Zero-Day Attacks- How Safe Are You?

This is a guest post by Meenakshi Nagri.
In the past couple of years, there has been a rise in cyber-attacks which has eventually pushed for more reliable and better security capabilities such as protection, code security, encryption, authorization, so on and so forth. Moreover, it is imperative to protect global business and critical infrastructure from such cyber-attacks.

An average user or even a web-savvy user has a little knowledge about which application has better security standards. It is imperative to evaluate the safety of applications. There are some security protocols which should be maintained without deviating from the end goal.
Zero Day Cyber Attack
Both organisations and individuals should strive to meet all the necessary security protocols and most importantly evaluate and meet all the security requirements and be assured that they meet the baseline for data security.

Vulnerability Timeline

A study reveals that about 20% of the global organisations rank cyber espionage as the most pressing concern, therefore, making it a significant threat to their business. The number of zero days is continually rising and with each attack being more severe. The primary targets under the radar have been government institutions, organisations from various sectors, individuals and so on.

The basic fundamental of cyber espionage is to expose the private information of the concerned person or company. Cyber espionage tops the list of security concerns as it repercussions can be felt even after eliminating the threat as it damages trade and creates a dent in the global economy.
Ransomware, malware attack, phishing, etc. are some common cyber-attacks. In particular, as recent has been the case with WannaCry ransomware attack. It was reported that it had infected more than 230,000 computers worldwide. Many organisations were hit in over 150 countries. The common tactic is to take advantage of the gaps left in the networks that have businesses partnerships and government agencies. Simply put, through these networks, these entities share valuable information that hackers can penetrate into thus easily getting access to useful information.

The question that arises next is why these entities get affected by cyber-attacks? The reason being, the lack of proper security implementation of protocols. Organizations, enterprises, individuals need to be informed of cyber-attack activities, so they better recognize the risk of exposure before it is unsolicited exposed.

Threats are Constantly Evolving

While recently catching up with news, you may have heard terms like ‘zero day’ and ‘cyber conflict’ over and over again. The technology has bestowed us with new exciting security protocols. This implies that with each advancement, we are better at adding an extra layer of security; however, as these approaches become obsolete, they can be bypassed quickly thus leaving a void for the cyber-attacks.

A zero-day vulnerability refers to such voids left in software which is unknown to the developers. This flaw is then exploited by the attackers with malicious intent even before the developers become aware of it. To counter the vulnerabilities, a software patch is released to fix the issue. Once such example is of Microsoft’s Patch Tuesday i.e. Microsoft releases security patches on every second or fourth Tuesday of each month for its products.
zero-day-attack
One of the reasons of the cyber espionage is the lack of applying these tactics i.e. to update their system with recently security updates. Systems running under unsupported operating systems or older versions were substantially exposed.

Simply put, developers create software that contains some voids and attackers spot the vulnerability before developers can act and exploits it. Once the patches are released, the exploits are no longer a threat.

The Role of Security Standard

As attackers look for advanced ways to exploit the vulnerabilities, new procedures and techniques are being adopted by them. They use hacking methods such as watering hole attacks, spear phishing attack, Whaling, Port scanning, to name a few.

Cyber security is a bigger challenge as one needs to implement advanced protocols and meet safety standards when required. Even though organizations may fulfill all the criteria or the developers checklist everything on the standards of security, there’s always room for enhancing the basic security capabilities. The fast evolving tactics and unpredictable threats used by cyber criminals have pushed for advanced evaluation and monitoring of services.

As the attackers adopt the latest technology, the security community is pushing for other defensive stances as well. They have started putting steps in place to guard against cyber- attack. Struggling to keep up with the security standards means to put the critical information and infrastructure at risk.

Adopting techniques to protect the cyber environment is the need of the hour. The primary objective is to mitigate and prevent any potential for cyber-attacks and for that, more and more companies are implementing various security safeguards, risk management approaches, guidelines, policies, technologies, investing in data recovery services, so on and so forth.

A Helping Hand

Zero-day, cyber conflict and cyber espionage all are a broader picture of cyber-attack, and nonetheless, make up for most of the cyber security challenge. The users need not be security experts to protect themselves against the attacks.
  1. Use a top antivirus that will ensure that you are protected against both known & unknown vulnerability.
  2. Time again IT experts ask users to update their software’s, the Update may include protection from a recently discovered bug.
  3. Upgrade the browsers, push out an automatic update of the browsers regularly.
Stellar Data Recovery is one such name which is capable of countering such cyber-attacks; thereby, it presents itself as a reliable partner when it comes to data security.

