Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Glossary

            A

            Adversary

            An individual, group, organization, or government that conducts, or has the intent to conduct, detrimental activities. Often synonymous with hacker, attacker, and threat actor.


            Alert

            A notification regarding current vulnerabilities, exploits, and other security issues. Also known as an advisory, bulletin, or vulnerability note.


            Advanced Persistent Threat (APT)

            A group of adversaries known to use a range of tools. APT's are frequently state sponsored actors, organized cybercriminal groups with access to hacking tools and other resources outside the reach of normal cyber criminals.


            Australian Cyber Security Center (ASCS)

            The Australian government's leading agency for cybersecurity. The center is overseen by the Cyber Security Operations Board and holds the joint responsibility of the Minister for Defense.


            Asset

            A person, structure, facility, information, material, or process that has value. Field Effect helps you know your assets and protect them.


            Advanced Threat Protection (ATP)

            Advanced Threat Protection (ATP) is an industry term referring to cloud/network/end point security service that helps protect your organization against advanced threat actors by providing focused zero-day protection, and includes features to safeguard your organization from harmful links and other  real time threats.


            Attack Method

            The manner and means, including the malware and its delivery method, that a threat actor may use to cause harm on a target.


            Attack Path

            Steps that an adversary may take to plan, prepare for, and execute an attack. Often referenced as part of the "Kill Chain" or other industry frameworks.

            B

            Backdoor

            A (usually secret, or unauthorized) means of accessing an electronic system's functionalities by bypassing some or all security mechanisms. Attackers often leave backdoors on systems they compromise so they can return later.


            Baselining

            the act of monitoring resources with the intent of discovering patterns that can be used to detect deviations from normal use on a machine(s), network or asset.


            Beacon Detection

            Beacons are small communications sent by systems across a network and used for a variety of purposes. Examples include software updates, media streaming, etc.  However, beacons are also frequently used by malware as a method of command and control or data exfiltration. Field Effect uses a variety of techniques to detect malicious beacons.


            Blacklist/Blocklist

            A blacklist or blocklist is a basic access control mechanism. Common types of blacklists include email addresses of known spammers, IP addresses, domain names of known malware controllers, and other technical details that can be used to filter or block activity on a network. Blacklists are used in systems like firewalls, email servers, etc. Field Effect uses a variety of industry standard and custom blacklists to monitor a broad spectrum of known threats.


            Botnets

            Botnets are collections of compromised computers centrally controlled by an attacker. Botnets are routinely used by threat actors to launch Denial-of-Service (DoS) attacks, distribute malware, and steal data. Field Effect uses an array of analytic techniques to identify botnets.


            Brute Force Attack

            A trial-and-error method of gaining access to systems or accounts. Attackers use software to automated many login attempts using usernames/password combinations  


            Bulletproof Hosting

            Bulletproof hosting is a type of online hosting service specializing in customer anonymity and content leniency.  Bulletproof hosts are commonly used by cyber criminals and hackers to remain hidden and avoid security protections, while still operating infrastructure online. Field Effect flags bulletproof hosts to identify potential threats and assess risk. 


            Bring-Your-Own-Device (BYOD)

            In the consumerization of IT, BYOD, or bring your own device, is a phrase that has become widely adopted to refer to employees who bring their own computing devices – such as smartphones, laptops and tablets – to the workplace for use and connectivity on the secure corporate network.

            C

            Certificate

            A form of digital identity for a computer, user, or organization. Certificates allow for the authentication and secure exchange of information.


            Command and Control (C2C)

            Command and Control (C2C) is an industry term used to describe systems and the communications that control malware. For example, a botnet may have thousands of infected systems that are centrally controlled by one C2C server. Field Effect uses a variety of techniques to detect and prevent C2C communications (ex. DNS firewall).


            Continuous Monitoring

            The act of maintaining ongoing awareness of information security, vulnerabilities, and threats with the intent of supporting cyber security, IT operations, and organizational risk management decisions.


            Countermeasure

            An action, measure, or device intended to reduce an identified risk. Counter measures can include end point enabled features such as active response through to passive measures like DNS firewalling.


            Common Vulnerabilities and Exposures (CVE)

            Common Vulnerabilities and Exposures (CVE) an industry standard way of describing a vulnerability, detecting and mitigating. See MITRE's CVE database for examples. 


