Glossary of Terms M-S



MAC Address – A Media Access Control (MAC) address is a 48bit alphanumeric address that uniquely identifies the network card in your device. It us unique to your device and will never be re-used. It is used to establish a connection between your device and a network router (WiFi router, Bluetooth, etc.). This is typically represented in hexadecimal as a sequence of characters similar to F1:A2:CD:E4:5P:8K and is normally printed on your PC’s underside, on your WiFi router, can be found in the settings app of your device or other utility programs (e.g. ipconfig on a PC).

Macro – A small program that can automate tasks in applications (such as Microsoft Office) which attackers can use to gain access to (or harm) a system.

Mail User Agent (MUA) – This is software designed to collect and send electronic mail (email). It is also referred to as an email program, or email client. The term “mail user agent” is less familiar to the average person, but is used in email headers. The headers of the email supply information to the mail servers or computers that handle transferring messages across networks like the Internet.

Malicious Code – This is any code in any part of a software system or script that is intended to cause undesired effects, security breaches, or damage to a system. Such codes actually gain unauthorised access to system resources or tricks a user into executing other malicious logic. Malicious code describes a broad category of system security terms that includes attack scripts, viruses, worms, Trojan horses, backdoors, and malicious active content.

Malicious HotSpot – This typically appears as a free WiFi service, but in reality it is managed by a hacker with the purpose of performing some form of Cyber Attack (e.g. Man in the middle, privacy invasion). See our post on Online Privacy for more information on this.

MalSpam – This is short for malware spam or malicious spam, is spam email/messaging that delivers malware. While regular spam is simply any unsolicited email, malspam contains infected attachments, phishing messages, or malicious URLs. It can also deliver a myriad of malware types, including ransomware, Trojans, bots, info-stealers, cryptominers, spyware, and keyloggers.

Malvertising – This is where an advert shown on a webpage that looks legitimate, but harbours a malicious link to a website that will then attempt to initiate a cyber attack of some form (e.g. install malware).

Malware – This is typically a malicious program for which the purpose is to exploit some weakness in a computer system in order to gain access to it, or as the payload of a social engineering attack. There are various types of malware, the following being a set of examples:

  • Back doors
  • File-less
  • Key Loggers
  • Ransom Ware and Wipers
  • Root Kits
  • Trojan Horses
  • Viruses
  • Worms.

Malware as a Service – This is a service offered by Cyber Criminals, either on the surface web or dark web, to other Cyber Criminals who want to use Malware to further some objective, but either don’t have the skills or the time to develop the appropriate exploits and Malware. Subscribers will normally pay a fee or a share of the profits. Such services can provide:

  • Phishing Campaigns
  • Targeted Malware
  • Bot Nets
  • Ransomware
  • Lists of compromised credentials (e.g. email address, passwords) coming from data breaches
  • Crypto Mining
  • Data Exfiltration
  • Selling Zero Day vulnerabilities.

You can also read our blog on this subject here.

Mandate Fraud – This is when someone gets you to change a direct debit, standing order or bank transfer mandate, by purporting to be an organisation you make regular payments to, for example a subscription or membership organisation or your business supplier.

Mandatory Access Control (MAC) – This is a security approach that contains the ability of an individual resource owner to grant or deny access to resources or files on the system. Whenever a user tries to access an object, an authorisation rule is enforced by the OS which examines these security aspects and decides whether the user can access or not. Any operation by any user is typically tested against a set of authorisation rules (aka policy) to determine if the operation is allowed.

Man In The Middle Attack – This is where an attacker intercepts a legitimate network request (e.g. an http request from a web browser), and inserts malicious instructions into either the outbound request (in order to redirect to a malicious service or extract personal data), or inserts malicious code into the return implanting malware into the webpage or return data. This is more prevalent when using unencrypted http requests. As https requests are end to end encrypted, it is harder for an attacker to execute this type of request. A VPN can also defend against this type of request since all traffic going through a VPN is typically encrypted.

Masquerade Attack – This is any attack that uses a forged identity (such as a network identity) to gain unofficial access to a personal or organisational computer. Masquerade attacks are generally performed by using either stolen passwords and logons, locating gaps in programs, or finding a way around the authentication process. Such attacks are triggered either by someone within the organisation or by an outsider if the organisation is connected to a public network.

Message Authentication Code (MAC) – In the context of cryptography, this is short piece of information used to authenticate a message. It is used to confirm that the message came from the stated sender (its authenticity) and has not been changed. The MAC value protects both a message’s data integrity as well as its authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the message content.

Measures of Effectiveness (MOE) – This is a probability model based on engineering concepts that allows one to estimate the impact of a given action on an environment. MOE quantifies the results to be obtained by a system and may be expressed as probabilities that the system will perform as required.

Mitigation – This is collectively a set of steps that organisations and individuals can take to minimise and address cyber risks. Examples are strong passwords, unique passwords, awareness of social engineering methods as well as deployment of technology in the form of security software.

Mobile Ad Fraud – This is the attempt to defraud advertisers, publishers or supply partners by exploiting mobile advertising technology. The objective of fraudsters is to steal from advertising budgets. Mobile ad fraud can take a number of different forms, from faked impressions, click spam or faked installs. For example, fraudulent publishers seeking to benefit from false impressions may stuff adverts into a single pixel, or deliberately align an advert out of view to generate views or impressions that never took place. The types of Ad Fraud are as follows:

  • Click Spam
  • Click Injection
  • SDK Spoofing.

Money Muling – This is a type of money laundering. A money mule is a person who receives money from a third party in their bank account and transfers it to another one or takes it out in cash and gives it to someone else, obtaining a commission for it. Even if money mules are not directly involved in the crimes that generate the money (cybercrime, payment and on-line fraud, drugs, human trafficking, etc.), they are accomplices, as they launder the proceeds of such crimes. Simply put, money mules help criminal syndicates to remain anonymous while moving funds around the world.

Monoculture – This is the case where a large number of users run the same software, and are vulnerable to the same attacks.

Monster-in-the-Middle (MITM) Attack – The security and privacy of HTTPS encrypted communications in web browsers relies on trusted Certificate Authorities (CAs) to issue website certificates only to someone that controls the domain name or website. For example, you and I can’t obtain a trusted certificate for Facebook because these browsers have strict policies for all CAs trusted by the browser which only allow an authorized person to get a certificate for that domain. However, when a user installs the root certificate provided by their ISP, or some other malicious actor, they are choosing to trust a CA that doesn’t have to follow any rules and can issue a certificate for any website to anyone. This enables the interception and decryption of network communications between the browser and the website. This is also similar to a ‘Man in the Middle Attack’.

Morris Worm (or Internet worm) – This is a program that was written by a graduate student at Cornell University, Robert Tappan Morris, and launched on November 2, 1988 from MIT. It was the first computer worm distributed via the Internet and gained significant mainstream media attention.

