GhostSec, the hacktivist collective targeting ICSs
To be able to achieve their objectives, hacktivist groups have been traditionally employing techniques such as distributed denial of services (DDoS), website defacements, and leaks of documents. These operations are usually conducted to advocate for specific social or political causes.
Recently, it has been observed that hacktivist groups have shifted towards the targeting of Industrial Control Systems (ICS). These types of...
GIS3W: Persistent XSS in G3WSuite 3.5 – CVE-2023-29998
Ylabs2023-07-07T11:14:29+02:00GIS3W: Persistent XSS in G3WSuite 3.5 – CVE-2023-29998
During an engagement on a client's public infrastructure, we detected an exposed installation of G3WSuite. Since we were asked to perform a black box pentest on the G3WSuite installation, we had to find a way to gather as much information about the target as possible. Luckily for us, the whole G3WSuite codebase is...
Win$ton: a Russian-Speaking Scam Group Targeting Middle-Eastern Customers
As Yarix Cyber Threat Intelligence (YCTI) team, we regularly monitor, track and counter phishing websites that aim to steal user-sensitive data (e.g., login credentials, phone numbers, credit cards). One of the most challenging aspect of proactively countering and tracking phishing campaigns is hunting and analyzing exposed phishing kits. The analysis of these archives enables CTI analysts to understand the...
Vade Secure Gateway
During a penetration test activity, several reflected cross-site scripting (XSS) vulnerabilities were found on an application developed by the French Company Vade Secure. The vulnerable application is Vade Secure Gateway which is an email box scanning and processing tool for spam removal that can be managed via a web page.
Once we identified the vulnerabilities and found that they...