            Cyber Situational Awareness

            Cyber Situational Awareness is knowing your systems, the risks to those systems, and how to mediate the risks to those systems.


            Cybersecurity

            The practice of knowing your systems, the threats to those systems, and reducing that threat surface.

            Dark Web

            The dark web forms a small part of the deep web that requires special software and account authorization to access. The dark web includes open and closed communities, marketplaces, and other services ranging from conventional websites to illegal offerings of every sort. 


            Because of its gated and closed nature, it has become synonymous with illicit and overtly criminal activity. Attackers often sell or exchange stolen data on dark web sites. Field Effect provides our clients with the resources needed to help determine if any stolen data is being shared across all parts of the web.


            Data Exfiltration

            Data exfiltration is a technical term for data theft.


            Deep Web

            The deep web refers to Internet sites and resources not typically indexed and searchable like the open web. These resources are usually protected from crawlers and human visitors by account access requirements.  The deep web includes unindexed, but discoverable resources like file shares, databases, online communities, web archives, etc.


            Because of its closed and restricted nature, it is often the home of criminal activity like stolen data and is frequently used by attackers for malware sharing and the sale of hacking services.


            Dictionary Attack

            A type of brute force attack in which the attacker uses known dictionary words, phrases, and common passwords as their guesses when trying to compromise an account. Data breaches represent a rich source of the data that makes up dictionary attacks.


            DomainKeys Identified Mail (DKIM)

            DKIM is a highly effective protection against domain spoofing and other email-based attacks.  Like SPF and DMARC, DKIM is a domain record.  DKIM allows for receiving mail systems to verify the sender.


            Domain-based Message Authentication, Reporting and Conformance (DMARC)

            DMARC is a highly effective protection against domain spoofing and other email-based attacks. Like SPF and DKIM, DMARC is a domain record. DMARC allows for receiving mail systems to verify the sender.


            Domain Name Server (DNS)

            Domain Name Servers (DNS) are the Internet's equivalent of a phone book. They maintain a directory of domain names and translate them to Internet Protocol (IP) addresses. This is necessary because, although domain names are easy for people to remember, computers access websites based on their IP addresses.


            Domain Spoofing

            Domain spoofing is a common spear phishing attack that occurs when a threat actor uses a company’s domain (e.g. acme.com) to impersonate an organization or one of its employees. The most common technique is to simply change the sending/reply-to addresses in an email being sent to the attacker’s target, in the hopes that the victim doesn’t notice the address from which the message is actually sent.


            Denial Of Service (DoS)

            A Denial-of-Service attack occurs when legitimate users are unable to access systems, devices, or other network resources due to the actions of a threat actor. The most common type of DoS attack occurs when an attacker floods a network server with traffic. In this scenario, the attacker sends an overwhelming number of requests to the target server, overloading it with traffic, which prevents regular users from accessing the service.


            Download Attack

            Unintentional installation of malicious software or virus onto a device without the user's knowledge or consent. May also be called a drive-by download.

            E

            Endpoint

            An endpoint is another word for any computing device that communicates back and forth with a network to which is it connected.  Examples of endpoints include desktops, laptops, smartphones, tablets, servers, and workstations.


            Event

            Any observable occurrence in a network or system.

            F

            False Positive

            An alert that incorrectly indicates that malicious activity is occurring.


            File Transfer Protocol (FTP)

            The File Transfer Protocol (FTP) is a standard network protocol used transferring files between a client device and server across a computer network.

            G

            General Data Protection Regulation (GDPR)

            The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU). Since the Regulation applies regardless of where websites are based, it must be heeded by all sites that attract European visitors, even if they don't specifically market goods or services to EU residents.


            Ghost IT

            Also known as shadow IT, ghost IT refers to forgotten bits of infrastructure, old servers, IoT devices, and others that are still connected but no longer in use. Ghost It may also refer to unsanctioned IT infrastructure that has been set up to circumvent corporate policy.

            H

            Heuristics

            Heuristic analysis is one of several methods used to identify previously unknown cyber threats, malware, and emerging attacker techniques. Field Effect leverages a range of data (network, host, and cloud) along with a suite of technologies like Machine Learning (ML) to address the challenge of identifying the most important threats.