Multi-Cast – See IP Multi-Cast.

Multi-Homed Computer – This is any computer host that has multiple IP addresses to connected networks. A multi-homed host is physically connected to multiple data links that can be on the same or different networks. Multihoming is commonly used in Web management for load balancing, redundancy, and disaster recovery.

Multiplexing – This is a technique by which multiple analogue or digital data streams are combined into one signal stream over a shared medium. The multiplexed signal is transmitted over a communication channel, such as a cable. A reverse process, known as demultiplexing, extracts the original channels on the receiver end.

Multipurpose Internet Mail Extensions (MIME) – This is an Internet standard that extends the format of email messages to support text in character sets other than ASCII, as well as attachments of audio, video, images, and application programs. Message bodies may consist of multiple parts, and header information may be specified in non-ASCII character sets. Email messages with MIME formatting are typically transmitted with standard protocols, such as the Simple Mail Transfer Protocol (SMTP), the Post Office Protocol (POP), and the Internet Message Access Protocol (IMAP). See also S/MIME.

Munged Password – This is a method that attempts to create a stronger password by character substitution. Typical substitutions might include:

a=@, b=8, c=(, d=6, e=3, f=#, f=£, g=9, h=#, i=1, i=!, k=<, l=1, l=i, o=0, q=9, s=5, s=$, t=+, v=>, v=<, w=uu, w=2u, x=%, y=?

For high-security applications, munging may not be very effective, because it only adds 2-3 bits of entropy, thus increasing the time needed to perform a brute force dictionary attack by a factor of 4–8. It should also be noted that hackers are aware of such substitutions and will be in their arsenal of techniques to try first when attempting a dictionary attack to beak the password.


National Cyber Security Centre (NCSC) – This is a UK government organisation (part of the GCHQ) that acts as a bridge between industry and government, providing a unified source of advice, guidance and support on cyber security, including the management of cyber security incidents.

NAS Drive – NAS stands for Network Addressed Storage. This is a disk drive that is external to a PC but is accessed via the internal network by PC’s and other devices. They come in various capacities, from consumer models to much larger models used by businesses.

National Institute of Standards and Technology (NIST) – This is a non-regulatory federal agency within the U.S. Department of Commerce. NIST’s mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.

Network Address Translation (NAT) – This is an approach that is used to remap a IP address space into another by modifying network address while they are in transit. This technique was originally used for rerouting traffic in IP networks without renumbering every host. Typically home or small business networks use NAT to share a single DSL or Cable modem IP address. However, in some cases NAT is used for servers as an additional layer of protection.

Network Mapping – This is the study of physical connectivity of networks. It is used to compile an electronic inventory of the systems and the services on any network. It is a process used to discover and visualize physical and virtual network connectivity via a group of interrelated tasks that facilitate the creation of a network map, including flow charts, network diagrams, topology detection and device inventories. It is geared toward the creation of visual aids and materials that can be used for a broad array of purposes, especially network maintenance. With the increase in complexities of networks, automated network mapping has become more popular.

Network Tap – These are hardware devices that help in accessing the data flow across a computer network. It is also desirable for a third party to monitor the traffic between two points in the network. The network tap has (at least) three ports, an A port, a B port, and a monitor port. Network taps are generally used for network intrusion detection systems, VoIP recording, network probes, RMON probes, packet sniffers, and other monitoring and collection devices and software that require access to a network segment.

NeoBanking – This refers to a growing wave of 100% digital banks, which are customer-driven by nature and with a special focus on delivering friction-less money management and payment experience. 

Network – Two, or more, computers or devices with compute capabilities (e.g. phones, PC’s, IoT devices) that are linked in order to share or access resources.

Network-based Intrusion Detection Systems (NIDS) – These are placed at a strategic point (or points) to monitor the traffic on the network. It analyses the passing traffic on the entire subnet, and matches the traffic that is passed on the subnets to the library of known attacks. When an attack is identified, or abnormal behaviour is detected, an alert is sent to the administrator. OPNET and NetSim are commonly used tools for simulation network intrusion detection systems.

Network Lateral Movement – This refers to the set of techniques used by cybercriminals or threat actors to systematically move through a computer network. These techniques help them speed up their search for sensitive assets or data on the network.

Nigeria Scam – Sometimes called 419 or African Scam, is a scam where the scammer gives the impression you can gain a large amount of money and only requires bank information to deposit the money into your account. In reality, the bank information is used against the person or the deposits are kept with no reward. This is typically done over email but can also be done over instant messaging platforms. The 419 scam is named after the penal code that it is prosecuted under in Nigeria, Africa.

Non-Printable Character – This is a character that doesn’t have a corresponding character letter to its corresponding ASCII code and therefore cannot be printed. Examples would be the Linefeed, which is ASCII character code 10 decimal, the Carriage Return, which is 13 decimal, or the bell sound, which is decimal 7. On a PC, you can often add non-printable characters by holding down the Alt key, and typing in the decimal value (i.e., Alt-007 gets you a bell). There are other character encoding schemes, but ASCII is the most prevalent.

Non-Repudiation – This refers to the ability of a system to prove that a specific user and only that specific user sent a message and that it hasn’t been modified. On the Internet, a digital signature is used not only to ensure that a message or document has been electronically signed by the person, but also, since a digital signature can only be created by one person, to ensure that a person cannot later deny that they furnished the signature.

Null Session – This is a method that allows an anonymous user to retrieve information such as user names and share this over the network, or connect without authentication. Null sessions are one of the most commonly used methods for network exploration employed by “hackers.” A null session connection allows you to connect to a remote machine without using a user name or password. Instead, you are given anonymous or guest access. This is also known as Anonymous Logon.

NXDomain – This is non-existent Internet or Intranet domain name. If the domain is unable to be resolved using the DNS, a condition called the NXDOMAIN occurred. This can occur when a user mistypes a URL to a website and typically results in an error page being displayed.

NXDomain Hijacking – When an NXDomain condition occurs, these errors can be intercepted by an ISP and shows a custom page. You may also see a customised page displayed by a website, for example on Amazon they have an Ooops page you may have seen. This can be abused by ISP’s and websites by:

  • They may serve you ads as part of a response of a webpage or
  • If a name you type in your browser does not exist their systems may direct you to a list of sponsored links that may be closely associated with the name you typed in.


OAUTH – This is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. This mechanism is used by companies such as Amazon, Google, Facebook, Microsoft and Twitter to permit the users to share information about their accounts with third party applications or websites (login with Google, Login with Facebook, etc.).

One-Way Encryption – Sometimes called a one-way hash function, is designed in a manner that it is hard to reverse the encryption process, that is, to find a string that hashes to a given value (hence the name one-way). A good hash function makes it hard to find two strings that would produce the same hash value.

