Magecart Group 8 Blends into Adding To Their Growing List of Victims

magecart group 8

Magecart Group 8 Blends into Adding To Their Growing List of Victims

On Thursday, February 20th, around 3 pm GMT, criminals RiskIQ identifies as Magecart Group 8 placed a JavaScript skimmer on the international website for blender manufacturer NutriBullet, Our systems caught the cyber attack as it happened and continue to detect new developments. After multiple attempts to contact NutriBullet and receiving no response*, RiskIQ decided to initiate the takedown of the attacker exfiltration domain with the help of AbuseCH and ShadowServer. Group 8 operators were using this domain to receive stolen credit card information, and its… Read More »Magecart Group 8 Blends into Adding To Their Growing List of Victims

probing pawn storm -

Probing Pawn Storm

Cyberespionage Campaign Through Scanning, Credential Phishing and More Pawn Storm, an ongoing cyberespionage campaign with activities that can be traced as far back as 2004, has gained notoriety after aiming cyber-attacks at defense contractor personnel, embassies, and military forces of the United States and its allies, as well as international media and citizens across different civilian industries and sectors, among other targets. For years, Trend Micro has been closely monitoring Pawn Storm and its various attack vectors and methodologies, which have been generally facilitated for geopolitical… Read More »Probing Pawn Storm

wormable windows flaw smbv3

Ransomware crooks vow to avoid health organisations during COVID-19 crisis

Ransomware operators of DoppelPaymer and Maze malware stated that they will not target medical organisations during the current pandemic. Laurence Abrams, who runs the security news site Bleeping Computer, reports that he made contact with “the operators of the Maze, DoppelPaymer, Ryuk, Sodinokibi/REvil, PwndLocker and Ako ransomware infections to ask if they would continue targeting health and medical organizations during the outbreak.” The DoppelPaymer operators responded that “we always try to avoid hospitals, nursing homes … we always do not touch 911 (only occasionally is possible or… Read More »Ransomware crooks vow to avoid health organisations during COVID-19 crisis

Is APT27 Abusing COVID-19 To Attack People? 1

Is APT27 Abusing COVID-19 To Attack People?

Scenario We are living in hard times, many countries all around the world are hit by COVID-19 which happened to be a very dangerous disease. Unfortunately many deaths, thousands of infected people, few breathing equipment, stock burned billion of dollars and a lot of companies are entering into a economic and financial crisis. Governments are doing their best to mitigate such a virus while people are stuck home working remotely using their own equipment. Increasing the danger of advanced persistent threat groups like APT27 or… Read More »Is APT27 Abusing COVID-19 To Attack People?

parallax remote administration tool RAT


Following the increase in Parallax RAT campaigns — the new RAT on the block, Morphisec Labs decided to release more technical details on some of the latest campaigns that the Morphisec Unified Threat Prevention Platform intercepted and prevented on our customer’s sites. Parallax is an advanced remote access trojan that supports all Windows OS versions. It is capable of bypassing advanced detection solutions, stealing credentials, executing remote commands, and has also been linked to several coronavirus malware campaigns. Parallax is mostly delivered through malicious spam campaigns with Microsoft word documents as the… Read More »PARALLAX: THE NEW RAT ON THE BLOCK

gray hat freelancing logo

Trickbot gtag red5 distributed as a DLL file

Introduction Trickbot is an information stealer/banking malware that uses modules to perform different functions.  With Windows 10, these modules are loaded into memory, and we only see initial Trickbot binary and a text-based configuration file stored on the infected Windows 10 host. Access to Trickbot-infected hosts is granted to other criminals groups to distribute other malware like Ryuk ransomware.  This sort of follow-up malware has previously been noted in conjunction with Powershell Empire traffic and/or Cobalt Strike activity on a Trickbot-infected host. But today’s diary focuses on… Read More »Trickbot gtag red5 distributed as a DLL file

ursnif campaign targets italy with a new infection chain

Ursnif Campaign Targets Italy with a New Infection Chain

Introduction Ursnif is one of the most common and widespread threats today delivered through malspam campaigns. It appeared on the threat landscape about 13 years ago and gained its popularity since 2014 when its source code was leaked online giving the opportunity to several threat actors to develop their own version. For months, Italian users have been targeted by Ursnif malicious campaigns and Cybaze-Yoroi Zlab have closely observed these campaigns in order to track the evolution of TTPs and the sophistication of the infection chains.… Read More »Ursnif Campaign Targets Italy with a New Infection Chain

gray hat freelancing logo

One-Liner: Find Large Files

This one-liner will run du (disk usage) as root, to find large files, and sort the output in reverse order (largest to smallest) and return the top 20 results. Depending on your hardware and the size of your disk, this command may take a while to execute. But, it is an extremely effective way to find the largest files on your disk. Tweak as needed. sudo du -a / | sort -n -r | head -n 20 Here’s another take using bash and find: sudo… Read More »One-Liner: Find Large Files

freebsd kernel config

Smallest Possible FreeBSD Kernel Config for VirtualBox

If youre anything like me, you like to customize and optimize every single bit of your computer/server/etc.. So, we put together smallest possible kernel config for FreeBSD 11.2-p7. This tiny freebsd kernel config is for a FreeBSD guest on a VirtualBox host. It should support all of VirtualBox’s various options, as long as your hardware does. That is to say, if you feel like it, you can still trim a little bit off of this FreeBSD kernel configuration. For example, if you choose to use a SATA hard drive (they perform much better in VirtualBox),… Read More »Smallest Possible FreeBSD Kernel Config for VirtualBox

Migrating a User's IMAP Mailbox 2

Migrating a User’s IMAP Mailbox

Migrating a user’s imap mailbox with imapsync is much better than trying to convert mailbox types. – The online tool (downloadable tool further down) Managing mail servers is quite a bit more difficult than running a web server. A lot of system administrators learn this the hard way. After becoming comfortable with a web server or two, comfortbale enough to start fucking around, they’ll take the plunge into e-mail land and that is where black hat hackers get to have a lot of fun. I’m going to show you how to… Read More »Migrating a User’s IMAP Mailbox