            I

            Industrial Control System (ICS)

            An information system used to control industrial processes such as manufacturing, product handling, and distribution. ICSs include supervisory control and data acquisition systems that control geographically dispersed assets, as well as smaller systems using programmable logic controllers to control localized processes.


            Web Distributed Authoring and Versioning (WebDAV)

            Web Distributed Authoring and Versioning or WebDAV is a protocol whose basic functionality includes enabling users to share, copy, move and edit files through a web server. It can also be used to support collaborative applications with features like file locking and revision tracking. The extension for IIS enables Web authors to publish content easily and more securely to IIS Web servers.


            Impossible Travel

            Impossible Travel is a type of security analytic wherein system or account's access history is irreconcilable with its corresponding geographic history. This analytic is tracked by Field Effect MDR, and an example of impossible travel would be an endpoint logging into a system from Canada and China within an hour.  


            Incident

            A cyber security event that requires response, and usually the result of a threat actor, accident, or system misconfiguration.


            Incident Handling

            The mitigation of violations against an organization's security policies and recommended practices. Having a incident handling procedure(s) in place is essential to a strong cybersecurity posture as it helps organizations remain calm and confident in the face of an incident.


            Incident Response (IR)

            Incident response is an organized approach to addressing and managing a security breach or cyberattack. The primary purpose is to manage the situation in a way that limits damage and reduces recovery time/costs. 


            Indicators of Compromise (IOCs)

            Indicators of compromise are pieces of forensic data, such as system log entries or files, that identify potentially malicious activity on a system or network. Common types of IOCs include IP addresses, domain names, file hashes, and other technical details that can uniquely identify malware or malicious activity.


            Internet Of Things (IoT) Device 

            Consumer network-connected devices such as smart TVs, smart speakers, toys, wearables, and smart appliances. 


            Smart meters, commercial security systems, and smart city technologies are examples of industrial and enterprise IoT devices.


            IP Address

            An Internet Protocol address (IP address) is a numerical label assigned to each device connected to a network that uses the Internet Protocol for communication. An IP address serves two main functions: host or network interface identification and location addressing. 


            Every single device connected to the internet has an IP address. IP addresses are like telephone numbers, and they serve the same purpose. When you contact someone, your phone number identifies who you are, and it assures identity of the other caller. IP addresses serve the same purpose online.


            IP Security (IPsec)

            IPsec (IP security) is a suite of protocols developed to ensure the integrity, confidentiality and authentication of data communications over an IP network. 


            Information Sharing And Analysis Organization (ISAO)

            An ISAO is any entity or collaboration created or employed by public or private organizations, for the purpose of gathering and analyzing critical information to better understand security problems and interdependencies to cyber systems, so as to ensure their availability, integrity, and reliability.

            L

            Low Reputation Internet Service Provider (ISP)

            An Internet Service Provider which has been reported as a source of SPAM or other malicious activity.

            M

            Machine Learning (ML)

            Machine learning is a method of data analysis that automates analytical model building. It is a branch of artificial intelligence based on the idea that systems can learn from data, identify patterns and make decisions with minimal human intervention.


            Malware

            Malware is a software that compromises the operation of a system by performing an unauthorized function or process, such as a virus, worm, Trojan horse, or other code-based malicious entity that can infect a system. Some of the most common types of malwares are ransomware and adware which can cause tremendous damage to a network or run silently in the background stealing data.


            Malware Analysis

            The analysis of malicious code to identify its purpose and payload on an affected system or network. Malware analysis involves the use of various tools and techniques.


            Metadata

            Information describing the characteristics of data, for example, structural metadata describing data structures (e.g., data format, syntax, and schematics) and descriptive metadata describing data contents (e.g., information security labels).


            Multi-Factor Authentication (MFA)

            A security system that verifies a user’s identity by requiring multiple credentials. It is a critical component of identity and access management. Rather than just asking for a username and password, MFA requires other—additional—credentials, such as a code from the user’s smartphone, the answer to a security question, a fingerprint, or facial recognition.


