An abandoned session occurs when a user does not log out of an online service properly, leaving it open. This poses a security risk because others can access the user's data. To reduce this risk, users should always log out, especially after using public devices. Many services automatically log users out when they are inactive.
Glossary
Application access rights control the permissions that determine which resources and data an application can access on a user's device. These privileges can include access to the camera, microphone, contacts or location data.
If an application requests unnecessary or excessive privileges, it may increase the risk of personal data leakage or malicious use. It is advisable to regularly check and update the permissions requested by applications and only grant those permissions that are really necessary for the application to work.
This software displays intrusive advertisements on the user's computer that can interfere with the browsing experience and also pose a security risk. It is usually bundled with free applications or installed as part of software downloaded from suspicious sources, often without the user's awareness. Some adware may behave aggressively, for example, redirecting the browser to suspicious sites or changing browser settings.
A program that prevents other malicious programs from entering a computer or a network for the purpose of unauthorized data collection or other malicious purposes.
An APT (Advanced Persistent Threat) is a long-term and targeted cyber threat where attackers continuously try to access and collect data (such as political or military information) from a specific target's system. APT attacks are usually well-planned, covert and consist of several phases, starting with system intrusion and ending with long-term exploitation of the data.
The process of verifying that an entity (e.g. a user) is who they say they are. Authentication allows systems to be kept secure by ensuring that only authenticated users or processes can access them. There are several authentication methods. For general users, one of the most common is a username-password combination called single-factor authentication, but nowadays more and more services use two-factor authentication, which requires additional information (e.g. code sent via SMS) for authentication. Authentication precedes authorisation.
The process of assigning process or access rights to an identified user or device. During authorisation, the appropriate permissions are continuously checked. For computer systems, administrators can specify in detail what a particular user can access and at what level, and also what actions they can perform. Logically, authorization comes after authentication.
A type of malware, usually invisible to the user, which, once installed, gives access to the computer to an unauthorised remote party. An attacker can then take full control of the computer, download data, make copies, etc. without the user's permission.
A bot is a program that executes automatisms, either autonomously or based on remote commands. It is often used for malicious purposes. They can often be part of botnets.
Bots can check the backend of computers, looking for confidential information. They often run in the background, without the user's knowledge, using the device's resources for malicious purposes.
A hacked network of IT devices controlled by a 3rd party (hacker) and used to cause damage. The most common forms of malicious activity are: sending bulk spam, launching Denial of Service (DoS) attacks, phishing, etc. Botnets are often rented out by cybercriminals for various purposes.
The browser cache temporarily stores the content of web pages to make them load faster. However, it can pose cybersecurity risks, as unauthorised persons can access sensitive data stored there, such as login information. In addition, the cache can be manipulated, allowing malicious scripts to be placed in it.
To increase security, it is a good idea to clear the cache regularly, especially if you share a computer, and to use private browsing mode, which does not store data. Updating browsers and security software is also essential to minimise risks.
A login, password, or encryption key hacking method where attackers go through all possible combinations hoping to guess correctly. A relatively old attack method, but still effective and popular with hackers. Depending on the length and complexity of the password, cracking it can take anywhere from a few seconds to years.
Call-based fraud is a cybersecurity attack in which fraudsters attempt to obtain personal information or money over the phone. Attackers often pose as bank employees or other trusted individuals to gain the trust of the targeted individuals and trick them into providing sensitive information, such as bank details or passwords.
Click fraud is the artificial generation of clicks on internet advertisements to increase advertising revenue, hinder business competitors or collect data. It is usually carried out by automated bots pretending to be genuine enquirers.
Clickjacking is an attack where the user clicks on a seemingly harmless element without noticing, meanwhile, another hidden malicious element is activated. Attackers may place hidden buttons or links on a camouflaged interface that manipulates user interaction, for example, to perform financial transactions or change settings.
Pieces of data that are stored on your computer or, more specifically, in your browser software (Google Chrome, Mozilla Firefox, Microsoft Edge, etc.) by the websites you visit. Cookies allow you, for example, to return to a webshop page and see the product you viewed on your last visit first, or to keep products you have previously added to your shopping cart. They help websites to provide a personalised experience. Cookies are essential for the convenient functioning of the internet, but they can also be a source of security concerns, most notably in the case of 3rd party cookies (notably zombie cookies, of which multiple copies are stored in the browser and therefore "resurrect" even after deletion), which are used by marketers to track users' activity.
