On November 12, 2016, Mustafa Ali CAN, a successful player of “Pi Hediyem Var,” contacted me after receiving an alert from his antivirus software while visiting a government website. In our correspondence, he mentioned that the antivirus had identified a malicious JavaScript code on the site, labeling it as JS/Kryptic.I. As a cybersecurity expert aware […]
I recently encountered an intriguing campaign that uses fake websites to distribute malware. While this technique (TTP) is not new, it appears to be increasing in frequency. From my own observations, I’ve noticed this happening more often in 2023 compared to previous years. Though it’s hard to quantify without in-depth research, it’s something that other […]
A “dead drop” is a well-known espionage tactic of passing items or information between two parties using secret locations. The two parties never meet and any sign of communication is concealed. This tactic is commonly used by intelligence officers to interact with their assets in the field to avoid any suspicious meetings or either caught […]
Background A point of sale (POS) system refers to the critical piece of software used by customers to execute a payment for goods or a service. This also includes the physical devices in stores, where POS terminals and systems are used to process card payments. These are often the primary targets of financially motivated organised […]
JavaScript is a programming language commonly used in web browsers. Due to its use in web browsers, it is often employed by security researchers and malicious actors to identify and exploit security vulnerabilities in browsers (e.g., the Aurora Operation). Additionally, JavaScript is also used by exploit kits to gain control over target systems and deliver […]
