Cybersecurity Glossary

Virtual Private Network. A technology that creates an encrypted tunnel between your device and a remote server, protecting data in transit and masking your IP address.

Virtual Local Area Network. A logical grouping of network devices that segments broadcast domains, improving security by isolating traffic between different network segments.

A type of malware that attaches itself to legitimate programs or files and replicates when the host program is executed, spreading to other files and systems.

Voice phishing. A social engineering attack conducted over the phone where attackers impersonate legitimate entities to extract sensitive information from victims.

The automated process of identifying security weaknesses in systems and applications using specialized scanning tools that check against known vulnerability databases.

An open-source memory forensics framework for analyzing RAM dumps, used to investigate malware, rootkits, and other threats that operate in memory.

A systematic review of security weaknesses in systems and applications, identifying, quantifying, and prioritizing vulnerabilities for remediation.

The process of reporting discovered security vulnerabilities to the affected vendor or organization, with responsible disclosure allowing time for patching.

The continuous process of identifying, classifying, remediating, and mitigating security vulnerabilities across an organization technology infrastructure.

Security controls for Virtual Private Cloud environments, including security groups, network ACLs, flow logs, and peering configurations.

The process of assessing and monitoring the security risks posed by third-party vendors who have access to organizational data or systems.

The process of tracking and managing visitors entering a facility, including registration, badge issuance, and escort requirements.

AI-powered analysis of surveillance video to automatically detect security events, unusual behavior, and potential threats in real time.

The use of virtual reality technology for immersive cybersecurity training, simulating real-world scenarios for hands-on experience.

An attack that allows traffic from one VLAN to reach another VLAN by exploiting switch misconfigurations or 802.1Q tagging vulnerabilities.

Gaining higher-level permissions than currently assigned, such as a standard user obtaining administrator access.

Using AI-generated synthetic voice to impersonate individuals for social engineering, fraud, or bypassing voice-based authentication.

A W3C standard for digital credentials that can be cryptographically verified, enabling trustworthy digital identity assertions.

A VPN configuration that routes only specific traffic through the VPN tunnel while allowing other traffic to access the internet directly.

An open-source endpoint visibility and collection tool that enables forensic analysis and real-time monitoring across an enterprise.

The extraction and analysis of digital evidence from modern vehicles including infotainment systems, GPS data, and event recorders.

An attack where criminals compromise a vendor email account to send fraudulent invoices or payment redirection requests to their customers.

An automated tool that scans systems, networks, and applications to identify known security vulnerabilities and misconfigurations.

The capture of ephemeral system data from running systems including memory contents, network connections, and running processes.

A policy defining requirements for identifying, assessing, remediating, and reporting security vulnerabilities.

The process of ranking discovered vulnerabilities by risk to determine remediation order, considering exploitability and business impact.