Google Ad fraud campaign used adult content to make millions
A massive advertising fraud campaign using Google Ads and 'popunders' on adult sites is estimated to have generated millions of...
Year: 2022
Google introduces end-to-end encryption for Gmail on the web
Google announced on Friday that it's adding end-to-end encryption (E2EE) to Gmail on the web, allowing enrolled Google Workspace users...
Play ransomware claims attack on German hotel chain H-Hotels
The Play ransomware gang has claimed responsibility for a cyber attack on H-Hotels (h-hotels.com) that has resulted in communication outages...
Ukraine’s DELTA military system users targeted by info-stealing malware
A compromised Ukrainian Ministry of Defense email account was found sending phishing emails and instant messages to users of the...
T-Mobile hacker gets 10 years for $25 million phone unlock scheme
Argishti Khudaverdyan, the former owner of a T-Mobile retail store, was sentenced to 10 years in prison for a $25...
Restaurant CRM platform ‘SevenRooms’ confirms breach after data for sale
Restaurant customer management platform SevenRooms has confirmed it suffered a data breach after a threat actor began selling stolen data on...
The Week in Ransomware – December 16th 2022 – Losing Trust
To evade detection by security software, malware developers and threat actors increasingly use compromised code-signing certificates to sign their malware....
A Technical Analysis of CVE-2022-22583 and CVE-2022-32800
This blog entry discusses the technical details of how we exploited CVE-2022-22583 using a different method. We also tackle the...
Detecting Windows AMSI Bypass Techniques
We look into some of the implementations that cybercriminals use to bypass the Windows Antimalware Scan Interface (AMSI) and how...
Conti Team One Splinter Group Resurfaces as Royal Ransomware with Callback Phishing Attacks
From September to December, we detected multiple attacks from the Royal ransomware group. In this blog entry, we discuss findings...
US government is warning of business email compromise BEC attacks aimed at hijacking shipments of food products and ingredients
US government is warning of business email compromise (BEC) attacks aimed at hijacking shipments of food products and ingredients.The Federal...
IT giant Cisco is warning of threat actors exploiting many old vulnerabilities in attacks in the wild
IT giant Cisco is warning of threat actors exploiting many old vulnerabilities in attacks in the wild.Cisco has updated multiple...
CyberNews researchers reported that Ecco a global shoe manufacturer and retailer exposed millions of documents
CyberNews researchers reported that Ecco, a global shoe manufacturer and retailer, exposed millions of documents. Original post @ https://cybernews.com/security/ecco-leaks-sensitive-data-for-months/Ecco, a...
American nbsp identity and access management nbsp giant Okta revealed that that its private GitHub nbsp repositories were hacked this month
American identity and access management giant Okta revealed that that its private GitHub repositories were hacked this month.Okta revealed that its private GitHub repositories...
Karakurt Ransomware Victim: Goodwill industries
KARAKURT RANSOMWARE NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of...
HackerOne Bug Bounty Disclosure: cve-2022-43551:-another-hsts-bypass-via-idnbykurohiro
Programme HackerOne curl curl Submitted by kurohiro kurohiro Report CVE-2022-43551: Another HSTS bypass via IDN Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: host-header-injection-that-bypassed-protection-and-allowed-accessing-multiple-subdomainsbymusashi42
Programme HackerOne Urban Company Urban Company Submitted by musashi42 musashi42 Report Host header injection that bypassed protection and allowed accessing...
Royal Ransomware Victim: ATLAS
RoyalRansomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the...
Malware Analysis – djvu – 5bb7092fb1f0adf06c2ab31aab04ae33
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, discovery, persistence, ransomwareMD5: 5bb7092fb1f0adf06c2ab31aab04ae33SHA1: a44f5a01b2786183c9d5f7f282ade30736a35254ANALYSIS DATE: 2022-12-21T16:56:06ZTTPS: T1130, T1112, T1060, T1222, T1082, T1053 ScoreMeaningExample10Known badA...
Malware Analysis – evasion – fd9170ec42a74eb94ad7e4d23fc793ba
Score: 10 MALWARE FAMILY: evasionTAGS:evasion, persistence, ransomware, trojanMD5: fd9170ec42a74eb94ad7e4d23fc793baSHA1: a541035a5fdc235e19d71fa42dc53f02c9a5b379ANALYSIS DATE: 2022-12-21T16:34:21ZTTPS: T1102, T1004, T1112, T1088, T1089, T1491, T1082, T1012...
Malware Analysis – ransomware – b3f5d8a881bf8c1c0431cb6b9747918f
Score: 10 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: b3f5d8a881bf8c1c0431cb6b9747918fSHA1: 7c2b61a227133ce76c2b2fa95945c82647cfb5fcANALYSIS DATE: 2022-12-21T17:48:05ZTTPS: T1082, T1107, T1490, T1012, T1120 ScoreMeaningExample10Known badA malware family was detected.8-9Likely...
Malware Analysis – persistence – 62212183c9d54195239f18d9c42e7407
Score: 8 MALWARE FAMILY: persistenceTAGS:persistence, ransomware, upxMD5: 62212183c9d54195239f18d9c42e7407SHA1: dee3dcb4795a6318f06d80ef110ce04fbc5f3bbaANALYSIS DATE: 2022-12-21T17:56:05ZTTPS: T1060, T1112 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne...
Malware Analysis – persistence – 83a31d74585bfebeadfdc651acad3159
Score: 8 MALWARE FAMILY: persistenceTAGS:persistence, ransomwareMD5: 83a31d74585bfebeadfdc651acad3159SHA1: 927908c24c7b9fb067400040b6672898d2618443ANALYSIS DATE: 2022-12-21T17:44:07ZTTPS: T1060, T1112 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or...
Malware Analysis – djvu – 1c1aa12967b3ed3043ad16c1f8d6b54f
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, discovery, persistence, ransomwareMD5: 1c1aa12967b3ed3043ad16c1f8d6b54fSHA1: dba7f6324ef35a521e136230a5f2b9686c7b2150ANALYSIS DATE: 2022-12-21T17:51:07ZTTPS: T1222, T1082, T1053, T1130, T1112, T1060 ScoreMeaningExample10Known badA...