Online Survey Scam – This is a web site that says they offer money or gift vouchers to participants for answering questions. Usually, these sites ask the user to spend an unreasonable amount of time, for insufficient pay-out. Often, the promised money or vouchers are never payed out. The main goal of an online survey scam is to obtain demographic information that the site may sell to spammers or other marketers.

Open Shortest Path First (OSPF) – This is a routing protocol for IP networks and uses a link-state routing algorithm. It falls into the group of interior routing protocols, operating within a single autonomous system (AS). OSPF is the most commonly used interior gateway protocol (IGP) in large enterprise networks.

Open System Interconnection (OSI) – This is ISO standard for worldwide communications. OSI defines a networking framework for implementing protocols in seven layers. OSI defines seven layers of functions that take place at each end of a communication as follows:

  • Layer 1 – Physical Layer
  • Layer 2 – Data Link layer
  • Layer 3 – Network Layer
  • Layer 4 – Transport Layer
  • Layer 5 – Session layer
  • Layer 6 – Presentation Layer
  • Layer 7 – Application Layer.

Providing network functions in layers (as above) provides separation of protocols and technologies which can be developed independently and matches a set of interconnecting protocols. (see more here).

Open Redirect – This is when a legitimate site allows unauthorized users to create URLs on that site to redirect visitors to other sites. For example, Google has an open redirect at the URL[url]

This can be used by anyone, including attackers, to redirect a visitor through Google’s site to another site. See also our blog on this subject for more details.

OpenSCAP – This is an ecosystem that provides multiple tools to assist administrators and auditors with assessment, measurement, and enforcement of security baselines. We maintain great flexibility and interoperability, reducing the costs of performing security audits. See their website here.

Operating System – This is the software that comes with your device that allows you to interact with the device. Typically this is Android, IOS, MAC OS or Windows 10.

Overload – This is defined as the limitation of system operation by excessive burden on the performance capabilities of a system component. Typically DDOS Attacks attempt to overload a system to deny access and to crash the system.


Packet Capture – This is the process of intercepting and logging network traffic.

Packet Sniffer/Analyser – This is a computer program or piece of computer hardware (such as a packet capture appliance) that can intercept and log traffic that passes over a digital network or part of a network. As data streams flow across the network, the sniffer captures each packet and, if needed, decodes the packet’s raw data, showing the values of various fields in the packet, and analyzes its content according to the appropriate RFC or other specifications. See also Packet Capture, WiFi Analyzer, Wireless Analyzer. A packet analyzer can also be referred to as a network analyzer or protocol analyzer though these terms also have other meanings.

Password – This is a secret set of characters that is used to authenticate a user to a website or software service that is accompanied also by a user name. It is sometimes accompanied by other factors for authentication purposes (see Two factor Authentication).

Password Hash – This is a technique to obscure passwords when stored in a database. When passwords are stored in a database, they are normally hashed using a hashing algorithm and the result stored rather than the password. When you then try to login, you will enter your password and the hashing algorithm works on it to reproduce the same string of characters. If the hashed passwords match you are granted access.

See also Hash and Pass-the-Hash Attack.

Password Spraying – This is when an attacker takes a known password, and attempts to use it on multiple accounts. This is similar to credential stuffing. The defence against this kind of attack is to ensure you have different passwords for each account you use and where possible use 2-factor authentication. See our Guidance on the Effective Use of Passwords.

Pass-the-Hash Attack – This is a technique whereby an attacker is capturing NT(LM) hash(es) from memory on a compromised workstation or server, after they have obtained local admin privileges. With those stolen credentials, they can open a new authentication session on behalf of a compromised user, and later on move laterally as that user with their permissions.

Patching – This is the application of updates to firmware, software or operating systems to improve security and/or enhance functionality.

Penetration Test – This is an authorised simulated cyber attack that seeks to discover any vulnerabilities in computer systems. The process typically uses the same techniques malicious hackers would use, but instead of using this knowledge to cause harm, the vulnerability is responsibly disclosed. This is sometimes abbreviated to PenTest.

Pen Drive – This is a portable and very compact USB storage device based on Flash memory. They come in various sizes and capacities and can typically be attached to a key fob. They are highly useful for storing files on temporarily while you are transporting the data. The USB interface comes in all popular forms (Type A/C).

Penetration Tester – This is typically an ethical hacker that exercised authorised penetration testing (see Penetration Test above).

Pharming – An attack method that focuses on the network infrastructure that results in a user being redirected to an illegitimate website despite the user having entered the correct address.

Phishing – This is typically when you receive an email that claims to be some form of offer, or request for information that is fraudulent. The emails can look genuine (e.g. form your bank), and can trick a lot of people into disclosing their login credentials or key banking information. among other things. See also Lateral Phishing.

Phrase Attack – This is a more refined form of Brute Force Attack (see above) where the attacker uses combinations of words, phrases or known passwords to gain access to a computer system. Typical phrases can be drawn from literature quotes, song titles, etc. This is often a refinement of a dictionary attack.

Physical Hacker/Penetration Tester – This is where a penetration tester (or hacker) will attempt to get physical access to buildings, and in particular computing resources, to execute cyber attacks that require physical access to the actual computers to execute (ones that cannot be executed remotely). This is often used by organizations to test the physical security of their establishments to stop unauthorised access to sensitive areas and/or information and to test their procedures around physical access to physical resources (buildings, data centres, secure rooms).

The Physical Penetration tester will use a number of techniques to gather enough information to gain access, including:

  • Social Engineering
  • Physical Reconnaissance/Stake-Outs
  • Getting building plans from local authority planning departments
  • Evaluating employee dress styles so as to better fit in when accessing the building
  • Where people smoke
  • Evaluating services that regularly visit the site (e.g. electrical, plumbing, air conditioning, cleaning staff)
  • Types of entry controls (e.g. badge activated door locks, types of physical locks)
  • Secluded entry, e.g. a fire exit that is not visible from the street and may not have the same level of security as the main door
  • Surveillance systems (e.g. CCTV, intrusion detectors, motion detectors, alarm systems).

Point-to-Point Protocol (PPP) – is a Network layer (layer 3) communications protocol between two routers directly without any host or any other networking in between. It can provide connection authentication, transmission encryption, and compression.

Police Browser Lock Scam – This is where of your web browser’s full-screen mode is used to show a fake Windows 10 desktop (MAC or any other operating system) stating your computer is locked. The scammer often which pretends to be law enforcement locking your browser due to illegal activity. These scams then state that if you pay a fine via a credit card, it will unlock your computer so you can use it again.

Ponzi scheme – This is an example of an Investment Fraud where victims are lured in using the false promise of lucrative “investment” opportunities. In reality there is no investment and the money paid by victims goes straight into the pockets of criminals. See also Investment Scams.

