Archive for February, 2019


Your trust, our signature

Sending signed phishing emails

Every organisation, whatever its size, will encounter phishing emails sooner or later. While the number of phishing attacks is increasing every day, the way in which phishing is used within a cyber-attack has not changed: an attacker comes up with a scenario which looks credible enough to persuade the target to perform a certain action like opening an attachment or clicking on a link in the email. Continue reading

On the 2nd of January 2019 Cobalt Strike version 3.13 was released, which contained a fix for an “extraneous space”. This uncommon whitespace in its server responses represents one of the characteristics Fox-IT has been leveraging to identify Cobalt Strike Servers, with high confidence, for the past one and a half year. In this blog we will publish a full list of servers for readers to check against the logging and security controls of their infrastructure. Continue reading

Security expert Marco Ramilli analyzed a new piece of malware apparently designed to target PIK-Group that implements ransomware, Trojan, and Miner capabilities.

Continue reading

Crypted000007 is a ransomware-type virus which belongs to the Troldesh family. Like most viruses of this type, it is designed to encrypt files and make them unusable until a ransom is paid. This particular virus renames files so that they comprise a line of characters and digits and adds the “.crypted000007” extension to each. Continue reading

BARCELONA, Spain (AP) — A top executive at Chinese tech supplier Huawei poked fun at U.S. intelligence on Tuesday as he sought to reassure people attending the world’s biggest mobile industry fair that the company’s technology is secure. Continue reading

Some of you might have anticipated this, some of you will be surprised. The decision has been made. We will discontinue our service on March 8, 2019. It has been a blast working on this project over the past 18 months, but to be completely honest, it isn’t economically viable anymore. Continue reading

Between the last week of January to February, we noticed an increase in hack tool installation attempts that dropped seemingly random files into the Windows directory. Initially appearing unrelated, analysis showed the final payload to be a Monero cryptocurrency-mining malware variant as it scans for open port 445 and exploit a Windows SMB Server Vulnerability MS17-010 (patched in 2017) for its infection and propagation routines, targeting companies in China, Taiwan, Italy, and Hong Kong. Continue reading

With its open-source, feature-rich, and user-friendly content management system (CMS), WordPress powers nearly 33 percent of today’s websites. This popularity is also what makes them an obvious cybercriminal target. All it could take is a vulnerability to gain a foothold on a website’s sensitive data. This could be compounded by security issues that can be brought by outdated websites or use of unsecure third-party plugins or components. Continue reading

The content management framework Drupal recently fixed a vulnerability (CVE-2019-6340) in their core software, identified as SA-CORE-2019-003. The flaw is categorized as highly critical, exposing vulnerable installations to unauthenticated remote code execution (RCE). The vulnerability affects a substantial portion of Drupal installations, since it impacts the widely installed RESTful Web Services (rest) module. Specifically, the vulnerability requires that the following preconditions are met: Continue reading

Social media influencers build and expand their business or brand through credibility and authenticity to their audience. For hackers, however, they could be seen as trophies. That’s what happened to a photographer with more than 15,000 followers on Instagram, when she had her account stolen. Continue reading