            Multiprotocol Label Switching (MPLS)

            A routing technique in networks that directs data from one node to the next based on short path labels rather than long network addresses, thus avoiding complex lookups in a routing table and speeding traffic flows

            N

            Netflow

            NetFlow is the most widely used standard for network flow data statistics. NetFlow is commonly used to monitor and summarize network traffic for a variety of purposes. NetFlow provides visibility into traffic flow patterns as well as data volume, protocol use, and other telemetry in a network. Field Effect can leverage NetFlow as part of its monitoring and analytic capabilities.


            Network Edge Vulnerabilities

            Exposed at-risk services, vulnerable software, etc.


            Network Internal Vulnerabilities

            Misconfigured systems, vulnerable software, etc.


            NIST Cybersecurity Framework (National Institute of Standards and Technology)

            The NIST Cybersecurity Framework is an important resource for all organizations serious about understanding and improving their cyber security.  The Framework is used to guide everything from cyber security policy and incident response to product development in the industry.  The framework provides practical guidance and resources that organizations can use to assess and improve their ability to prevent, detect, and respond to cyber attacks.

            O

            Observable

            An event (benign or malicious) on a network or system.


            Open Web

            The open web, also known as the ‘public Web’ or ‘crawlable Web’, is the part of the Internet that is public and viewable by everyone. This is the Internet that most people know and use. When a person uses a search engine such as Google, they are using the Open Web, unlike the Deep or Dark Web that require special tools and know-how to access and navigate.

            P

            p0f

            p0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications. It determines the operating system of the remote host by analyzing certain fields in the captured packets. Often used in Cyber Security to discover operating system types and identify forgotten resources still active on a network.


            Packet Capture (PCAP)

            Packet capture is the process of copying network traffic. The Field Effect network appliance can capture and analyze every packet of data that streams in and out of a client's network, enabling the identification of threats and vulnerabilities at the deepest network layer.


            Payment Card Industry Data Security Standard (PCI DSS)

            The Payment Card Industry Data Security Standard is an information security standard for organizations that handle branded credit cards from the major card schemes.  It is important for business to know what requirements an organization has to adhere and what data is required to demonstrate compliance to standards like PCI.


            Pharming

            An attack on a network infrastructure that results in a user being redirected to an illegitimate website despite the user having entered the correct address. Pharming can be conducted either by changing the hosts file on a victim's computer or by exploitation of a vulnerability in DNS server software.


            Phishing Attack

            A (spear) phishing attack is a form of social engineering performed by a malicious actor designed to entice a victim to click on a link, open a file or perform some other action that ultimately results in the comprise of their account or system.  The most common types of phishing attacks are delivered via email and are designed to trick a user into “logging in” to a site controlled by the attacker. 


            Point-To-Point Tunneling Protocol (PPTP)

            The Point-to-Point Tunneling Protocol (PPTP) is an obsolete method for implementing virtual private networks. PPTP has many well-known security issues.


            Precursor

            A sign that an attacker may be preparing to cause an incident.


            Privileged User

            A user that is authorized (and, therefore, trusted) to perform security-relevant functions that ordinary users are not authorized to perform.


            Process

            A process is a container for a set of resources used to execute a program 


            Profiling

            Measuring the characteristics of expected activity so that changes to it can be more easily identified.

            Q

            Quarantine

            A quarantine is a special storage area that contains objects potentially infected with viruses or malware.

            R

            Ransomware

            Ransomware is a type of malware designed to block access to a computer system until a sum of money is paid.  Ransomware commonly encrypts the files of a computer system using a key controlled by the attacker.


            Remote Administration Tools (RATs)

            Remote Administration Tools, such as TeamViewer and its many alternatives are regularly used by IT administrators and support staff to service workstations/servers or by remote employees to access internal corporate devices. However, these tools can also be subverted or installed by threat actors to remotely access internal corporate networks.  For this reason, Field Effect monitors for and alerts on the presence of these tools. It is important to standardize on one RAT to make management and security monitoring as effective as possible. 


            Remote Desktop Protocol (RDP)

            Remote Desktop Protocol (RDP) is a Microsoft protocol designed to facilitate application data transfer security and encryption between client users, devices and a virtual network server. It enables a remote user to add a graphical interface to the desktop of another computer.


            Rootkit

            A rootkit is an industry term used to describe a set of tools usually used by an attacker once initial access to a system is gained.  Like other malware, rootkits are used to maintain covert access, deploy other malware and control an infected system.

            S

            Safeguard

            It is a protection from harm or damage with an appropriate safety measure.