Public Key – This is the publicly-disclosed component of a pair of cryptographic keys used for asymmetric cryptography.

Public Key Encryption – This is a cryptographic system that uses two keys, a public key known to everyone and a private or secret key known only to the recipient of the message.


Quality of Service – This is the ability to provide different priority to different applications, users, or data flows, or to guarantee a certain level of performance to a data flow. It can also refer to the description or measurement of the overall performance of a service, such as a telephony or computer network or a cloud computing service, particularly the performance seen by the users of the network. To quantitatively measure quality of service, several related aspects of the network service are often considered, such as packet loss, bit rate, throughput, transmission delay, availability, jitter, etc.


Ransom Ware – This is a form of malware that typically encrypts your files on your computer and forces you to pay the hacker (normally in some form of Crypto Currency) to provide the key to decrypt your files. In many cases there is no intention by the cyber criminal to provide the unlock code, and you will be left with a totally encrypted, and therefore useless, system. This form of attack often uses a social engineering method to implant the initial malware, or some other vulnerability within the computer system.

Ransom Distributed Denial-of-Service Attack – Following a Ransomware attack, some actors threaten to start a Distributed Denial of Service Attack if they don’t pay the ransom within a specified period.

Reconnaissance – This is the phase of an attack in the Cyber Security Kill Chain where an attacker is able to locate new systems, maps out several networks, and probes for specific vulnerabilities in the system or network. It is used to obtain information by either visual observation or other detection methods about the activities and resources of an attacker.

Red Team – This is typically an independent group that challenges an organization to improve its effectiveness by assuming an adversarial role or point of view. In the context of Cyber security a Red Team will be a group of white hat hackers that engage in the following to test the security level of a company:

  • Offensive Security
  • Ethical Hacking
  • Exploiting vulnerabilities
  • Penetration testing
  • Back Box Testing
  • Social Engineering
  • Web App Scanning.

See also Blue Team.

Re-entrancy Attack – This is where hackers can withdraw funds repeatedly from a compromised account before the original transaction is approved or declined. This often relates to attacks on Cryptocurrency wallets, but can also relate to smart contracts.

Reflective DDos and Amplification Attacks – In initiating a DDoS attack, a hacker would look to utilize a vulnerability, or in some cases a feature, of a system to amplify the number of packets sent to its target. Typically for every packet, or request, sent to a server, the server would return a larger number of packets that can be spoofed to come from the target system. In this way the hacker can engineer a DDoS attack with very little investment from themselves in setting up an extensive botnet.

Reflexive Access Control Lists (ACL) – These are an important part of securing the network against network hackers and is generally included in a firewall defence. Reflexive access lists provides a level of security against spoofing and denial-of-service attacks. Reflexive ACLs for Cisco routers are a step towards making the router act like a stately firewall. The router makes filtering decisions based on whether connections are a part of established traffic or not.

Refund Scam/Fraud – This is the act of defrauding a retail store via the return process (could be a high street store or an online store). There are various ways in which this crime is committed, for example, the offender may:

  • Return stolen merchandise to secure cash
  • Steal receipts or receipt tape to enable a falsified return
  • Use somebody else’s receipt to try to return an item picked up from a store shelf.

Registry – This is a system-defined database where applications and system components store and retrieve configuration data. Applications use the registry API to retrieve, modify, or delete registry data.

Regression Analysis – This is the use of scripted tests which are used to test software for all possible input is should expect. Typically developers will create a set of regression tests that are executed before a new version of a software is released.

Remote Access Scam – This is a scam where criminals contact you out of the blue, pretending to be the representative of a reputable organisation. This may be a telephone or internet provider or sometimes a bank or other service provider. Once the criminals have your attention, you’ll usually be offered services such as;

  • fixing, upgrading or protecting your computer or device, internet service or the websites you use
  • help getting you a refund for an overpayment
  • help stopping a payment from leaving your account

In order to provide you with their ‘help’ criminals will typically ask you to assist by allowing them access to your computer or mobile device. To do this, they may ask you to download software to your computer, or download an app to your mobile device, and accept their request for access. After successfully gaining access to your computer or mobile device, criminals may ask you to log onto your Online Banking.

This can also be part of a malware infestation that appears to have come from some from of cyber attack or ransomware through a popup windows or a full screen banner that you cannot dismiss.

Remote Desktop Protocol (RDP) – What this does is allows a user to initiate a connection to a remotely accessible PC/Server via a network that allows the user to interact with the remote machine as if it was local. This feature actually displays the desktop as if you were directly logged into the machine locally. This is a very useful feature as it allows someone to manage servers and PC’s remotely and is a feature actively used by system administrators in just about every kind or organisation. It is also used to access desktop PC’s via corporate VPN’s which means the user does not need an expensive company supported laptop to work remotely – they can just login via their home PC.

Remote Network Monitoring (RMON) – Remote Monitoring (RMON) is a standard monitoring specification that enables various network monitors and console systems to exchange network-monitoring data. RMON provides network administrators with more freedom in selecting network-monitoring probes and consoles with features that meet their particular networking needs. An RMON implementation typically operates in a client/server model.

Request for Comments (RFC) – This is a type of publication from the Internet Engineering Task Force (IETF) and the Internet Society. An RFC is authored by engineers and computer scientists in the form of a memorandum describing methods, behaviours, research, or innovations applicable to the working of the Internet and Internet-connected systems. RFC started in 1969, when the Internet was the ARPANET.

Resource exhaustion – This is a kind of cyber attack where the attacker ties up finite resources on a system, making them unavailable to others.

Responsible Disclosure – Computer systems are often very complex beasts, that are developed by people with varying degrees of skill, who often make mistakes that allow an attacker to exploit a weakness in the system. Security researchers are always looking or these types of mistakes so that they can be responsibly disclosed to the vendor of the system for them to be fixed. The type of disclosure varies, but often the vendor is given a period of time (say 90 days) to fix the issue and provide an update closing the vulnerability. Once the vulnerability is made public, the vulnerability is immediately exploitable unless a patch has been deployed and installed on all affected devices. This is why you should always install security updates on your devices, and in the case of phones/tablets ensure your vendor actively patches your device.

Reverse Address Resolution Protocol (RARP) – This is a computational protocol where a physical machine in a local area network (LAN) can request to learn its IP address from a gateway server’s Address Resolution Protocol (ARP) table or cache. When a new machine is set up, its RARP client program requests from the RARP server on the router to be sent its IP address.

Reverse Engineering – This is the process of extracting design information or any kind of sensitive information by disassembling and analysing the design of a system component. Also known as Back Engineering.

Reverse Lookup – This is a technique used to locate the hostname that corresponds to a particular IP address. Reverse lookup uses an IP (Internet Protocol) address to find a domain name.

