Cybersecurity is a world full of technical lingo and jargon. At TechCrunch, we have been writing about cybersecurity for years, and even we sometimes need a refresher on what exactly a specific word or expression means. That’s why we have created this glossary, which includes some of the most common — and not so common — words and expressions that we use in our articles, and explanations of how — and why — we use them.
This is a developing compendium, and we will update it regularly.
The ability to run commands or malicious code on an affected system, often because of a security vulnerability in the system’s software. Arbitrary code execution can be achieved either remotely or with physical access to an affected system (such as someone’s device). In the cases where arbitrary code execution can be achieved over the internet, security researchers typically call this remote code execution.
Often, code execution is used as a way to plant a backdoor for maintaining long-term and persistent access to that system, or for running malware that can be used to access deeper parts of the system or other devices on the same network.
(Also see: Remote code execution)
Botnets are networks of hijacked internet-connected devices, such as webcams and home routers, that have been compromised by malware (or sometimes weak or default passwords) for the purposes of being used in cyberattacks. Botnets can be made up of hundreds or thousands of devices, and are typically controlled by a command-and-control server that sends out commands to ensnared devices. Botnets can be used for a range of malicious reasons, like using the distributed network of devices to mask and shield the internet traffic of cybercriminals, deliver malware, or harnessing their collective bandwidth to maliciously crash websites and online services with huge amounts of junk internet traffic.
(See: Command-and-control server; Distributed denial-of-service)
A bug is essentially the cause of a software glitch, such as an error or a problem that causes the software to crash or behave in an unexpected way. In some cases, a bug can also be a security vulnerability.
The term “bug” originated in 1947, at a time early computers were the size of rooms and made up of heavy mechanical and moving equipment. The first known incident of a bug found in a computer was when a moth disrupted the electronics of one of these room-sized computers.
(Also see: Vulnerability)
Command-and-control servers (also known as C2 servers) are used by cybercriminals to remotely manage and control their fleets of compromised devices and launch cyberattacks, such as delivering malware over the internet and launching distributed denial-of-service attacks.
(See also: Botnet; Distributed denial-of-service)
When we talk about data breaches, we ultimately mean the improper removal of data from where it should have been. But the circumstances matter and can alter the terminology we use to describe a particular incident.
A data breach is when protected data was confirmed to have improperly left a system from where it was originally stored, and usually confirmed when someone discovers the compromised data. More often than not, we’re referring to the exfiltration of data by a malicious cyberattacker, or otherwise detected as a result of an inadvertent exposure. Depending on what is known about the incident, we may describe it in more specific terms where details are known.
(Also see: Data exposure; Data leak)
A data exposure (a type of data breach) is when protected data is stored on a system that has no access controls, such as because of human error or a misconfiguration. This might include cases where a system or database is connected to the internet but without a password. Just because data was exposed doesn’t mean the data was actively discovered, but nevertheless could still be considered a data breach.
A data leak (a type of data breach) is where protected data is stored on a system in a way that it was allowed to escape, such as due to a previously unknown vulnerability in the system or by way of insider access (such as an employee). A data leak can mean that data could have been exfiltrated or otherwise collected, but there may not always be the technical means, such as logs, to know for sure.
Orchestrating a distributed denial-of-service, or DDoS, is a kind of cyberattack that involves flooding targets on the internet with junk web traffic in order to overload and crash the servers, and cause the service, such as a website, online store or gaming platform.
DDoS attacks are launched by botnets, which are made up of networks of hacked internet-connected devices (such as home routers and webcams) that can be remotely controlled by a malicious operator, usually from a command-and-control server. Botnets can be made up of hundreds or thousands of hijacked devices.
While a DDoS is a form of cyberattack, these data-flooding attacks are not “hacks” in themselves as they don’t involve the breach and exfiltration of data from their targets, but instead cause a “denial of service” event to the affected service.
(Also see: Botnet; Command-and-control server)
Most modern systems are protected with multiple layers of security, including the ability to set user accounts with more restricted access to the underlying system’s configurations and settings. This prevents these users — or anyone with improper access to one of these user accounts — from tampering with the core underlying system. However, an “escalation of privileges” event can involve exploiting a bug or tricking the system into granting the user more access rights than they should have.
Malware can also take advantage of bugs or flaws caused by escalation of privileges by gaining deeper access to a device or a connected network, potentially allowing the malware to spread.
An exploit is the way and means in which a vulnerability is abused or taken advantage of, usually in order to break into a system.