            Software-Defined Networking (SDN)

            Software-Defined Networking (SDN) is a network architecture approach that enables the network to be intelligently and centrally controlled, or ‘programmed,’ using software applications. This helps operators manage the entire network consistently and holistically, regardless of the underlying network technology


            Security Maturity

            The cybersecurity posture of an organization refers to an organizations overall readiness for a security incident and resilience to one.


            Sender Policy Framework (SPF)

            Sender Policy Framework is an email authentication technique designed to prevent forging sender email addresses during the delivery of email. An SPF record helps prevent spoofing of a domain by spammers and other threat actors and helps prevent email from being marked as spam by recipients. Field Effect will alert if one or more of your domains does not have a SPF record so appropriate steps to reduce the risk of being the victim of phishing scams and other attacks.  SPF compliments DKIM and DMARC as powerful ways to prevent domain spoofing.


            Sensitive Information

            The information that should be protected against unwarranted disclosure, therefore the access to sensitive information should be safeguarded.


            Sensor

            A component of the Field Effect Platform that monitors and analyzes network activity and may also perform prevention actions.


            Security Information and Event Management (SIEM)

            Security Information and Event Management, commonly called SIEM, is a software solution that aggregates and analyzes activity from many different resources across an entire IT infrastructure. SIEM collects security data from network devices, servers, domain controllers, and more. SIEM stores, normalizes, aggregates, and applies analytics to that data to discover trends, detect threats, and enable organizations to investigate any alerts.  SIEMs typically require expert users and significant effort to integrate into a network.


            Signature

            A recognizable, distinguishing pattern associated with an attack, such as a binary string in a virus or a particular set of keystrokes used to gain unauthorized access to the system.


            Server Message Block (SMB)

            Server Message Block Protocol (SMB protocol) is a client-server communication protocol used for sharing access to files, printers, serial ports and other resources on a network. Form a security point of view SMB is a protocol to manage well. It is frequently used by attackers once they gain access to a network to freely move within it.


            Simple Mail Transfer Protocol (SMTP)

            The Simple Mail Transfer Protocol (SMTP) is a communication protocol for electronic mail transmission.  Mail servers and other message transfer agents use SMTP to send and receive mail messages.


            Security Operations Center (SOC)

            A security operations center is a centralized unit that deals with security issues on an organizational and technical level.  The SOC is usually home to a SIEM and staffed by security and IT experts.


            Social Engineering

            Social Engineering is an attempt to trick someone into revealing information (e.g. a password) that can be used to attack computer systems or networks. Phishing attacks are the most common type of attacks leveraging social engineering techniques. Attackers use emails, social media, instant messaging, and SMS to fool victims into providing sensitive information or visiting a malicious website in an attempt to compromise their systems or accounts.


            Switch Port Analyzer (SPAN)

            The Switched Port Analyzer (SPAN) feature, sometimes called port mirroring or port monitoring, allows you to take a copy of network traffic as it passes through a network switch. You use it to send a copy of network packets seen on one switch port (or an entire VLAN) to another switch port.


            Secure Shell (SSH)

            SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.


            SSH Tunnel

            SSH tunneling is a method of transporting arbitrary networking data over an encrypted SSH connection. ... It also provides a way to secure the data traffic of any given application using port forwarding, basically tunneling any TCP/IP port over SSH.

            T

            Trivial File Transfer Protocol (TFTP)

            TFTP, or Trivial File Transfer Protocol, is a simple high-level protocol for transferring data servers use to boot diskless workstations, X-terminals, and routers by using User Data Protocol (UDP). ... TFTP was primarily designed to read or write files by using a remote server.


            Threat

            A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber-attacks include threats like computer viruses, data breaches, and Denial of Service (DoS) attacks.


            Threat Actor

            A group or individual who carries out cyberattacks. These include cybercriminals, advanced persistent threat groups, insider threats, and others.


            Threat Hunting

            Threat hunting is the proactive exploration and analysis of available security data, the goal of which is to discover new or otherwise hidden security threats.  Threat hunting is usually undertaken by experts with a deep knowledge of cyber security risks and vulnerabilities.  The Field Effect analytic team performs threat hunting continuously as part of the overall service.


