SQL injection
SQL Injection What is it? SQL Injection (SQLi) is one of the most dangerous and common web application vulnerabilities. It occurs when an attacker manipulates a website’s database query by injecting malicious SQL code into input fields, URLs, or cookies. This allows unauthorised access to sensitive data, such as usernames, passwords, credit card numbers, and […]
Trojans
Trojans What are they? Trojans – also known as Trojan horses – are a type of malware that disguise themselves as legitimate software to deceive users and gain access to their systems. Named after the ancient Greek story of the wooden horse used to infiltrate Troy, Trojans operate under a similar principle: they appear harmless but carry a […]
Keyloggers
Keyloggers What are they? A keylogger (short for keystroke logger) is a type of surveillance software or hardware designed to record every keystroke made on a computer or mobile device. They are often associated with malicious intent, as they can be used to steal sensitive information such as usernames, passwords, credit card numbers, and personal messages – without the user’s knowledge. Here’s […]
Malvertising
Malvertising What is it and how can we defend against it. Malvertising, short for malicious advertising, is a cyberattack technique where malicious code is embedded into online advertisements. These ads are then distributed through legitimate advertising networks and displayed on trusted websites, making them particularly deceptive and dangerous. When a user views or clicks on a malvertisement, […]
Pretexting
Pretexting What is it and how can we defend against it? Pretexting is a form of social engineering attack in cybersecurity where a malicious actor creates a fabricated scenario or identity – a “pretext” – to manipulate a target into revealing sensitive information or performing actions that compromise security. Unlike phishing, which often relies on […]
Pentesting – Penetration Testing
Pentesting – Penetration Testing What is it? Penetration testing, commonly known as pentesting, is a simulated cyberattack performed by cybersecurity professionals to evaluate the security of a system, network, or application. The goal is to identify vulnerabilities that could be exploited by real attackers and to assess the effectiveness of existing security measures. Pentesting is a critical component of […]
Drive-by Downloads
Drive-by Downloads What are they? A drive-by download is a type of cyberattack where malicious software is automatically downloaded to a user’s device without their knowledge or consent, simply by visiting a compromised or malicious website. Unlike traditional malware attacks that require user interaction – like clicking a link or opening an attachment – these exploit vulnerabilities […]
Attack Surfaces
Attack Surfaces What are they? An attack surface refers to the total sum of all possible points of entry where an unauthorised user – such as a hacker – can attempt to gain access to a system, network, or application. These entry points can be physical, digital, or even human-based, and they represent the areas […]
Attack Vectors
Attack Vectors What are they? An attack vector refers to the path or method that a cybercriminal uses to gain unauthorised access to a computer system, network, or device in order to deliver a malicious payload or exploit a vulnerability. Understanding attack vectors is crucial for building effective defense strategies, as they represent the entry points through […]
NIS2- Network and Information Security Directive 2
NIS2 – Network and Information Security Directive 2 What is it? The NIS2 Directive – short for Network and Information Security Directive 2 – is a major piece of European Union legislation aimed at significantly strengthening cybersecurity across the EU. Officially titled Directive (EU) 2022/2555, it replaces the original NIS Directive (Directive 2016/1148) and came […]