The Final Word

We will always be wooed by the latest technological advancement which also means that the old ones will become obsolete; thereby, adopting new security approaches is equally essential. Cyber-attacks expose valuable assets gaining unauthorized access; therefore, businesses need to defend themselves against it and incorporate security protocols to mitigate the risk.

How To Protect / Secure Your Wi-Fi Network?

Hello All, I am back to blogging again after 3-4 years motivated and ready than ever before. For 5 years now, I am working online on Upwork and some other freelancing sites as security expert helping clients fixing their hacked sites/servers so could not manage much time for writing but will try to regularly update with new hacking tutorials and tricks from now onwards. I have recently changed the look/design of site as well so I hope you would like it :)

Using man-in-the-middle attack, someone can eavesdrop on your network traffic and can easily get all administrator details and have un-authorized access to your Wi-Fi network.

So today I am going to provide some basic approaches to secure your home or office Wi-Fi network from hackers.

Logging to Router and Change Default Password

You have to look at back of your router and get login details like IP Address, Username and Password. Usually details are written at back and if not you may call your ISP (Internet Service Provider) if they gave you the router otherwise find the model number and look up information on Google.

D-Link Router Back

Visit IP Address in browser and enter login details when asked. This page is only accessible when you are using the router’s Wi-Fi network.

After logging in, first thing you have to do is to change default password setup by router. Settings may vary depending on which company router you using (mentioned image is for D-Link routers), some routers provide options to change default admin username as well.

Change D-Link Admin Password

Why should you change the default network password? With default password, someone can easily login to router setting (by default gateway IP which is not hard to find) and have un-authorized access to change router settings. So changing password would not allow anyone to access router settings except you.

SSID, Password and WPA2 Encryption

Pick a SSID (network name) which is not relevant to your identity or draw attention from hackers.
Use a strong password and once you do that please make sure to update passwords on all connected devices.


For encryption, make sure you choose WPA2 and not WEP/WPA. WPA2, short for Wi-Fi Protected Access 2, the follow on security method to WPA for wireless networks that provides stronger data protection and network access control. It provides enterprise and consumer Wi-Fi users with a high level of assurance that only authorized users can access their wireless networks

Firmware Update

Please consider updating firmware of your router which you can find under admin settings. Using the latest firmware version ensures you have all available security patches.

Disable WPS

WPS, short for Wi-Fi Protected setup is insecure so you should disable it. This is a button on your router.

Guest Networks

Some routers provide this option using which you can add guest network which creates a separate network for guests. It is a totally different network with a different password from the network. This means devices connected to the Guest network will NOT be able to share files and printers connected to the main network.

Guest Network

Parental Controls

With it, you can block inappropriate sites and limit the time your kids spend online.

Additional Settings

You may consider enable MAC Filtering (However they can easily spoofed and just give false sense of security) or Hide SSID.

There are wide ranges of settings under your router which you can change and set accordingly but please be cautious when doing so.

Any question? Please let me know in comment section.

Thank you.

WordPress Security: Securing Sites From Hackers / Future Attacks


As WordPress is the most popular CMS available on the web but also vulnerable to threats if we don't follow the necessary security measures.

In one of previous guest post, Sarah Rexman mentioned some tips about securing WordPress and in this post I'm gonna share my own experience. While working as freelancer on oDesk, Elance and Freelancer; clients always have issues about securing their sites from hackers and ask about how to prevent from future attacks. So consider these points to secure your WordPress site for now and future:
  • Keep your WordPress up to date. Latest stable version is 4.9 released on 16th November, 2017.
  • Keep your all plugins, themes up to date.
  • Always keep backup of your database, files and make it update after some interval.
  • If site has been compromised, then you must change your salt keys from your wp-config.php file under root directory. You can generate new keys from here. It will force all users to have to log in again.
  • Change your all passwords associated with site at regular interval.
  • Use strong passwords for all logins. Include the mixture of atleast one uppercase letter, lowercase letter, special character, number.
  • Change your WP-Admin username from admin to some other name.
  • Change database prefix from wp_ to some other complicated characters to avoid zero-day SQL injection attacks.
  • Remove timthumb script if your site running it as its no longer supported or maintained.
  • Use plugins after testing it properly. Going through plugin review, Google search will let you know about the reputation of the plugin.
  • Keep track of latest visitors through log files for tracking site users. If you find any suspicious activity at any particular time, then logs files might help you to know a bit about the attacker.
  • Change permissions for .htaccess, wp-config.php, themes main files to 444.
  • Proper file permissions for other files and folders. Best practice is to use 644 for files and 755 for folders.
  • Keep your own system virus free.
  • Always try accessing the site credentials from your own system only.
  • Validate all user inputs  like URL, image uploads etc.
  • Keep track of WP-Admin, FTP accounts user section for any unauthorized user.
  • You can also use Wordfence plugin to monitor from malicious scripts.
  • Put some security to the server on which your site is hosted, either it hosted on dedicated or a shared server.
  • Keep updated with latest vulnerabilities.
Is your own site get infected with malware/virus, contact me through contact form to get rid of malware with future security implementation. In some cases, site might be hit by pharma hack, you can check it either through site content or by searching your site on Google with query "site:example.com pharma"

Having any further issue? Please comment down!

