If you are a credit card holder, this post could be of your interest. Defending our financial assets is always one of the top priorities in the cybersecurity community but, on the other side of the coin, it is one of the most romantic attacks performed by cyber-criminals in order to steal money. Today I’d […]Read more "Uncovering New Magecart Implant Attacking eCommerce"
Introduction Information sharing is one of the most important activity that cybersecurity researchers do on daily basis. Thanks to “infosharing” activities it is possible to block or, in specific cases, to prevent cyber attacks. Most of the infosharing activities involved in cybersecurity are mostly focused on Indicator of Compromise such as: URL, IPs, Domains and […]Read more "Cyber Threat Trends Dashboard"
Introduction Today I’d like to share a quick analysis of an interesting attack targeting precision engineering companies based in Italy. Precision engineering is a very important business market in Europe, it includes developing mechanical equipment for: automotive, railways, heavy industries and military grade technology . The attacker pretended to be a customer and sent to […]Read more "SWEED Targeting Precision Engineering Companies in Italy"
Introduction The group behind Emotet malware is getting smarter and smarter in the way the deliver such a Malware. While the infection schema looks alike from years; the way the group tries to infect victims improves from day to day.Today I’d like to share a quick analysis resulted by a very interesting email which claimed […]Read more "Is Emotet gang targeting companies with external SOC?"
During the early 2000s in private chats or even in public IRC channels, self-styled “hackers” used to DOX people in order to prove their competence in “dark arts” (cit. Proceedings of the 39th SIGCSE). I always was fascinated by those guys that with few information such as an email address or a nickname were able […]Read more "DOXing in 2019"
Scraping the “TOR hidden world” is a quite complex topic. First of all you need an exceptional computational power (RAM mostly) for letting multiple runners grab web-pages, extracting new links and re-run the scraping-code against the just extracted links. Plus a queue manager system to manage scrapers conflicts and a database to store scraped data […]Read more "Scraping the TOR for rare contents"
There are many ways to fight cyber-crime, but what we used to do in Yoroi is Malware analysis and Incident response by using special and proprietary technologies. Often analyses are enough to temporary block cyber-criminals by sharing to everybody IOC allowing National and International players (ISP, AV vendors, CERTs and so on) to block connections […]Read more "Free Tool: LooCipher Decryptor"
During the past few weeks I received several emails asking how to dissect Office Payloads. While I was thinking on how to answer to such a questions I received a MalSpam with a Microsoft Office document attached by sheer coincidence, so I decided to write little bit on it. This is not going to be […]Read more "Step By Step Office Dropper Dissection"
When an unknown sender suggests me to click on a super wired url, dropping a ZIP file straight in my box, by saying it’s getting the next targeted attack on a huge company, well I kinda looking forward to it ! So I clicked on the link (see IOC section) and I’ve downloaded a “pik.zip” […]Read more "Ransomware, Trojan and Miner together against “PIK-Group”"
A .CSV file could be a malware carrier and if interpreted by Microsoft Excel it could become a malware executor ! When I personally saw this technique back in 2017 (please take a look to here, here and here ) I was fascinated. A simple and sweet textual file forcing the behaviour of powerful and […]Read more "Spreading CSV Malware over Google Sheets"