IOTExploit vulnerabilitiesin internet-connecteddevices, such assmart POS, Lighting,and Securitysystems, to launchdenial-of-serviceattacksAccountCompromisea socialengineeringtactic where theattacker posesas a trustworthyexecutiveXSSattacksCross-site scripting,the attackertransmits maliciousscripts usingclickable contentthat gets sent to thetarget's browserDNSTunnelingUtilizes theDNS protocol tocommunicatenon-DNS trafficover port 53Ransomwaresystem is heldhostage untilthey agree topay a ransomto the attacker.PasswordAttackThis type of attackis aimedspecifically atobtaining a user'spassword or anaccount'spassword.SpearPhishingThreat actorsuse a deepknowledge ofthe potentialvictims to targetthemAdwareA type of malwarethat displaysunwanted ads onend-user devicesto generaterevenue fromadvertisers.SpoofingAn attacker takesadvantage of thefact that the userthinks the sitethey are visitingis legitimateInsiderThreatCaused by theactions ofemployees, formeremployees,businesscontractors, orassociatesKeyloggerA type of malicioussoftware designedto track everykeystroke andreport it back to ahacker.CredentialExploitationSingle factorauthenticationleaves the doorwide open toattackers planningon performingprivilege escalation.SocialEngineeringRelies onmanipulating peopleinto violating securityprocedures anddivulging sensitive orpersonal informationMalwareWide range ofsoftware programsdesigned toinfiltrate, damage,or gainunauthorizedaccessBruteForceAttempting variouscombinations toguess passwords,credentials, andencryption keysWhalingA type of phishingattack that alsoleverages personalcommunication togain access to auser's device orpersonal informationExploitsA software tooldesigned totake advantageof a flaw in acomputersystemAccounthijackingThe attackertakes over asessionbetween aclient and theserver.Man intheMiddleA hacker orcompromisedsystem sits inbetween twouncompromisedpeople or systemsBotnetA network ofinfected devicesthat can becontrolled by anattacker to performmalicious activitiesBirthdayattackAn attackerabuses a securityfeature: hashalgorithms, whichare used to verifythe authenticity ofmessages.RogueDeviceThis type ofattack exists onthe network asan unmanageddeviceSQLInjectionOccurs whenan attackerinsertsmalicious codeinto a serverthat uses SQLDDoSAttackInvolves the use ofnumerouscompromisedcomputer systemsor mobile devicesto target a serverIOTExploit vulnerabilitiesin internet-connecteddevices, such assmart POS, Lighting,and Securitysystems, to launchdenial-of-serviceattacksAccountCompromisea socialengineeringtactic where theattacker posesas a trustworthyexecutiveXSSattacksCross-site scripting,the attackertransmits maliciousscripts usingclickable contentthat gets sent to thetarget's browserDNSTunnelingUtilizes theDNS protocol tocommunicatenon-DNS trafficover port 53Ransomwaresystem is heldhostage untilthey agree topay a ransomto the attacker.PasswordAttackThis type of attackis aimedspecifically atobtaining a user'spassword or anaccount'spassword.SpearPhishingThreat actorsuse a deepknowledge ofthe potentialvictims to targetthemAdwareA type of malwarethat displaysunwanted ads onend-user devicesto generaterevenue fromadvertisers.SpoofingAn attacker takesadvantage of thefact that the userthinks the sitethey are visitingis legitimateInsiderThreatCaused by theactions ofemployees, formeremployees,businesscontractors, orassociatesKeyloggerA type of malicioussoftware designedto track everykeystroke andreport it back to ahacker.CredentialExploitationSingle factorauthenticationleaves the doorwide open toattackers planningon performingprivilege escalation.SocialEngineeringRelies onmanipulating peopleinto violating securityprocedures anddivulging sensitive orpersonal informationMalwareWide range ofsoftware programsdesigned toinfiltrate, damage,or gainunauthorizedaccessBruteForceAttempting variouscombinations toguess passwords,credentials, andencryption keysWhalingA type of phishingattack that alsoleverages personalcommunication togain access to auser's device orpersonal informationExploitsA software tooldesigned totake advantageof a flaw in acomputersystemAccounthijackingThe attackertakes over asessionbetween aclient and theserver.Man intheMiddleA hacker orcompromisedsystem sits inbetween twouncompromisedpeople or systemsBotnetA network ofinfected devicesthat can becontrolled by anattacker to performmalicious activitiesBirthdayattackAn attackerabuses a securityfeature: hashalgorithms, whichare used to verifythe authenticity ofmessages.RogueDeviceThis type ofattack exists onthe network asan unmanageddeviceSQLInjectionOccurs whenan attackerinsertsmalicious codeinto a serverthat uses SQLDDoSAttackInvolves the use ofnumerouscompromisedcomputer systemsor mobile devicesto target a server

Security Bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
  1. Exploit vulnerabilities in internet-connected devices, such as smart POS, Lighting, and Security systems, to launch denial-of-service attacks
    IOT
  2. a social engineering tactic where the attacker poses as a trustworthy executive
    Account Compromise
  3. Cross-site scripting, the attacker transmits malicious scripts using clickable content that gets sent to the target's browser
    XSS attacks
  4. Utilizes the DNS protocol to communicate non-DNS traffic over port 53
    DNS Tunneling
  5. system is held hostage until they agree to pay a ransom to the attacker.
    Ransomware
  6. This type of attack is aimed specifically at obtaining a user's password or an account's password.
    Password Attack
  7. Threat actors use a deep knowledge of the potential victims to target them
    Spear Phishing
  8. A type of malware that displays unwanted ads on end-user devices to generate revenue from advertisers.
    Adware
  9. An attacker takes advantage of the fact that the user thinks the site they are visiting is legitimate
    Spoofing
  10. Caused by the actions of employees, former employees, business contractors, or associates
    Insider Threat
  11. A type of malicious software designed to track every keystroke and report it back to a hacker.
    Keylogger
  12. Single factor authentication leaves the door wide open to attackers planning on performing privilege escalation.
    Credential Exploitation
  13. Relies on manipulating people into violating security procedures and divulging sensitive or personal information
    Social Engineering
  14. Wide range of software programs designed to infiltrate, damage, or gain unauthorized access
    Malware
  15. Attempting various combinations to guess passwords, credentials, and encryption keys
    Brute Force
  16. A type of phishing attack that also leverages personal communication to gain access to a user's device or personal information
    Whaling
  17. A software tool designed to take advantage of a flaw in a computer system
    Exploits
  18. The attacker takes over a session between a client and the server.
    Account hijacking
  19. A hacker or compromised system sits in between two uncompromised people or systems
    Man in the Middle
  20. A network of infected devices that can be controlled by an attacker to perform malicious activities
    Botnet
  21. An attacker abuses a security feature: hash algorithms, which are used to verify the authenticity of messages.
    Birthday attack
  22. This type of attack exists on the network as an unmanaged device
    Rogue Device
  23. Occurs when an attacker inserts malicious code into a server that uses SQL
    SQL Injection
  24. Involves the use of numerous compromised computer systems or mobile devices to target a server
    DDoS Attack