Reverse Proxy – This is a device or service that is placed between a client and a server in a network. All the incoming HTTP requests are handled by the proxy (back-end webservers), so the proxy can then send the content to the end-user.

Risk Assessment – This is a systematic process to analyse and identify any possible threats or risks that may leave sensitive information vulnerable to attacks. It also employs methods to calculate the risk impact and eliminate such threats.

Risk Averse – This means avoiding risks even if this leads to the loss of opportunity.

Rivest-Shamir-Adleman (RSA) – This is one of the first practical public-key cryptosystems and is widely used for secure data transmission. RSA is an algorithm for asymmetric cryptography, invented in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. This is based on the practical difficulty of factoring the product of two large prime numbers, the factoring problem.

Role Based Access Control (RBAC) – This assigns users to roles based on their organizational functions and determines authorization based on those roles. It is used by enterprises with more than 500 employees, and can implement mandatory access control (MAC) or discretionary access control (DAC).

Romance scams – Dating apps and websites are gaining popularity worldwide, which gives scammers a platform to lure money from love-searching individuals. These scams, like many others, can be executed anywhere in the world, thus people must be very careful who they decide to trust online.

Root Certificate – This is a public key certificate that identifies a root certificate authority (CA). Any website accessible over https needs to be signed by a root certificate to ensure its authenticity. If you want the technical detail I suggest you look at this Wikipedia Page.

Root Kit – This is a form of malware that often sits in the background gathering information, and in most cases the victim won’t even know it is there. The software can also act as a backdoor allowing the attacker access to otherwise inaccessible parts of the system. Root Kits can reside in the lowest levels of the system (kernel), and can often reside in an area of the hard drive where the operating system resides (boot drive) and can be activated at boot time before all the normal defences are in place. These are particularly an issue with systems that don’t support a secure boot process.

Rooted Device – This normally refers to phones/tablets (both Android and Apple), where changes are made to the boot sequence to allow the user full access to the operating system. In this way you can make changes to the underlying OS. However, in doing this your device becomes much less secure and more vulnerable to malware. You may also void your warranty. This is also referred to as ‘Jail Breaking the phone.

Router – This is a device that allows other devices to communicate with other networks and/or the Internet. It often sits on the boundary of a network between the internal network ad the outside network. It can also sit internally to the network that bridges between internal networks. Consumers will often relate this to WiFi routers or WiFi access points.

Routing Information Protocol (RIP) – This defines a manner for routers to share information on how to route traffic among various networks. RIP is classified by the Internet Engineering Task Force (IETF) as an Interior Gateway Protocol (IGP), one of several protocols for routers moving traffic around within a larger autonomous system network.

Routing Loop – This is where two or more poorly configured routers repeatedly exchange the same data packet over and over.

RPC scans – These determine which RPC services are running on a machine.

Rule Set Based Access Control (RSBAC) – This targets actions based on rules for entities operating on objects. RSBAC is an open source access control framework for current Linux kernels, which has been in stable production use since January 2000.


Safe Mode – This relates to a mode you can boot your device into that only boots the parts of the operating system that it needs to provide essential functions. It is a mode that allows you to determine of problems with your device are related to an app or hardware drivers and often allows you to perform removal actions to fix the issue. Booting your device into Safe Mode will depend on the device you have and in some cases the manufacturer. A simple internet search should find the method for your device.

Safeguards – These are protective measures prescribed to meet the security requirements (i.e., confidentiality, integrity, and availability) specified for an information system. Safeguards may include security features, management constraints, personnel security, and security of physical structures, areas, and devices. Synonymous with security controls and countermeasures.

Safeguarding Statement – This is a statement affixed to a computer output or printout that states the highest classification being processed at the time the product was produced and requires control of the product, at that level, until determination of the true classification by an authorized individual.

Salt -This is a non-secret value that is used in a cryptographic process, usually to ensure that the results of computations for one instance cannot be reused by an Attacker.

Sandboxing – This is a technique which allows untrusted programs written in an unsafe language, such as C, to be executed safely within the single virtual address space of an application.

Sanitization – This is the process to remove information from media such that information recovery is not possible. It includes removing all labels, markings, and activity logs.

Sawfish Phishing – This is a simple social engineering phishing method where the attacker will set up a some form of alert email (e.g. an alert that your system has been hacked) and on clicking on a malicious link you will be taken to a page made to look like a legitimate website where you will enter valid credentials (e.g. your email account, shopping account). See also Social Engineering.

Scam – This is a term used to describe any fraudulent business or scheme that takes money or other goods from an unsuspecting person. With the world becoming more connected thanks to the Internet, online scams have increased. Scams often fall into the following categories:

  • Phishing, and Social Engineering in general
  • Auction Fraud
  • Donation Scam
  • Catish
  • Cold Call Scams
  • Chain mail
  • Online Survey Scams
  • Crowdfunding scams
  • Sextortion email scams
  • Amazon Prime scam

See definitions for the above in other parts of this glossary and our Scams and Fraud 101 – A Pocket Guide.

Scanning – In terms of a cyber attack, this is sending network data packets or requests to another system to gain information to be used in a subsequent cyber attack.

Scheduled Maintenance – This is any repair and upkeep work performed within a set timeframe. It details when given maintenance tasks are performed and by whom. Scheduled maintenance may occur at repeating intervals or in response to a work request. This is not classified as an Incident.

Script Kiddy – A script kiddie (also called a skiddie, or skid) is typically an individual who uses scripts or programs developed by others to attack computer systems and networks and deface websites. They generally lack the skill to write such scripts and programs themselves. This does not relate to the age of the individual concerned. The term is considered to be derogatory in popular hacking culture.

SDK Spoofing – This is also known as traffic spoofing or replay attacks. It is the creation of illegitimate installs using data of real devices.

Secret Key – This is a cryptographic key that is used with a symmetric cryptographic algorithm that is uniquely associated with one or more entities and is not made public.

Secret Key (symmetric) Cryptographic Algorithm – This is a cryptographic algorithm that uses a single secret key for both encryption and decryption.

Secret Seed – This is a secret value used to initialize a pseudorandom number generator. Often used in Cryptography.

Secure Communication Protocol – This is a communication protocol that provides the appropriate confidentiality, authentication, and content-integrity protection.

Secure Erase – This is an overwrite technology using a firmware-based process to overwrite a hard drive so that all information on the hard drive is inaccessible. It often uses some form of drive encryption as well as random data written to the hard drive to obscure the original data.

Secure Hash Algorithm (SHA) – This is a hash algorithm with the property that is computationally infeasible to find a message that corresponds to a given message digest, or to find two different messages that produce the same message digest.