How To Protect In Cafe/Public Computers While Surfing Internet?

Protect in Cafe
People who surf internet on cafe/public computers, are more vulnerable to be hacked, reason is simple! They are unaware from the software installed on public computers, their privileges. It's always secure to access internet from your personal computers, but some times you have to access it from other places like cafe, your friend computer. So what if you wanna to secure yourself from these hacks? Two things you must keep in mind while surfing from pubic computers:

1. Always prefer to private browsing. Mostly people are unaware from this wonderful feature of browsers. So what is private browsing and how to enable it?
  • Private Browsing allows you to browse the Internet without saving any information about which sites and pages you’ve visited, private browsing do not save Visited pages, History, Passwords, Cookies and Cache files.
  • For enabling it, press Ctrl+Shift+P for firefox and IE users (For chrome use shortcut Ctrl+Shift+N or check my other post Incognito Window In Google Chrome For Safe Browsing), a prompting window will ask you for starting private browsing.
2. Use On-Screen Keyboard. What to do if you think there is suspicious keylogger installed on system. Don't take risk, use on-screen keyboard. Keyloggers captures information from normal keyboard only. So whenever you do login on your personal internet banking accounts or else, always prefer to use virtual keyboard. You can open it by typing OSK in run.

Tutorial On Shoulder Surfing Technique & How To Prevent From It

Shoulder Surfing
Hello everyone!! Today I'm gonna tell about a cool & funny hacking technique named Shoulder Surfing. Mostly among you would've use this technique before too, but never knew about its name, so let me clear what is shoulder surfing in brief:

Shoulder surfing is the way to obtaining information by looking over any person's shoulder (It's similar to cheating in exam from someone sitting ahead you). For e.g. while filling your personal data like email, password, security pin or while doing transactions from ATMs, person behind you can see what you're typing & grab the sensitive information. It seems weird, but persons who're very slow in typing, mostly become victim of it. Shoulder surfing can also be done through long distance by using binoculars.

How to prevent from this hacking technique?
  • As I recommend, type fast as you can.
  • Know who's behind you while typing.
  • At last but not least, pick strong passwords for email accounts, transactions (so that the person behind you even could not make a guess about what you typed).

    And the best way I found on Google:

Shoulder Surfing Prevention
haha :)

Tutorial On Information Gathering / Foot Printing (Hacking Technique)

Information Gathering
Information gathering or Foot printing is the basic technique of hacking which includes gathering maximum information about the target computer systems. It is a very important part of hacking because the more information about target system we have, more the number of attacks we can launch. Information gathering is the important technique because all other process of hacking based on information that you have. Therefore we must know what information to gather, where to find it, how to collect it & how to process the collected information.

Let's start with an example: Suppose your designation is as a hacker in your company & company wants some information about the target system like physical location, IP records and some details about the specific domain. What you've is only the domain name (e.g. www.example.com) or IP address. There are some practical steps you need to follow while gathering information about target system:
  • First step is to finding the IP address:
    • Go to command prompt> type ping www.example.com
    • It will give you IP of the target system.
  • After getting IP, next step is to know about the physical location of the victim:
    • Go to IP2location from here, enter the IP in search field & hit enter.
    • It will give you details about the physical location of the victim.
  • Now, we have to find out the details of the domain (example.com):
    • Go to who.is or whois.domaindetails.com & type the site address of victim.
    • It will give you details about domain owner, server, domain expiry/creation date.\
  • Use Traceroute for tracing the websites path:
  • Use Google for getting more information about the victim.
Following above methods will help you in getting maximum information about the target system & if you need further information, then google it with your queries.

Some of the tools used for information gathering are nslookup, traceroute & Nmap. Very soon, I will explain about Information Gathering technique using Back Track.

A Guide To Google Hacking Techniques

Google Hacking
Hi everyone!! As we all know Google is the major search engine and #1 ranking site and it's like a part of our daily routine.

Google hacking does not mean to hack Google's site/server, it means likely to be smart in Google search. Almost every kind of information is provided there, but the thing is how you search your queries. In this post I've provided a PPT which is all about Google hacking techniques. I'm sure after completing the whole PPT, you would become more expert in Google search.