Credential stuffing is an attack where attackers use stolen, leaked usernames and passwords to attempt to mass login to various websites and applications using automated tools. As many users use the same credentials for multiple services, attackers exploit this practice to gain access to other accounts.
CSRF (Cross-Site Request Forgery) is an attack technique in which an attacker tries to trick a user into performing unwanted actions in a web application where the user is already logged in. (For example, if a user is logged in to his bank account and visits a malicious website in another browser window, the attacker can initiate a money transfer on behalf of the victim without the user's knowledge.)
A DDoS (Distributed Denial of Service) attack is an attack that aims to overload an online service, website or server with a large number of simultaneous false requests. Attackers use multiple computers, often botnets, to flood the target, making it inaccessible to users.
A DoS (denial of service) is a cybersecurity attack in which an attacker intentionally floods the resources of a service or network to prevent access or access to the service by real users. DoS attacks are often designed to overload servers, networks or websites, resulting in their response time being slowed or even eliminated.
A dictionary attack is a password-cracking technique in which an attacker attempts to use commonly used passwords or words to hack into a user account. Attackers use a pre-compiled dictionary of words, phrases or lists of passwords to quickly and efficiently attempt to guess the password. This method is particularly effective when users use simple, common or dictionary words as passwords.
A digital identity is a set of electronic information that identifies a person in the online space. This can be, for example, a username or an email address as a means of identification, or a password, biometric identification, etc. as a means of authentication.
A digital signature is a cryptographic method that ensures the authenticity and integrity of electronic documents. It is widely used to authenticate contracts, financial transactions and other legal documents, helping to reduce paper-based processes and increase the speed and security of online transactions.
DKIM (Domain Keys Identified Mail) is an e-mail authentication method that allows the recipient to verify that the e-mail is from the domain indicated. The sending server digitally signs the mail when it is sent, ensuring that the content of the email has not been altered en route and that it is from the sender. This helps reduce the risk of email spoofing and spam.
A domain name is a unique, easily remembered address used to access websites, such as "cert.hu" or "google.com". Users can connect to websites using domain names through the DNS system.
The DNS system is basically the internet's "phone book", a database in which domain names are assigned to IP addresses. It is a distributed system, i.e. there is not a single DNS database, but countless DNS servers around the world, which are in a hierarchical relationship and are able to communicate with each other. Its primary task is to translate a domain name that humans can understand into an IP address that network devices can understand, or vice versa (reverse DNS), so that a given resource can be found on the network.
A drive-by download is an attack where malicious software is automatically downloaded and installed on the user's computer without the user being aware of it. This usually occurs on compromised websites where attackers exploit browser vulnerabilities. To protect yourself, you should regularly update your browsers and security software and avoid untrusted websites.
Email spoofing is a technique in which an attacker fakes the sender's email address to make the message appear to come from a trusted source. This method is often used in an attempt to steal personal information or distribute malware. To detect and avoid these types of attacks, it is important to check suspicious emails carefully..
The internal structure of an email consists of three main parts: the headers, the body and the attachments. The headers include the sender, the recipient, the subject and the timestamp, among others. Examining the headers can be important for spam filtering and phishing protection, as they help to determine whether the message is genuine. Most email clients provide the option to view the full header, which can be a useful tool in fraud prevention.
End-to-end encryption (E2EE) is an encryption method that ensures that messages can only be read by the parties involved in the communication. The messages are encrypted from the moment they are sent and are decrypted only on the recipient's device, so that even service providers cannot access their contents.
Ethical hacking, also known as white hat hacking, is a practice where experts (ethical hackers) deliberately try to find vulnerabilities in a system to fix them before they can be exploited by malicious attackers. Ethical hackers are licensed and work to improve the security of systems.
A network security system that prevents unauthorised access to a computer via the network (e.g. the internet). Programs/devices that monitor and filter network traffic according to specified rules, blocking anything deemed harmful.