Secure Hash Standard – This specifies secure hash algorithms -SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256 -for computing a condensed representation of electronic data (message). When a message of any length less than 2 64 bits (for SHA-1, SHA224 and SHA-256) or less than 2 128 bits (for SHA-384, SHA-512, SHA-512/224 and SHA-512/256) is input to a hash algorithm, the result is an output called a message digest. The message digests range in length from 160 to 512 bits, depending on the algorithm. Secure hash algorithms are typically used with other cryptographic algorithms, such as digital signature algorithms and keyed-hash message authentication codes, or in the generation of random numbers (bits). The hash algorithms specified in this Standard are called secure because, for a given algorithm, it is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest. Any change to a message will, with a very high probability, result in a different message digest. This will result in a verification failure when the secure hash algorithm is used with a digital signature algorithm or a keyed-hash message authentication algorithm. In addition, a secure hash standard is a specification for a secure hash algorithm that can generate a condensed message representation called a message digest.

Secure Shell (SSH) – This is a UNIX-based command interface and protocol used to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. Also known as Secure Socket Shell.

Secure State – This is a condition in which no subject can access any object in an unauthorized manner.

Secure Subsystem – This is a subsystem containing its own implementation of the reference monitor concept for those resources it controls. Secure subsystem must depend on other controls and the base operating system for the control of subjects and the more primitive system objects.

Security Association – This is a relationship established between two or more entities to enable them to protect data they exchange.

Security Attribute – This is a security-related quality of an object. Security attributes may be represented as hierarchical levels, bits in a bit map, or numbers. Compartments, caveats, and release markings are examples of security attributes. A security attribute is also an abstraction representing the basic properties or characteristics of an entity with respect to safeguarding information; typically associated with internal data structures (e.g., records, buffers, files) within the information system which are used to enable the implementation of access control and flow control policies; reflect special dissemination, handling, or distribution instructions; or support other aspects of the information security policy.

Security Authorization Boundary – This is an information security area that includes a grouping of tools, technologies, and data.

Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions (statements that service providers use to make access-control decisions). SAML is also:

  • A set of XML-based protocol messages
  • A set of protocol message bindings
  • A set of profiles (utilizing all of the above).

Security Categorization – This is the process of determining the security category for information or an information system.

Security Category – This is the characterization of information, or an information system, based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information, or information system, would have on organizational operations, organizational assets, individuals or a nation.

Security Concept of Operations – This is a security-focused description of an information system, its operational policies, classes of users, interactions between the system and its users, and the system’s contribution to the operational mission.

Security Content Automation Protocol (SCAP) – This is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization, including e.g., FISMA (Federal Information Security Management Act, 2002) compliance. The National Vulnerability Database (NVD) is the U.S. government content repository for SCAP. An example of an implementation of SCAP is OpenSCAP.

Security Controls – These are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. See also below:

  • Security Control Assessment
  • Security Control Baseline
  • Security Control Effectiveness
  • Security Control Enhancements
  • Security Control Inheritance.

Security Control Assessment – This is the testing and/or evaluation of the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. Security Control Assessor is the individual, group, or organization responsible for conducting a security control assessment.

Security Control Baseline – This is the set of minimum security controls defined for a low-impact, moderate-impact, or high-impact information system.

Security Control Effectiveness – This is the measure of correctness of implementation (i.e. how consistently the control implementation complies with the security plan) and how well the security plan meets organizational needs in accordance with current risk tolerance.

Security Control Enhancements – These are statements of security capability to build in additional, but related, functionality to a basic control.

Security Control Inheritance – This is a situation in which an information system or application receives protection from security controls (or portions of security controls) that are developed, implemented, assessed, authorized, and monitored by entities other than those responsible for the system or application; entities either internal or external to the organization where the system or application resides.

Security Domain – This is a set of subjects, their information objects, and a common security policy which executed by a single authority.

Security Engineering – This is an interdisciplinary approach, and means to enable the realization, to secure systems. It focuses on defining customer needs, security protection requirements, and required functionality early in the systems development life cycle, documenting requirements, and then proceeding with design, synthesis, and system validation while considering the complete problem.

Security Fault Analysis (SFA) – This is an assessment, usually performed on information system hardware, to determine the security properties of a device when a hardware fault is encountered.

Security Filter – This is a secure subsystem of an information system that enforces security policy on the data passing through it.

Security Functions – These are the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based.

Security Goals – These are the five security goals of:

  • Confidentiality
  • Availability
  • Integrity
  • Accountability
  • Assurance.

Security Hacker – This is someone who explores methods for breaching defences and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or to evaluate system weaknesses to assist in formulating defences against potential hackers. See also Black Hat Hacker, White Hat Hacker, Blue Team, Red Team.

Security Impact Analysis – This is the analysis conducted by an organization to determine the extent to which changes to the information system have affected the security state of the system.

Security Information and Event Management (SIEM) – This is typically software that gives security professionals both insight into, and a track record of, the activities within their IT environment.

Security Inspection – This is the examination of an information system to determine compliance with security policy, procedures, and practices.

Security Kernel – This is the Hardware, firmware, and software elements of a trusted computing system. A security kernel must mediate all accesses, be protected from modification, and be verifiable as correct.

Security Level – This is a hierarchical indicator of the degree of sensitivity to a certain threat. It implies, according to the security policy being enforced, a specific level of protection.

Security Markings – These are human-readable indicators applied to a document, storage media, or hardware component to designate security classification, categorization, and/or handling restrictions applicable to the information contained therein. For intelligence information, security markings could include compartment and sub-compartment indicators and handling restrictions.

Security Net Control System -This is a management system overseeing and controlling implementation of network security policy.

Security Operations Centre – This is a standard group of Analysts who analyse an incident/alert created out of a security product. 

Security Perimeter – This is a physical or logical boundary that is defined for a system or domain within which a specified security policy or security architecture is applied.

Security Plan – This is a formal document that provides an overview of the security requirements for an information system, or an information security program, and describes the security controls in place or planned for meeting those requirements.

Security Policy – This is a set of rules and practices that specify how a system or organization delivers security services to protect sensitive and critical information.

Security Posture – This is the security status of an enterprise’s networks, information, and systems based on IA resources (e.g. people, hardware, software, policies) and capabilities in place to manage the defence of the enterprise and to react as the situation changes.

Security Management Plan – This is a formal document that provides an overview of the security requirements for an organization-wide information security program and describes the program management security controls and common security controls in place or planned for meeting those requirements.

Security Relevant Change – This is any change to a system’s configuration, environment, information content, functionality, or users which has the potential to change the risk level imposed upon its continued operations.

Security Requirements – These are requirements levied on an information system that are derived from applicable laws, Executive Orders, directives, policies, standards, instructions, regulations, or procedures, or organizational mission/business case needs to ensure the confidentiality, integrity, and availability of the information being processed, stored, or transmitted. The Security Requirements Baseline is the description of the minimum requirements necessary for an information system to maintain an acceptable level of risk.