PPT is all about learning the basics of Google hacking and finding vulnerabilities in the websites.

You can download it from here.

Whether you search your queries as smart worker or hard worker in Google, depends upon how much you know about it! so start your smart work from right now.

Tutorial On DNS Cache Poisoning (Redirect abc.com By Entering xyz.com In Address Bar)

Hello guys! Today I'm going to post about a hacking technique named "DNS Spoofing or DNS Cache Poisoning". DNS cache poisoning is a computer hacking attack, whereby data is introduced into a Domain Name System (DNS) name server's cache database, causing the name server to return an incorrect IP address, diverting traffic to another computer (often the attacker's).

This trick is commonly used by hackers for redirecting original site to fake site (like opening Facebook, Gmail would open fake facebook, gmail).
DNS Cache Poisoning
Let's understand it by taking an example:
  • Go to C:\Windows\ System32\ Drivers\ etc\ Hosts
  • Open it with notepad.
  • Write 67.195.160.76 www.google.com below 127.0.0.1 localhost like that:
    127.0.0.1 localhost

    67.195.160.76  www.google.com
Where 67.195.160.76 is IP address of yahoo, you can change it whatever you want. If you are thinking about knowing IP address of any site, then go to command prompt> Type ping site name, for e.g. ping www.facebook.com

Note: Even you can use it for phishing purpose.

    Best Server Hardware And Network Solution For Your Business

    The serverclub.com is a provider of server hardware and network plans. Just from its name you can understand the specialty of this website:dedicated server services. As why in our modern days the Internet is everything especially for our work, many of companies, web designers, businessmen or bloggers have enjoyed the advantages of the dedicated servers. 

    These servers allow other people to browse your website on the internet. This storage of this data on servers is called hosting. Some people to decrease their costs host their data in shared servers but sometimes have to deal with problems like the server overloading. So, that’s the reason the big companies and the website owners prefer the dedicated servers.

    Dedicated Server
    The ServerClub can provide you exactly this dedicated server hosting. The site provides the best hardware and software services and also very good and useful customer support, all these in very low prices. In additional are available two very profitable offers: to refer a friend and to become a reseller which in simple words means that when for example you recommend the ServerClub services to your friends then you will get the 10% of the rent bill of their server plan every month for the lifetime of their contract. You can also sell servers from your website gaining the 20% of the sales. 

    ServerClub Features:

    • Environmentally friendly technologies and power saving systems at the servers host which help the costs cutting.
    • Reliable hardware combined with amazing bandwidth = perfect hosting.
    • Excellent customer support service.
    • Backup server available in case of failure or overload.
    • Customization of plans and extra requirements depend on the needs.
    • High quality servers (instant setup of Dell’s premium servers with Xeon processors and hardware RAID, the IP network is designed by Cisco)

    In Conclusion


    ServerClub provides all the services which are required to set up dedicated hosting with the best possible features at logical rates. So if you are thinking to switch to dedicated hosting, you are highly recommended totake look onthe ServerClub.

    How To Create Your Own Website For Free With uCoz?

    The www.ucoz.com is a unique website which allows you to build your site easily, for free. It gives you the ability to create a multi-functional website for every topic you want. Either you are a professional or you just want to create a site for your personal purposes have in mind that with the ucoz you have the ability to create a page with your own unique style.

    How it Works?


    The uCoz allows you to create your page from a large number of template options for a functional and interactive site. But it’s good to keep in mind that is a free web builder so do not wait to get the functionality of a paid one. Although the ucoz is a site which gets closer to a paid website planning than the rest of its kind. It is the ideal helper to create your own website for free like personal homepages, online stores, portals, fan sites, blogs and communities, educational and governmental websites and many more.

    uCoz Free Site
    Except offering the typical features to Content Management Systems like the database of site users with division into groups or the RSS import and export, also offers some unique features as special template language which allows you to check different conditions when generating pages,template builder which allows to completely change the design in a very effective way and possibility to extend your website functionality with the help of PHP or third database servers like MySQL and API. It doesn’t require installation, offers many different templates in its template store and a variety of modules, tools and features as well to give your page a sense of your own personality. The good is that uCoz is suitable for both newbies and experienced professionals.

    Why Choose uCoz?


    uCoz has a very good background as works for 7 years already and has over 1.200.000 active websites with more than 100 million page views daily and the most important: error free. Also, it provides free Web hosting with unlimited space. It is not possible to summarize up everything in one article. But one you have to keep in mind: uCoz provides a free and easy to use service for people who want to create their own page with their own personality and to enjoy the many advantages of using a multi-functional website for their work, to exhibit their art, to express their ideas or just to have fun. Absolutely recommended!