hp-security-research-cyber-risk-report-pdf-2-w-1408

HP Security Research | Cyber Risk Report 2015Learn more athp.com/go/hpsrTrack 1 and 2 dataTrack 1 and track 2 data are stored on the magnetic strip on the back of a credit card. The stripincludes the account number associated with the card, its expiration date, and additional detailsthat determine how and which transactions will be processed.TrojanMalicious software that, unlike worms or viruses, is unable to spread of its own accord. Thereare many different types of Trojans that are used in conjunction with other types of malware inorder to perpetrate computer crime. One of the most notorious types is a remote access Trojan(RAT) that can be used by a remote attacker to access and control a victim’s computer.Use-after-freeA use-after-free vulnerability can occur when memory is allocated to an object that is usedafter it is deleted (or deallocated). Good programming practice dictates that any referencepointing to an object should be modified when the memory is deallocated, to keep the pointerfrom continuing to make the area of memory where the object once resided available for use.(A pointer in this abandoned condition is broadly called a “dangling pointer.”) If the pointer isn’tmodified and tries to access that area of memory, the system can become unstable or corrupt.Attackers can use a dereferenced pointer in a variety of ways, including execution of maliciouscode.VulnerabilityDefects or bugs that allow for external influence on the availability, reliability, confidentiality,or integrity of software or hardware. Vulnerabilities can be exploited to subvert the originalfunction of the targeted technology.WormA self-contained malicious program that is able to spread of its own accord. The classification“worm” is only used to describe the ability to spread without a host file (as may be the case withcomputer viruses) and worms contain many different and varied payloads beyond spreadingfrom host system to host system.WSDLWeb Services Description Language; an XML-based interface definition language used todescribe the functionality offered by a Web service.Zbot: See Zeus.Zero dayA previously unknown vulnerability for which no patch from the vendor currently exists. It isreferred to as a zero day because the vendor has had zero days to fix the issue.ZeusA family of malware that targets the Windows operating system. It is used primarily to stealbanking information, but has also been used to install the CryptoLocker ransomware. Also seeGameover Zeus.Sign up for updateshp.com/go/getupdated© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The onlywarranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing hereinshould be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.Microsoft, Windows, Excel, PowerPoint, Outlook, and Internet Explorer are U.S. registered trademarks of the Microsoft Corporation.Adobe and Acrobat are trademarks of Adobe Systems Incorporated.Oracle and Java are registered trademarks of Oracle and/or its affiliates.Google is a trademark of Google Inc.Bluetooth is a trademark owned by its proprietor and used by Hewlett-Packard Company under license.UNIX is a registered trademark of The Open Group.All other names and trademarks are names and trademarks of their respective companies.4AA5-0858ENW, February 2015, Rev. 1