Security Requirements Traceability Matrix (SRTM) – This is a Matrix that captures all security requirements linked to potential risks and addresses all applicable C&A requirements. It is, therefore, a correlation statement of a system’s security features and compliance methods for each security requirement.

Security Safeguards – These are protective measures and controls prescribed to meet the security requirements specified for an information system. Safeguards may include security features, management constraints, personnel security, and security of physical structures, areas, and devices.

Security Service – This is a capability that supports one, or many, of the security goals.

Security Specification – This is the detailed description of the safeguards required to protect an information system.

Security Testing – This is the process to determine that an information system protects data and maintains functionality as intended. Also called Penetration Testing. See also Red Team and Blue Team.

Security Update/Patch – Providers of software packages and operating systems will often maintain their products for a period of time following release with updates that close security vulnerabilities. If you are on an flagship smartphone, or you have Windows 10/MacOS on your PC, you will see monthly updates named ‘Security Update’s that install updates to close vulnerabilities that have been reported to the vendor (see also ‘Zero-Day Vulnerability below). It is very important that these updates are provided and installed immediately, but not all devices are supported in this way. This is distinct from Feature Updates, or OS upgrades, which update the version of the Operating System (e.g. Windows 10, MacOS, Android, IOS) or software package to a new generation of the software.

Secure/Multipurpose Internet Mail Extensions (S/MIME) – This is a standard for public key encryption and signing of MIME data. S/MIME is on an IETF standards track and was originally developed by RSA Data Security. See also MIME.

Seed Key – This is an initial key used to start an updating or key generation process in cryptography.

Sender Policy Framework (SPF) – This s an email authentication method designed to detect forged sender addresses during the delivery of the email. SPF alone is limited to detect a forged sender claimed in the envelope of the email which is used when the mail gets bounced. Only in combination with DMARC can it be used to detect the forging of the visible sender in emails (email spoofing).

Separation of Duties (SoD) – This is the splitting privileges and roles among multiple individuals or systems.

Server – This is typically a dedicated computer system, often a cluster of individual computers working together, that provide the back-end services that make your applications work. These computers host databases and other software commonly referred to as the applications back-end. For example, IMDB on Android/IOS is effectively a front end to a server that hosts a database and set of search engines that deliver the movie information you request.

Server Side Request Forgery – (SSRF) These let an attacker send crafted requests from the back-end server of a vulnerable web application. Criminals usually use SSRF attacks to target internal systems that are behind firewalls and are not accessible from the external network. An attacker may also leverage SSRF to access services available through the loopback interface ( of the exploited server. SSRF vulnerabilities occur when an attacker has full or partial control of the request sent by the web application.

Session – This is a virtual connection between two hosts by which network traffic is passed. It is a way to store information (in variables) to be used across multiple pages.

Session Hijacking – This is an exploitation of a valid computer session, sometimes also called a session key, to gain unauthorised access to sensitive information or services in a computer system or network. Also known as Cookie Hijacking.

Session Cookie – This is a Browser Cookie that allow users to be recognized within a website so any page changes or item or data selection you do is remembered from page to page. The most common example of this functionality is the shopping cart feature of any e-commerce site. When you visit one page of a catalog and select some items, the session cookie remembers your selection so your shopping cart will have the items you selected when you are ready to check out. Without session cookies, if you click CHECKOUT, the new page does not recognize your past activities on prior pages and your shopping cart will always be empty. Session Cookie –

Session Key – This is a key that is temporary used for a relatively short period of time. It is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers. These keys are sometimes called symmetric keys, because the same key is used for both encryption and decryption.

Sextortion Email Scam – This is a form of blackmail where a perpetrator threatens to reveal intimate images of you online unless you give in to their demands. These demands are typically for money, further intimate images, or sexual favours. Perpetrators commonly target their victims through dating apps, social media, webcams or adult pornography sites. While sextortion can be committed by individuals, organised crime is commonly behind it. In most cases, your computer has not been hacked and there is no content. However, the basis of the threat is feasible but in most cases not probable.

Shadow Password Files – These are system files where encrypted user passwords are stored so that they aren’t available to people who try to break into the system.

Side Jacking – This is a cyber attack where the attacker uses packet sniffing to read network traffic between two parties to steal the session cookie. Many web sites use SSL encryption for login pages to prevent attackers from seeing the password, but do not use encryption for the rest of the site once authenticated. This allows attackers that can read the network traffic to intercept all the data that is submitted to the server or web pages viewed by the client. Since this data includes the session cookie, it allows him to impersonate the victim, even if the password itself is not compromised. Unsecured Wi-Fi hotspots are particularly vulnerable, as anyone sharing the network will generally be able to read most of the web traffic between other nodes and the access point.

Signals Analysis – This is a process of gaining indirect knowledge of communicated data by monitoring and analysing a signal that is emitted by a system and that contains the data, but is not intended to communicate the data.

Signature – This is a distinct pattern in network traffic that can be identified by a specific tool.

Signature Spoofing Vulnerability – This enables attackers to pass inauthentic, and possibly malicious, executables/software off as if these were signed by a legitimate corporation. To guarantee that an executable is legitimate and unaltered, software manufacturers add Digital Signatures to their releases before shipping them, a process also known as Code Signing.

SIM Jacking – These attacks allow hackers to take over a person’s cell phone number. From there, they can take over their victims’ email, social media and financial accounts, extorting cryptocurrency for returned control. Common targets include celebrities or social media influencers and high-profile employees. Also called SIM Swapping, SIM Hijacking or SIM Splitting.

Simple Network Management Protocol (SNMP) – This is an Internet-standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks and more. SNMP is widely used in network management systems to monitor network-attached devices for conditions that warrant administrative attention.

S/KEY – This is a one-time password mechanism developed for authentication to Unix-like operating systems, particularly from dumb terminals or untrusted public computers. This mechanism uses a cryptographic hash function to generate a sequence of 64-bit, one-time passwords for remote user login. Since each password is only used once, the user is protected from password sniffers.

Skeleton Key Attack – A Skeleton Key is a malware which is stored in memory which allows an attacker to authenticate as any domain user in the network by using a master password. This attack requires domain administrator level privileges and access to the domain controller.

S/MIME – This is a set of specifications for securing electronic mail. Secure/ Multipurpose Internet Mail Extensions (S/MIME) is based upon the widely used MIME standard and describes a protocol for adding cryptographic security services through MIME encapsulation of digitally signed and encrypted objects. The basic security services offered by S/MIME are authentication, non-repudiation of origin, message integrity, and message privacy. Optional security services include signed receipts, security labels, secure mailing lists, and an extended method of identifying the signer’s certificate(s).

