SecuryBlack
Blog/Glossary

Cybersecurity Glossary: All the Terms You Need to Know

·10 min read
Cybersecurity Glossary: All the Terms You Need to Know

Cybersecurity is full of technical terms that can be confusing. This glossary collects the most important concepts, explained in plain language without unnecessary jargon. Save it as a reference.

A

Brute force attack — Method that attempts to guess a password by trying all possible combinations automatically. Short passwords are especially vulnerable.

Two-factor authentication (2FA) — Security system that requires two forms of verification to access an account: something you know (password) and something you have (phone, physical key). Complete 2FA guide.

B

Backdoor — Hidden access to a system that allows entry without going through normal security mechanisms. It can be installed intentionally by a developer or by an attacker.

Botnet — Network of devices infected with malware that are controlled remotely by an attacker. They are used for DDoS attacks, spam, or credential stuffing.

Data breach — Unauthorized access to confidential information stored by an organization. What is a data breach?

C

CAPTCHA — Test designed to distinguish between humans and bots. The most modern ones (like Cloudflare Turnstile) are invisible to the user.

Encryption — Process of converting readable information into a code that can only be deciphered with a key. Protects data in transit and at rest.

Credential stuffing — Attack that uses leaked credentials from one breach to try to access other services, taking advantage of the fact that many users reuse passwords. More about credential stuffing.

D

Dark web — Portion of the internet accessible only through special browsers like Tor. It's where stolen data and leaked credentials are traded. What is the dark web?

DDoS (Distributed Denial of Service) — Attack that floods a server with millions of simultaneous requests to take it out of service.

DKIM — Protocol that digitally signs emails to verify that they really come from the domain they claim and have not been modified.

DMARC — Policy that defines what to do with emails that don't pass SPF and DKIM verifications (reject, quarantine, or accept).

E

Exploit — Code or technique that takes advantage of a specific vulnerability in a system to execute unauthorized actions.

Digital exposure — Set of personal data of a person that is publicly accessible or has been leaked. SecuryBlack measures your digital exposure.

F

Firewall — System that filters network traffic, allowing or blocking connections according to predefined rules. It can be hardware or software.

Fullz — Dark web term for a complete package of stolen identity data: name, address, date of birth, ID number, etc.

H

Hash — Function that converts any data into a fixed-length and irreversible string of characters. Used to store passwords securely.

HTTPS — Secure version of the HTTP protocol that encrypts communication between your browser and the server. Identifiable by the padlock in the address bar.

I

Social engineering — Psychological manipulation techniques to trick people into obtaining confidential information or access to systems.

K

k-Anonymity — Privacy model that allows querying data without revealing the exact query. SecuryBlack uses it to verify breaches without knowing your real email. How k-Anonymity works.

Keylogger — Malicious software that records all keyboard keystrokes to capture passwords and other sensitive information.

M

Malware — Malicious software designed to damage, infiltrate, or steal data from a system. Includes viruses, trojans, ransomware, spyware, etc.

MFA (Multi-Factor Authentication) — Similar to 2FA but can include more than two verification factors.

P

Phishing — Deception technique where the attacker impersonates a trusted entity to steal credentials or personal information. Phishing guide.

Pentest (penetration test) — Authorized attack simulation against a system to identify vulnerabilities before a real attacker does.

R

Ransomware — Malware that encrypts all the victim's files and demands a payment (ransom) to decrypt them. It is one of the most costly threats for businesses.

GDPR — General Data Protection Regulation of the EU. Obliges companies to protect personal data and notify breaches within 72 hours.

S

SIM swapping — Attack where a criminal convinces your mobile operator to transfer your number to a new SIM, thus intercepting your SMS verification codes.

SPF — Protocol that defines which servers are authorized to send emails on behalf of a domain.

Spyware — Software that collects information about the user without their knowledge, such as browsing history, credentials, or personal data.

T

Trojan — Malware disguised as legitimate software. Once executed, it allows the attacker to access the victim's system.

V

VPN (Virtual Private Network) — Network that encrypts your internet connection and hides your IP address, providing privacy and security on public networks.

Vulnerability — Weakness in a system that can be exploited by an attacker. Security patches fix known vulnerabilities.

Z

Zero-day — Vulnerability that is exploited before the software manufacturer knows about it or publishes a patch. They are the most dangerous due to their unknown nature.

Want to practice your cybersecurity? Start by checking your exposure on SecuryBlack Breach Scanner.