Malicious software designed to harm computer systems or gain unauthorized access. - Malware, Programs that replicate and attach to legitimate files. - Viruses, Self-replicating malware that spreads through networks without user interaction. - Worms, Malware disguised as legitimate software. - Trojan Horses, Tricking individuals into revealing sensitive information by posing as a trustworthy entity via messaging. - Phishing, Flood a system or network with excessive traffic making the system unavailable. - Denial of Service (DoS), Use multiple sources to flood a system or network with excessive traffic causing it to become unavailable. - Distributed Denial-of-Service (DDoS), Attacker intercepts communication between two parties. - Man in the Middle, Exploits vulnerabilities in web applications' input fields. - SQL Injection, Target vulnerabilities not yet known to the vendor. - Zero-Day Exploits, Sophisticated and stealthy cyber-attacks targeting specific organizations or individuals. - Advanced Persistent Threats, Employees or trusted individuals who misuse their access to cause harm (intentionally or inadvertently) - Insider Threats, Manipulate individuals into revealing information, often through psychological manipulation. - Social Engineering, Attempt to gain access by trying all possible combinations of usernames and passwords until the correct one is found. - Brute Force Attacks, Using automated tools to try large sets of stolen username and password combinations on various websites. (Exploits users who use the same credentials for multiple sites). - Credential Stuffing, Target specific groups by infecting websites frequently visited by target group. - Watering Hole Attacks, Leveraging legitimate system tools or exploiting vulnerabilities in memory to execute code without leaving traditional file traces. - Fileless Attacks, Employees or individuals with access to sensitive data who intentionally steal, leak, or sell the information. - Insider Data Theft, Targets device exploit vulnerabilities in connected devices. - IoT- Based Attacks, Redirects website traffic to fraudulent websites. (Exploits DNS vulnerabilities). Looks identical to the legitimate site. - Pharming, Authorized individual intentionally alters data, usually for fraud or sabotage. - Insider Data Manipulation, Interception and Monitoring of network traffic. Used to capture and analyze data packets. - Eavesdropping (Sniffing), Recording and monitoring keystrokes to capture sensitive information entered by the user. - Keylogging (Keystroke Logging), Hijacking computing resources to mine cryptocurrencies leading to reduced system performance. - Cryptojacking, Encyrpting victim's files or data, making it inaccessible. Usually requires a ransom to be paid. - File Encryption Attacks, Automated programs that perform various tasks. - Bots, Network of compromised computers (zombies) controlled by a single entity. Can be used for DDoS, spam distribution, or stealing data. - Botnets, Inject malicious scripts into webpages viewed by other users to execute actions in the victim's browser. - Cross-Site Scripting (XXS), Tricks users into unknowingly performing actions on a trusted website that they did not intend to do. Causes unauthorized transactions or data manipulation. - Cross-Site Request Forgery (CSRF), Targets software or hardware vulnerabilities, introducing malicious components into products for a widespread compromise of systems. - Supply Chain Attacks, Tricks users into providing credentials on a fake log-in page resembling legitimate websites. - Credential Phishing, Registering domain names with slight misspellings. - URL Hijacking (Typosquatting), Distributing malware through online advertisements. - Malvertising, Attackers trick users into clicking hidden or disguised buttons or links leading to unintended actions. - Clickjacking, Using machine learning to enhance techniques, making them more sophisticated and challenging to detect. - AI-Powered Attacks, A network is not segmented correctly or the firewall settings are too permissive, allowing malicious actors to gain access to sensitive data. - Firewall Misconfiguration, Allows an attacker to execute malicious code on the vulnerable system. - Remote Code Execution (RCE), A person or program successfully identifies as another by falsifying data to gain an illegitimate advantage. - Spoofing, Malicious software designed to enter your computer device, gather data about you, and forward it to a third-party without your consent. - Spyware, An incorrect or suboptimal configuration of an information system or system component that may lead to vulnerabilities. - Misconfiguration, Out-of-date software that creates vulnerabilities to issues known by a bad actor. - Unpatched Software, aim to take over one or more accounts giving the attacker the same privileges as the attacked user, often by assuming their identity. - Broken Authentication, Allows an attacker to relay malicious code through an application to another system. - Injection, A weakness or flaw in software, hardware, or organizational processes, which when compromised by a threat, can result in a security breach - Network Vulnerabilities, Any attempt to exploit a vulnerability in user authorization within a digital system - Password Attack, Giving more access and privileges than needed, creating security risks if abused or compromised by an attacker. - Unauthorized Access,

Cyber Threats and Vulnerabilities

Classement

Fiches de révision est un modèle à composition non limitée. Il ne génère pas de points pour un classement.

Style visuel

Options

Changer de modèle

Restauration auto-sauvegardé :  ?