Apr 24, 2017

How Companies Are Hacked via Malicious Javascript Code?

JavaScript is dangerous. Maybe you’ve heard this sentence several times before. Actually, being dangerous or not dangerous is true under different circumstances. JavaScript can be dangerous if the proper precautions aren’t taken. It can be used to view or steal personal data even you don’t realize what’s going on. And since JavaScript is so ubiquitous across the web, we’re all vulnerable.
JavaScript is good for the most part, but it just happens to be so flexible and so powerful that keeping it under control can be difficult. It all end up with how JavaScript actually works.

Apr 17, 2017

Deep Web and Black Market

WHAT IS DEEP WEB ?

The deep web, invisible web, or hidden web are parts of the World Wide Web whose contents are not indexed by standard search engines for any reason. The opposite term to the deep web is the surface web.
What is inside the deep web? Let's take a look at the figure below.

Apr 11, 2017

What is the biggest threat of stolen accounts?

There are more than 4 billion hacked emails/passwords available on the internet and underground forums. So, how attackers use hacked emails & passwords for malicious purposes?
NormShield searches the internet from many sources for whether there is leaked e-mail of your employees or not.
In the simplest form, email list of employees can be used for phishing attack or to brute-force to login forms. The phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card number, social security number, or bank account credentials, that the legitimate organization already has. This type of attack can reveal information about employees which have little awareness. The disclosed information may be personal information or may be information which has high importance for the company. These types of attacks are widely used today.

Apr 3, 2017

Domain Shadowing

What is Domain Shadowing?
C:\Users\FST-NS\AppData\Local\Microsoft\Windows\INetCacheContent.Word\domain-management-services.jpgThe concept of domain shadowing has first appeared in 2011, and domain shadowing attack is defined as the creating new subdomains to intervene in traffic flow by attackers.
Domain shadowing is the process of creating subdomains by domain owners using credentials. Subdomains are created for legitimate domains. For cyber criminals, domain shadowing is creating  thousands of subdomains by generally capturing user information with phishing.
The number of uniquely produced domains may be almost unlimited, because many users have multiple domains. Thus, it’s shown as a way to prevent classical detection methods like IP or websites blocking.
C:\Users\FST-NS\AppData\Local\Microsoft\Windows\INetCacheContent.Word\godaddy-accounts-compromised.jpgAnother IP blocking and blacklist detection escape method is fast-flux. This technique quickly converts a domain or DNS entry to a wide IP address list. When domain shadowing is utilized, subdomains associated with a single domain are rotated.
Based on recent data, one-third of the perceived 10,000 fake subdomains were linked to GoDaddy. This indicates that GoDaddy users are at risk.

Mar 27, 2017

How Companies are Hacked via Basic CMS Vulnerabilities


What is CMS?


CMS (Content Management Systems) is a computer application that supports the creation and modification of digital content [1]. Basically, we use it for website management and preparation. Over time, many organizations have developed their own custom CMS software. With the increase of these software, in 1995, CNET developed the idea that the market of this system could be established by agreement with Vignette in order to develop its own CMS system. In the process, the concept of Content Management System has become a sector and has continued to thrive[1][2].


Content Management System (CMS) is a valid umbrella definition for all of the systems that covers all systems where dynamic content management is a requirement. Moreover, there are many open source or commercial tools implemented that can be classified as CMSs. Some of the popular CMS applications can be listed as; WordPress, Joomla, Drupal, Magento, PHP Nuke, Post Nuke, Mambo Server, DCP portal, Xoops etc [3]. These applications have different characteristics within themselves. For example, WordPress uses the PHP programming language while DotNetNuke uses .NET technology.

Mar 20, 2017

Machine Learning in Cyber Security Domain - 9: Botnet Detection

Botnet means an organized automated army of zombies which can be used for creating a DDoS attack as well as spammy actions of flooding any inbox or spreading the viruses. Actually, this army consists of a large number of computers. Attackers use this army for malicious purposes and generally, zombies are not even aware of that they are used for malicious purposes.

Zombies have been used extensively to send spam mail; as of 2005, an estimated 50–80% of all spam was sent by zombie computers worldwide. This allows spammers to avoid detection and presumably reduces their bandwidth costs since the owners of zombies pay for their own bandwidth. General structure about botnet attacks is given below.

Mar 13, 2017

Machine Learning in Cyber Security Domain - 8: Spam Filter

Spam mail (also known as Junk Mail) is a type of electronic spam where unsolicited messages are sent by email. Many email spam messages are generated for commercial purpose in general but it may also contain malicious content which looks like a popular website, but in fact, it may be a phishing attack. Malicious content may include malware, scripts or executable file attachments. Actually, when the user recognizes a spam mail, he/she can add that mail source to a blacklist easily, but some emails are created professionally and most of the time it can't be recognized easily as spam for standard users. For this case, every mail service producer uses spam filter applications which are developed with machine learning techniques. One of the most commonly known algorithm for spam detection is Naive Bayes algorithm which is based on statistical approach. In this section, we will explain how Naive Bayes algorithms works.