access.
Memory Forensics: The analysis of volatile data stored in a computer's memory to detect security incidents.
Multi-Factor Authentication (MFA): A security mechanism requiring more than one method to verify a user's identity.
Multi-Cloud Security: Security protocols designed to protect data across multiple cloud environments.
Multi-Tenancy: A system where a single instance of software serves multiple customers, isolating each customer's data and operations.
N
Network Access Control (NAC): A security solution that enforces access policies for devices connecting to a network.
Network Forensics: The monitoring and analysis of network traffic to collect information for detecting and investigating security incidents.
Network Security Protocol: Rules governing secure data exchange between network devices.
Network Segmentation: The division of a network into isolated segments to improve security and performance.
Nonce: A one-time use number or string often used in authentication protocols to prevent replay attacks.
Next-Generation Firewall (NGFW): A firewall that detects and blocks sophisticated attacks by enforcing security at the application, port, and protocol levels.
O
OSINT (Open Source Intelligence): The collection of publicly available data to gather actionable intelligence.
OAuth (Open Authorization): A standard for granting third-party access to user information without revealing credentials.
OBIEE (Oracle Business Intelligence Enterprise Edition): A suite of enterprise tools for data analysis and reporting.
Obfuscation: The process of making code intentionally difficult to understand to protect it from reverse engineering.
Offline Attack: A type of attack where encrypted data is accessed and decrypted without needing access to the original network or system.
On-Premises Security: Security measures implemented to protect data and systems physically located within an organisation's facilities.
OT (Operational Technology): Systems used to monitor and control physical processes, often in industrial environments.
OWASP (Open Web Application Security Project): A nonprofit dedicated to improving the security of software through open-source projects and standards.
Over-the-Air (OTA) Updates: Wireless updates to software or systems, allowing for patching without physical connections.
Overlay Attack: An attack where a malicious layer is placed over a legitimate user interface, tricking users into providing sensitive information.
P
Password Cracking: The process of trying to guess or recover passwords by analysing password file information.
Password Manager: A tool that securely stores and manages user passwords.
Password Sniffing: Passive monitoring of network traffic to capture passwords, often on a local area network (LAN).
Patch Gap: The time between the release of a software patch and its implementation by users or suppliers.
Patch Management: The process of applying updates to software to fix vulnerabilities.
Penetration Testing: Simulating attacks on a system to identify security weaknesses.
Personally Identifiable Information (PII): Any data that can be used to identify an individual, either directly or indirectly.
Pharming: A cyber attack that redirects website traffic to fraudulent sites.
Phishing: A deceptive attempt to acquire sensitive information through fraudulent emails or messages.
Ping Scan: A technique used to find machines by sending ICMP Echo Requests and identifying responses.
Ping Sweep: An attack that sends ICMP echo requests to multiple IP addresses, aiming to find active hosts for further probing.
Polymorphism: The ability of malware to alter its code in order to evade detection by security systems.
Privilege Escalation: When an attacker gains higher-level access privileges than they were originally granted.
Proxy Server: A server that intermediates requests from clients to other servers, often used for privacy or security.
Public Key Infrastructure (PKI): A system for managing digital certificates and public-key encryption.
R
Rainbow Table: A precomputed table used to reverse cryptographic hash functions for password cracking.
Ransomware: Malicious software that encrypts a victim's files and demands payment for decryption.
Ransomware-as-a-Service (RaaS): A business model where ransomware developers lease their software to affiliates for a share of the profits.
Reconnaissance: The stage of an attack where the attacker discovers new systems, maps networks, and identifies exploitable vulnerabilities.
Red Team: A group that simulates attacks on an organisation to identify vulnerabilities.
Red Teaming: Simulating full-scope attacks to evaluate an organisation's security defences.
Remote Desktop Protocol (RDP): A protocol that allows users to remotely control a computer as if they were physically present.
Risk Assessment: The process of identifying, analysing, and prioritising risks to assets, operations, or individuals.
Rootkit: Software designed to hide the presence of malicious programs and give attackers remote control over a system.
Rogue Security Software: Software that misleads users by pretending to detect and fix security threats, often demanding payment.
S
Sandboxing: A technique for isolating running programs to prevent malware from spreading to other parts of a system.
Security Event and Management (SEAM) Predefined conditions within a security system that trigger actions in response to detected events.
Security Information and Event Management (SIEM): Software solutions that combine security information management with security event management, analysing security alerts from applications and network devices in real time.
Security Orchestration, Automation, and Response (SOAR): Refers to software capabilities that manage threats, automate security operations, and streamline incident response.
Security Operations Center (SOC): A centralised team responsible for detecting, analysing, and responding to security incidents.
Security Token: A physical or digital token used to authenticate a user's identity.
Shadow IT: Refers to software, applications, and services used by employees or departments without the knowledge or control of the company’s IT department, often to streamline their work processes.
Shell: A command-line interpreter deployed on a compromised system to execute scripts or commands.
Skimmer Malicious: A script designed to collect sensitive form data, such as payment information, from a website.
SMiShing: A form of phishing conducted through SMS messages.
Social Engineering: Manipulating individuals into revealing confidential information through deceptive means.
Software-Defined Networking (SDN): An approach to network management that allows dynamic control of network configurations.
Spear Phishing: A targeted phishing attack aimed at specific individuals or organisations to steal sensitive information.
Spoofing: A technique where an attacker pretends to be a trusted entity to deceive victims.
SQL Injection: An input validation attack where SQL code is inserted into queries to manipulate a database in a way that was not intended.
State-Sponsored: Financially backed or authorised by a government to carry out specific activities, including cyber operations.
Stealthing: Techniques used by malware to hide its presence on an infected system.
Strategic Threat Intelligence: Data that is collected, analysed, and processed to provide actionable insights, helping organisations protect themselves from cyber threats.
