In today’s digitally-driven era, everything is online, and the world is becoming more virtual by the day. Consequently, this domain has its own set of threats. Every organisation’s assets consist of various systems, each requiring a robust cybersecurity posture that demands coordinated efforts.
There are approximately 5.3 billion internet users globally, providing cybercriminals with a vast platform to showcase their malicious skills. To protect oneself from these nefarious actors, it’s essential to have at least a basic understanding of cybersecurity.
In the following article, we will explore some key terminology frequently used in the cybersecurity domain.
Vulnerability
A vulnerability refers to a weak point or loophole in a system, often exploited by cybercriminals to gain unauthorised access to data. The International Organisation for Standardisation (ISO) defines a security vulnerability as the weakness of an asset or group of assets that can be exploited by one or more cyber threats. An asset encompasses anything valuable to the organisation, its business operations, and their continuity, including information resources supporting the organisation’s mission.
Heap Buffer Overflow
Imagine a computer’s memory, used for software development, as a storage area known as the “heap.” This heap contains various memory segments where dynamic variables are stored and managed by modern software systems. These systems allocate, handle, and release data and variables by referencing specific portions of this memory pool.
However, there are situations where data passed through these software elements can exceed the boundaries of the assigned memory blocks, resulting in a “heap overflow.” Attackers can exploit this vulnerability to potentially execute arbitrary code. For instance, they might trick a user into visiting a specially crafted HTML page in a web browser like Chrome.
Malicious actors can use heap-based overflows to manipulate pointers or object metadata in memory, redirecting them to execute the attacker’s code. In essence, heap overflow vulnerabilities can be leveraged to compromise a system’s security and gain unauthorised access to critical data.
Zero-Day Attacks
A “zero-day” refers to newly discovered security vulnerabilities that hackers can exploit to attack computer systems. This term signifies that the software vendor or developer has just become aware of the flaw, leaving them “zero days” to fix it before it can be used against them. When hackers exploit such a vulnerability before developers can patch it, it’s called a “zero-day attack.” In simpler terms, it’s a race between hackers and developers to address a new security hole.
N-Day
In cybersecurity, an “n-day” vulnerability or attack denotes a security flaw known to malicious actors but not yet patched by the software or system’s developers. The “n” in “n-day” represents a variable, indicating the number of days since the vulnerability’s discovery.
These foundational terms in the cybersecurity realm serve as crucial building blocks for understanding and addressing digital risks in this ever-evolving digital era.