(Also see: Bug; Vulnerability)
Short for “information security,” an alternative term used to describe defensive cybersecurity focused on the protection of data and information. “Infosec” may be the preferred term for industry veterans, while the term “cybersecurity” has become widely accepted. In modern times, the two terms have become largely interchangeable.
Jailbreaking is used in several contexts to mean the use of exploits and other hacking techniques to circumvent the security of a device, or removing the restrictions a manufacturer puts on hardware or software. In the context of iPhones, for example, a jailbreak is a technique to remove Apple’s restrictions on installing apps outside of its so-called “walled garden,” or to gain the ability to conduct security research on Apple devices, which is normally highly restricted. In the context of AI, jailbreaking means figuring out a way to get a chatbot to give out information that it’s not supposed to.
Malware is a broad, umbrella term that describes malicious software. Malware can land in many forms and be used to exploit systems in different ways. As such, malware that is used for specific purposes can often be referred to as its own sub-category. For example, the type of malware used for conducting surveillance on people’s devices is also called “spyware,” while malware that encrypts files and demands money from its victims also goes by “ransomware.”
(Also see: Spyware)
Metadata is information about something digital, rather than its contents. That can include details about the size of a file or document, who created it, and when, or in the case of digital photos, where the image was taken and information about the device that took the photo. Metadata may not identify the contents of a file, but can be useful in determining the sourcing of where a document came from or who authored it. Metadata can also refer to information about an exchange, such as who made a call or sent a text message, but not the contents of the call or the message themselves.
Remote code execution refers to the ability to run commands or malicious code (such as malware) on a system from over a network, often the internet, without requiring any human interaction. Remote code execution attacks can range in complexity, but can be highly damaging vulnerabilities when exploited.
(Also see: Arbitrary code execution)
A broad term, like malware, that covers a range of surveillance monitoring software. Spyware is typically used to refer to malware made by private companies, such as NSO Group’s Pegasus, Intellexa’s Predator, and Hacking Team’s Remote Control System, among others, which the companies sell to government agencies. In more generic terms, these types of malware are like remote access tools, which allows their operators — usually government agents — to spy and monitor their targets, giving them the ability to access a device’s camera and microphone, or exfiltrate data. Spyware is also referred to as commercial or government spyware, or mercenary spyware.
(Also see: Stalkerware)
Stalkerware is a kind of surveillance malware (and a form of spyware) that is usually sold to ordinary consumers under the guise of child or employee monitoring software but is often used for the purposes of spying on the phones of unwitting individuals, oftentimes spouses and domestic partners. The spyware grants access to the target’s messages, location, and more. Stalkerware typically requires physical access to a target’s device, which gives the attacker the ability to install it directly on the target’s device, often because the attacker knows the target’s passcode.
(See: Spyware)
What are you trying to protect? Who are you worried about that could go after you or your data? How could these attackers get to the data? The answers to these kinds of questions are what will lead you to create a threat model. In other words, threat modeling is a process that an organization or an individual has to go through to design software that is secure, and devise techniques to secure it. A threat model can be focused and specific depending on the situation. A human rights activist in an authoritarian country has a different set of adversaries, and data to protect, than a large corporation in a democratic country that is worried about ransomware, for example.
When we describe “unauthorized” access, we’re referring to the accessing of a computer system by breaking any of its security features, such as a login prompt, a password, which would be considered illegal under the U.S. Computer Fraud and Abuse Act, or the CFAA. The Supreme Court in 2021 clarified the CFAA, finding that accessing a system lacking any means of authorization — for example, a database with no password — is not illegal, as you cannot break a security feature that isn’t there.
It’s worth noting that “unauthorized” is a broadly used term and often used by companies subjectively, and as such has been used to describe malicious hackers who steal someone’s password to break in through to incidents of insider access or abuse by employees.
A vulnerability (also referred to as a security flaw) is a type of bug that causes software to crash or behave in an unexpected way that affects the security of the system or its data. Sometimes, two or more vulnerabilities can be used in conjunction with each other — known as “vulnerability chaining” — to gain deeper access to a targeted system.
A zero-day is a specific type of security vulnerability that has already been discovered or exploited, but that the vendor who makes the affected hardware or software has been given no time (or “zero days”) to fix the problem. As such, there may be no immediate fix or mitigation to prevent an affected system from being compromised. This can be particularly problematic for internet-connected devices.
(Also see: Vulnerability)