An IT security tool connected to a network that mimics likely targets of cyber attacks (e.g. vulnerable networks) in order to attract attempted attacks. When cybercriminals gain access to these 'decoy' systems, security professionals can gather information about the method of intrusion, the purpose of the intrusion and the perpetrators, which helps to thwart attack attempts on real targets.
Any computer (personal computer, workstation, mainframe computer) or other device connected to a network.
A secure version of HTTP (Hypertext Transfer Protocol), which is the primary protocol used for transferring data between a web browser and a website. HTTPS (S = Secure) is encrypted to increase the security of data transfers. This is particularly important when users are transferring sensitive data, such as when entering credit card details when shopping online or logging into an email service or other online services.
IMAP (Internet Message Access Protocol) is a standard e-mail retrieval protocol. It stores email messages on a mail server, allowing you to access your email from anywhere and on any device.
IMAP proxy is a middleware that sits between IMAP clients and email servers. It optimizes email traffic by caching data, reducing server load and improving response times. It also hides the server's IP address, encrypts traffic and provides a security layer, filters traffic and helps identify suspicious activity.
An IP (Internet Protocol) address is a unique numeric identifier for devices connected to the Internet, which allows them to be found on the network. Every computer connected to the Internet has an IP address, but one address can be associated with several devices (e.g. NAT or proxy) and one device can have several addresses (e.g. to identify different network devices on a computer). The IP address is usually assigned by the Internet Service Provider (ISP) and can be static or dynamic. A distinction is made between IPv4 (earlier system, a series of numbers separated by 4 dots) and IPv6 (later system, a series of numbers in hexadecimal format, divided into eight groups of four, separated by a colon).
The keylogger virus is a malicious program that records the user's keystrokes. This data allows attackers to access sensitive information such as passwords, usernames and credit card details. They run hidden in the background so, the user is often unaware of their presence. They can spread in various ways: as attachments to emails, as fake software or by exploiting vulnerable systems.
Malicious browser extensions are malicious add-ons that install themselves in the user's browser to collect data, spy on the user or perform other harmful actions. These extensions often gain unauthorized access to a user's browsing history, passwords and other personal information.
They are often distributed for free or in the form of attractive offers, and users may not even suspect that the extension is harmful. It is advisable to download extensions only from trusted sources, read the reviews, and regularly check and remove unused or suspicious extensions from the browser.
Unsolicited e-mail (spam) that contains links or attachments to malicious content, such as viruses or malicious programs.
Any malicious software that is intentionally designed to steal data or damage computers or entire systems. Examples include viruses, Trojans, ransomware, etc.
A Man-in-the-Middle (MitM) attack is a cybersecurity threat where an attacker intrudes undetected into communications between two parties. This allows the attacker to access and modify transmitted data or even steal sensitive information while the communicating parties believe they are in secure communication.
A one-time password is a temporary, single-use password used to increase security during online transactions and logins. OTPs are delivered via SMS, email or apps and reduce the risk of misuse associated with traditional passwords.
A password manager software tool securely stores and manages users' passwords. These applications allow users to create and store strong, unique passwords without having to remember them. Password managers encrypt passwords and protect them with a master password, so users only need to remember one password.
PGP (Pretty Good Privacy) is an encryption program used for secure data transmission and storage, mainly to protect email messages. It uses two-key cryptography, where the public key encrypts and the private key decrypts (not to be shared with anyone). PGP also allows digital signatures, which authenticate the sender and prevent messages from being forged. It is widely used to encrypt personal and business communications, as well as files and hard drives.
The deceptive practice of fraudsters posing as a known organisation, company or other trusted source in an attempt to obtain personal information (e.g. user IDs, passwords, credit cards, etc.) from others via websites, emails or other messages.
POP3 (Post Office Protocol Version 3) is a standard e-mail retrieval protocol. It works by downloading emails from a server to a single computer and then deleting them from the server. The downloaded emails will then only be accessible from that device. If you wish to access the emails from another device, the previously downloaded emails will not be available.
Private (incognito) browsing mode is a feature that allows you to visit websites without the browser saving any information about the pages you visit, such as cookies, cache files or browsing history. This mode helps to keep the user's privacy and reduces the online traces left behind. It can be useful when you are conducting sensitive searches, such as online shopping or banking transactions, and want to minimise the traces of personal data.