            Threat Intelligence

            Threat intelligence is any useful information about cyber threats.  Indictors of Compromise or IOCs are the best and most common types of threat intelligence.  Threat intelligence is used by security analysts to inform monitoring and threat hunting.


            Threat Intelligence Report

            A report that describes in detail the TTPs, actors, types of systems and information being targeted and other threat-related information.


            Threat Surface

            A threat surface is the total set of vulnerable or attackable points on a network that an attacker can access.  For example, Internet-facing systems on a network represent an increase in the threat surface.  


            Traffic Light Protocol (TLP)

            The Traffic Light Protocol (TLP) was created in order to facilitate greater sharing of information. TLP is a set of designations used to ensure that sensitive information is shared with the appropriate audience. The CCTX TLP designations can be found here.


            Tool Configuration

            A recommendation for setting up and using tools that support the automated collection, exchange, processing, analysis, and use of threat information. Tool configuration is often a part of incident response as well as mitigative actions to reduce threat surfaces.


            Trojan

            As the name implies, a trojan is a form of malware that attempts to disguise its purpose. Remote Access Tools (RATs) are amongst the most common type of trojan. Trojans are frequently spread using social engineering techniques like spear phishing in which a trojan might be disguised as an email attachment designed to look like routine online form.  Trojans are frequently used to maintain access to compromised systems. Ransomware attacks are often carried out using a trojan.


            Tactics, Techniques And Procedures (TTPs)

            Tactics, Techniques and Procedures of cyber threats. ...  Methods, tools, and typical victims that describe a cyber threat or threat actor. Many APT's have well documented TTP's associated with them.


            Typosquat Domain

            A Typosquat Domain is a domain that has been registered that is very similar to the domain of an organization. Attackers and other threat actors frequently register domain names very close to those of their intended victims for use in social engineering attacks in the hope that users will not notice the subtle difference when clicking links or visiting websites. For example, an attacker could register fieldeffects.com as a typosquat of the proper corporate domain fieldeffect.com for use in spear phishing. Field Effect detects and alerts if similar domains recently registered so that steps can be taken to prevent spear phishing of users.  This attack technique is sometimes known as Domain Twisting.

            U

            Unified Threat Management (UTM)

            Unified threat management (UTM) provides multiple security features and services in a single device or service on the network, protecting users from security threats in a simplified way. UTM includes functions such as anti-virus, anti-spam, content filtering, and web filtering.

            V

            Virus

            A virus is a type of malware that commonly replicates itself when executed, by modifying and inserting its code into an existing program. When this replication occurs, the affected area of the computer is then said to be "infected". Threat actors use security vulnerabilities in software to initially infect systems and spread the virus. During this process, viruses can cause irreparable harm to your business, such as stealing information, corrupting and modifying files, encrypting data, and taking control of computer systems. Field Effect uses advanced analytic techniques such as Heuristic Analysis and Indicators-of-Compromise (IoCs) to detect viruses that have infected your network so that you can respond to these threats immediately. Field Effect also notifies you of vulnerabilities within your network, so that you can prevent viruses from infecting your environment in the first place.


            Virtual Private Network (VPN)

            A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running on an end system (PC, smartphone etc.) across a VPN may therefore benefit from the functionality, security, and management of the private network. Typically data is encrypted for security purposes.


            Vulnerability

            A weakness in a system, application, or network that is subject to exploitation or misuse.

            W

            Watering Hole Attack

            A type of attack wherein the attacker infects websites that are frequently visited by members of the group being targeted, with a goal of infecting a visitors computer with malware or stealing their credentials.


            Worms

            A worm is a standalone malicious program that replicates itself to spread to other computers. Worms frequently take advantage of vulnerabilities in networked devices in order to spread. For example, SMB v1, and similarly vulnerable network protocols often give worms the ability to identify other systems on the network that they can move to.   While their purposes vary, worms almost always cause harm or major disruption to your network by consuming bandwidth, increasing network traffic, and degrading system performance.

            Z

            Zero-day

            A zero-day (also known as 0-day) is a vulnerability, usually in software, that is unknown to a software vendor and therefore unaddressed.  Zero-days are frequently discovered by security researchers and may be reported to vendors via bug bounty programs.  However, zero-days are also used by hackers to gain access to systems before vendors have a chance to patch the vulnerability.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0