1Aug-24

Threat Actors leverage Chinese SHOPOEM Platforms to spread infamous scam campaign

Introduction

As Yarix Cyber Threat Intelligence (YCTI) team, we keep a close eye on and track phishing and scam campaigns on a daily basis. Protecting the reputation and image of client companies is one of the main goals of YCTI’s Brand Abuse team. This includes determining whether and how their officially registered trademarks are being used to spread fraudulent campaigns that...
Posted By
24Jun-24

Java – Cracking the Random: CVE-2024-29868

TL;DR

If you employ a Java application with a token-based password recovery mechanism, be sure that said token isn't generated using: RandomStringUtils. Spoiler: You can crack it and predict all past and future tokens generated by the application!

Some Context

During a Penetration Test I was sifting through the internet - as one often does - looking for ways to...
Posted By
10May-24

Kelvin Security and Spectre, investigating possible relationships

Kelvin Security and Spectre, investigating possible relationships

Introduction

The Yarix Cyber Threat Intelligence Team (YCTI) has conducted an investigation that has discovered a possible relationship between the threat actor Kelvin Security with another threat actor called Spectre. This relations was identified through the discovery and analysis of an indicator found within an Italian governmental leak that was shared by a malicious actor....
Posted By
4Apr-24

BlueDuck: an(other) Infostealer Coveting Digital Marketing Agencies’ Facebook Business Accounts

Introduction

In November 2023, the Yarix Cyber Threat Intelligence team (YCTI) intercepted a set of suspicious phishing emails addressed to digital marketing agencies that were impersonating different famous fashion brands. Through the analysis of these emails, we uncovered the activities of a Vietnamese cybercriminal group distributing a malicious python-based infostealer, tracked as BlueDuck, aimed to collect sensitive information from infected...
Posted By