Podcast
Questions and Answers
What is the name of the ransomware that was first reported in 2013?
What is the name of the ransomware that was first reported in 2013?
- Bad Rabbit
- WannaCry
- CryptoLocker (correct)
- CryptoWall
What is the term for a type of malware that spreads from system to system without the need for human interaction?
What is the term for a type of malware that spreads from system to system without the need for human interaction?
- Blended Threat
- Worm (correct)
- Trojan Horse
- Virus
What is the term for a type of malware that disguises itself as legitimate software?
What is the term for a type of malware that disguises itself as legitimate software?
- Trojan Horse (correct)
- Virus
- Worm
- Ransomware
What is the term for a type of cyber attack where an attacker injects malicious code into a website's database?
What is the term for a type of cyber attack where an attacker injects malicious code into a website's database?
What is the term for a type of web attack where an attacker tricks a user into performing an unintended action?
What is the term for a type of web attack where an attacker tricks a user into performing an unintended action?
What is the term for a type of web attack where an attacker injects malicious scripts into a website?
What is the term for a type of web attack where an attacker injects malicious scripts into a website?
What is the main difference between Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks?
What is the main difference between Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks?
What is the term for a type of malware that combines the characteristics of viruses, worms, and trojan horses?
What is the term for a type of malware that combines the characteristics of viruses, worms, and trojan horses?
What is the name of the ransomware that was spread through Facebook Messenger in 2018?
What is the name of the ransomware that was spread through Facebook Messenger in 2018?
What is the primary goal of a SQL injection attack?
What is the primary goal of a SQL injection attack?
How can SQL injection attacks be prevented?
How can SQL injection attacks be prevented?
What is the purpose of the '--' symbol in SQL?
What is the purpose of the '--' symbol in SQL?
What is the main goal of a Cross-Site Request Forgery (CSRF) attack?
What is the main goal of a Cross-Site Request Forgery (CSRF) attack?
What is the main difference between a Cross-Site Scripting (XSS) attack and a SQL injection attack?
What is the main difference between a Cross-Site Scripting (XSS) attack and a SQL injection attack?
What is a common technique used to exploit a SQL injection vulnerability?
What is a common technique used to exploit a SQL injection vulnerability?
What is the primary purpose of a web attack?
What is the primary purpose of a web attack?
What is a type of malware that involves adding malicious code to genuine macro sequences in documents or saved sequences of commands?
What is a type of malware that involves adding malicious code to genuine macro sequences in documents or saved sequences of commands?
What is a type of malware that demands payment in exchange for restoring access to data?
What is a type of malware that demands payment in exchange for restoring access to data?
What is a type of malware that combines the features of multiple types of malware?
What is a type of malware that combines the features of multiple types of malware?
What is the primary way that malware is spread through emails?
What is the primary way that malware is spread through emails?
What is a type of malware that is used to gain unauthorized access to a system or network?
What is a type of malware that is used to gain unauthorized access to a system or network?
What is a type of malware that is used to steal sensitive information, such as login credentials?
What is a type of malware that is used to steal sensitive information, such as login credentials?
What is a type of cyber attack that involves injecting malicious code into a database?
What is a type of cyber attack that involves injecting malicious code into a database?
What is a type of cyber attack that involves using a network of infected computers to launch attacks on other systems?
What is a type of cyber attack that involves using a network of infected computers to launch attacks on other systems?
Flashcards are hidden until you start studying
Study Notes
Web Attacks
- Cross-Site Request Forgery (CSRF) exploits the trust a site has in a user's browser.
- Cross-Site Scripting Attack (XSS) exploits the trust a user has for a particular site.
- SQL injection Attack involves injecting malicious SQL code to retrieve sensitive data or modify data without authorization.
SQL Injection
- Example of SQL injection:
<a href="https://insecure-website.com/products?category=Gifts">https://insecure-website.com/products?category=Gifts</a>' OR 1=1 -- - This injection retrieves all products including hidden data, bypassing restrictions.
- SQL injection can be prevented by using parameterized queries (prepared statements) instead of string concatenation within the query.
Software Threats
- Types of software threats: worms, viruses, Trojan horse programs, ransomware, blended threats.
- Examples of ransomware: CryptoLocker (2013), CryptoWall (2014), WannaCry (2017), Petya (2017), Bad Rabbit (2017), Samsam (2016), Jigsaw (2016).
- FacexWorm (May 2018) targeted cryptocurrency and spread through Facebook Messenger.
- Methods of infection: Content Internet File System (CIFS), Simple Mail Transfer Protocol (SMTP), HyperText Transfer Protocol (HTTP).
Malware
- Malware types: botnets, ransomware, keylogger, virus, Trojan horse, adware, spyware, rootkit.
- File infectors, macro viruses, overwrite viruses, polymorphic viruses, resident viruses, system or boot-record infectors are types of viruses.
- Macros are keystrokes embedded in documents or saved sequences for commands, which can be exploited by adding malicious code to genuine macro sequences.
- Methods of malware spreading: social networks, email, text messages, internet downloads.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