Smishing – This is a social engineering attack similar to Phishing, but instead of email they use SMS texting to deliver the request for information.

SMS Fraud – See Smishing.

Security Orchestration Automation and Response – Abbreviated to SOAR, this s a set of security software solutions that helps security teams improve efficiency by better managing threats and vulnerabilities, automating repetitive tasks, and effectively responding to security incidents. SOAR is becoming a popular way to mitigate the challenges security teams face – defending against and responding to increasingly complex threats with a small staff.

Social Engineering – The physiological manipulation of people to trick them into divulging confidential information that can be used to hack into websites and other computing resources. There are various forms of social engineering (the definitions are posted throughout this page):

  • Baiting
  • Diversion Theft
  • Impersonating
  • Pharming
  • Phishing
  • Pre-texting
  • Quid-Pro-Quo
  • Sawfish phishing
  • Smishing
  • Spear Fishing
  • Tailgating
  • Vishing
  • Water Holing
  • Website Cloning
  • Whaling.

See definitions for the above in other sections in this glossary.

Software as a Service (SaaS) – This is a distribution model for software, whereby instead of downloading the software to run locally on your PC, the program is hosted by a third-party provider, and then accessed by users over the internet, typically through a web browser interface.

Software Defined Perimeter – (SDP) This is an alternative technology to a VPN. It is designed to address the way we use the Internet and the technologies it enables. It does this by establishing dynamic, one-to-one, micro-segmented network connections between users and the resources they have authority to access. SDP supports a  Zero Trust model, which means that each time a user (be they human, IoT device, or AI programme) attempts to access a resource they will have to be authenticated and authorised, using multiple checks, before gaining network access. All other resources that users haven’t been authorised to access will remain invisible to them. This is in stark contrast to traditional VPNs where once someone has access to one part of the network they can see and gain access to everything, regardless of whether it’s relevant to them.

To simplify things, picture a hotel. In a VPN solution any user allowed through the main doors will be able to access any and all rooms. In contrast, in a SDP solution, a single room will be visible and multiple keys required to unlock that one door. 

Spear Phishing – This is similar to the other forms of Phishing (including Vishing and Smishing), where the attack is very focused on an individual. The email will be highly customised to the individual, and is a regular attack method used against enterprise executives. They will typically focus on a particular aspect of your professional interests and requires the attacker to fully research their target.

SpearPhone Attack – This is a way to eavesdrop on people’s mobile phone calls that makes use of on-board accelerometers (motion sensors) to infer speech from the devices’ speakers. This is a result of recent research where the researchers discovered that any audio content that comes through the speakers when used in speakerphone mode can be picked up by certain accelerometers in the form of sound-wave reverberations. Because accelerometers are always on and don’t require permissions to provide their data to apps, a rogue app or malicious website can simply listen to the reverberations in real time, recording them or live streaming them back to an adversary, who can analyze and infer private data from them. The research specifically focused on Android based devices, but could be applied to any type of device that processes speach and has an accelerometer.

Spoofing – This is where cyber criminals use a tactic called “spoofing” to make it look like you’re being contacted by a genuine organisation. This is often one of the first contacts in a wider fraud or social engineering attack.

Spoofed Email – Also Email Spoofing. This is when someone sends an email with a forged sender address. Typically, the sender’s name or email address and the body of the message are changed to mimic a legitimate source such as a bank, newspaper, or company. They can also mimic messages from friends and family. By pretending to be someone the victim trusts, the scammer directs their victim to a fake website that collects their personal information (see also Phishing and Social Engineering).

Spoofed Web Address or URL – This is a website that poses as another website. It sometimes applies a mechanism that exploits bugs in web browser technology, allowing a malicious computer attack. Such attacks are most effective against computers that lack recent security patches. See also our guidance on Domain Typo Squatting.

Spyware – This is a form of ‘Greyware’, bordering on malware that is often installed without the users consent and then attempts to exfiltrate information from the system. This could be system based information, information about your internet usage or private/confidential information. A Key Logger is a form of Spyware, but typically anything that is installed without the users direct consent (implied or otherwise) can be categorized as Spyware. Also called Surveillanceware.

SQL Injection Attack – This is a code injection technique that is used to attack data-driven applications, in which malicious or manipulative SQL statements are inserted into an entry field for execution.

Stalkerware – This is technology that allows third-parties to monitor one’s mobile device without the user’s knowledge, as well as to collect sensitive user information related to the user’s location and online activity later to be used for blackmail or various other malicious purposes.

Standard Query Language (SQL) – This is a programming language used in managing data held in a relational database management system (RDBMS), It is particularly useful in handling structured data.

Steganography – This is a way of encrypting data in plain sight, normally in pictures or text, and if often used for malicious intent. This can also be used to hide malware installers that exploit a vulnerability is a software application (e.g. Adobe Acrobat, Microsoft Word) that are used to read the text/picture.

Supply Chain Compromise Attack – This is the direct manipulation of products or product delivery mechanisms prior to receipt by a final consumer for the purpose of data or system compromise. Supply chain compromise can take place at any stage of the supply chain including:

  • Manipulation of development tools
  • Manipulation of a development environment
  • Manipulation of source code repositories (public or private)
  • Manipulation of source code in open-source dependencies
  • Manipulation of software update/distribution mechanisms
  • Compromised/infected system images (multiple cases of removable media infected at the factory)
  • Replacement of legitimate software with modified versions
  • Sales of modified/counterfeit products to legitimate distributors
  • Shipment interdiction.

Supply Line Attack – see Supply Chain Compromise Attack.

Surveillance Alliances – the “5 Eyes”, “9 Eyes”, and “14 Eyes” global surveillance alliances are a group of countries that have aligned themselves to share intelligence relating to all manner of threats. They are increasingly discussed terms within the privacy community. This is especially true when discussing privacy tools, such as VPNs. These terms are references to global surveillance alliances between the US, UK, Australia, and several other countries around the world as follows:

  • 5-Eyes Alliance includes the USA, Canada, UK, Australia and New Zealand
  • 9-Eyes Alliance includes France, Norway, The Netherlands and Denmark in addition to the 5-Eyes countries
  • 14-Eyes Alliance includes Germany, Italy, Spain, Belgium and Sweden in addition to the 5-eys and 9 eyes countries.

There is an extensive Wikipedia article on the web that goes into this in a lot more detail.

System Backup – This is an image of your computers operating system that can be stored separately from your computer and used to restore it back to a known configuration in the event of a failure (however caused) or to restore following a cyber attack (e.g. ransomware). These are typically installed by PC manufactures and often provide customised software to restore the PC back to factory conditions. See also our guidance on Backing up your data.

Headline image provided by Edho Pratama on UnSplash

Create a website or blog at

Up ↑