Supply Chain Attack: An attack targeting weak links in an organisation's supply network to compromise security.
Supply Chain Risk: The potential for sabotage, malicious tampering, or other attacks on any part of a system's life cycle, which could disrupt, degrade, or take control of the system or its components.
T
Take-Down Service: A service used to request the removal or blocking of unlawful, irrelevant, or outdated content from an Internet Service Provider (ISP) or search engine.
Threat Actor: An individual or group that engages in malicious activities online, such as hacking, data theft, or disrupting digital systems for financial gain, espionage, or other motives.
Threat Hunting: The proactive search for cyber threats within a network that have gone undetected.
Threat Intelligence: Information about potential threats or attackers that helps organisations prepare for and respond to incidents.
Threat Vector: The path through which an attacker gains access to a system or network.
Threat Modelling: The process of identifying and evaluating potential threats to a system or application.
Token Ring: A network configuration in which data is passed in one direction around a circular set of connected devices.
Tokenization: The process of substituting sensitive data with a token that retains the data's essential information without compromising security.
Traffic Light Protocol (TLP): A system of labels used to facilitate the controlled sharing of sensitive information with specific audiences.
Trojan Horse: Malware disguised as legitimate software that allows unauthorised access to a system.
Tactics, Techniques, and Procedures (TTP): Describes the behaviour and methods of threat actors or Advanced Persistent Threats (APTs) to help profile and analyse their operations.
Two-Factor Authentication (2FA): A method of verifying a user's identity through two distinct forms of authentication.
Typosquatting: A social engineering tactic where hackers target users who mistakenly enter incorrect URLs, redirecting them to malicious websites.
U
Unified Threat Management (UTM): A security platform that integrates multiple features like firewalls, intrusion detection, and antivirus into one system.
URL Spoofing: A technique that deceives users into visiting a malicious website by disguising the URL as a legitimate one.
User and Entity Behavior Analytics (UEBA): The use of machine learning to detect anomalies in user behaviour, often to identify insider threats.
User Education and Awareness Training: Programs designed to teach employees how to recognize and respond to cybersecurity threats.
V
Virtual Local Area Network (VLAN): A segmented network that allows devices from different physical LANs to be grouped together for improved security and management.
Virtual Private Network (VPN): Technology that creates a secure and encrypted connection over an untrusted network, such as the internet.
Virtualization Security: The measures taken to protect virtualized environments, such as virtual machines and cloud infrastructures.
Virus: Malware that replicates itself by attaching to other programs or files, often spreading to other systems.
Vishing (voice or VoIP phishing): Audio-based phishing, can include AI generated audio.
Vulnerability: A weakness in a system or network that can be exploited by attackers.
Vulnerability Assessment: The process of identifying and evaluating vulnerabilities in systems, applications, or networks.
Vulnerability management: The process of identifying, assessing, prioritising, and mitigating security weaknesses (vulnerabilities) in systems, networks, and software to reduce the risk of cyberattacks.
Vulnerability Scanner: A tool that identifies potential security weaknesses in a network or system.
W
​
​​​​​​Watering Hole Attack: An attack in which cybercriminals infect websites frequented by their target, with the hope of infecting their target's systems.
Web Application Firewall (WAF): A security solution that protects web applications by monitoring and filtering HTTP traffic between the web and a user.
Whaling: A type of phishing attack that targets high-profile individuals, such as executives.
Whitelisting: A security measure that restricts access to only pre-approved entities, such as applications, IP addresses, or users.
White Hat: A “hacker” who uses their skills ethically to help improve security by identifying and fixing vulnerabilities.
Wi-Fi Protected Access (WPA): A protocol designed to secure wireless networks by encrypting data transmitted over them.
Wormhole Attack: A network attack where an attacker captures packets at one point and transmits them to another point for replay.
Worm: Self-replicating malware that spreads across computers without user intervention.
X
​
X.509: A standard format for public key certificates used in network protocols like SSL and TLS.
XACML (eXtensible Access Control Markup Language): A language for managing access control policies expressed in XML.
XDR (Extended Detection and Response): A security solution that integrates threat detection across multiple layers, including endpoints and networks.
XML Encryption: A standard for encrypting the contents of XML documents to protect sensitive information.
XML Signature: A standard for applying digital signatures to XML documents for integrity and authentication.
XOR Encryption: A simple encryption technique using the XOR (exclusive or) operation, often applied in lightweight cryptography.
XSS (Cross-Site Scripting): A vulnerability that allows attackers to inject malicious scripts into trusted websites, compromising user data or actions.
Y
​
YARA (Yet Another Ridiculous Acronym): A tool for malware researchers to create patterns for identifying and classifying malware.
Yellow Team: A group focused on cybersecurity training and awareness within an organisation.
Yubikey: A hardware authentication device that generates one-time passwords (OTPs) or cryptographic keys for secure 2FA.
Yara Rules: Specific rules written in YARA to describe and identify malware based on binary or textual patterns.
Yield Ratio: In penetration testing, the success rate of different attack methods in compromising systems.
Z
​
Zero-Day Attack: An attack exploiting a vulnerability that is unknown to the software vendor and lacks a patch.
Zero-Day Exploit: The actual use of a vulnerability in a software system before the developer has issued a fix.
Zero-Day Vulnerability: A software vulnerability that is not yet known to the developer or does not have a patch available.
Zero Trust Architecture: A security approach that assumes no user or system, internal or external, should be trusted by default.
Zero Trust Security Model: A security framework where every access request is verified before granting access, assuming both internal and external threats.
Zombie: A computer compromised by an attacker and used for malicious purposes under remote control.
Helvetica Light is an easy-to-read font, with tall and narrow letters, that works well on almost every site.