This malicious software installs itself on the user's computer or network and encrypts or locks sensitive files. The attacker demands a ransom from the user to recover the files or system, setting a time limit. The softwares may enter via suspicious email attachments or downloaded files, or by exploiting vulnerabilities.
Rootkits are programs that run in the background and can cause damage to your computer without you noticing. These programs are usually hidden behind some system application or process, so they do not appear to change the way it works. Rootkits are capable of transmitting various data to external parties or even creating a backdoor that allows the attacker to freely enter and exit the victim's machine.
S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for encrypting and digitally signing email messages to ensure the security and authenticity of communications. It encrypts the content of the email so that only the recipient can decrypt it, and authenticates messages with a digital signature, preserving their integrity.
It is supported by most modern email clients and is widely used for business and personal purposes to ensure a high level of privacy.
Session Fixation is an attack in which the attacker passes a predefined session ID to the victim, for example through a malicious link or other manipulation technique. When the user logs into the application with this session ID, the attacker is already identified in the application as if he were the user. As a result, the attacker may gain unauthorized access to the victim's account and sensitive data without the user's knowledge.
In session hijacking, attackers steal session IDs to gain access to a user's active session. This allows attackers to identify themselves as the user and gain access to his or her account or sensitive data. Such attacks are usually carried out by monitoring network traffic or cookies, or by malicious software.
Phishing via SMS.
Social engineering is a manipulation technique that targets people to obtain sensitive information. Attackers use psychological tricks, such as disguising themselves as fake persons or emergencies, to trick victims into sharing passwords or personal information.
This software secretly collects sensitive information about the user's computer or device, such as browsing habits, passwords or banking details. It is usually installed without the user's knowledge, often together with other applications or software downloaded from suspicious sources. They can also often display advertisements, collect data on user behaviour or even take control of the computer.
A stolen session is a security risk where an attacker obtains the user's active session and takes control of it. The attacker can then gain unauthorised access to the user's personal data and perform actions on their behalf, such as making purchases or viewing sensitive information. There are several complex methods of session theft, some of which rely on user negligence and others on flaws in IT systems.
A Trojan is malicious software that disguises itself as a harmless program, but while performing its functions, it secretly causes damage or steals sensitive information. Trojans are usually spread in a stealth fashion, often through email attachments or fake websites. It can perform a variety of malicious activities, such as stealing data, system crashes, or even open backdoors.
A user identification method that requires two forms of identification to access resources and data. In addition to the usual username and password pair, some additional information is required to verify that the user is indeed the one trying to access the resource. This could be a fingerprint, a one-time use code sent by email or SMS, a USB or NFC key, etc. It is an additional layer of protection for user accounts, preventing unauthorised access in case of password leakage.
Typosquatting is a technique where attackers register domain names that rely on typos or misspellings in the name of a popular website. For example, if a website is named "example.com", attackers could register the domain names "exmple.com" or "exaple.com". If users mistakenly navigate to these domain names, attackers could use fake websites to collect data or distribute malware.
URL spoofing is a technique in which attackers create fake web addresses that trick users into entering sensitive information on a spoofed page. URLs that differ by only one character are common and are not always noticed by users. The aim is to trick users into entering, for example, banking or login details on a seemingly trustworthy but fraudulent website.
A computer program that can copy itself and infect a computer without the user's permission or knowledge.
Short for virtual private network. It provides a secure connection to the internet through a private channel. The VPN encrypts the user's data and hides their IP address.t.
A cyber security attack in which an attacker makes unauthorised changes to the content of a website. These attacks usually result in changes that are visible to visitors to the website, such as changing the address of the page, adding news or messages, or even replacing the entire content of the page. Attackers often exploit vulnerabilities such as weak passwords, poorly updated software or security flaws in the content management systems of websites.
This software can reproduce and spread itself through computers and networks, exploiting their vulnerabilities and lack of security settings. No user interaction is required to spread it after infection. It can cause data loss, system crashes, network performance slowdowns, and even connect to botnets.
XSS (Cross-Site Scripting) is a web application vulnerability that allows attackers to inject malicious code into a web page that is executed by a user's browser. In XSS attacks, attackers often insert JavaScript code into the content of a web page that is running on the user's machine, allowing, for example, the theft of user data or manipulation of the user's session.