24Jun-24

Java – Cracking the Random: CVE-2024-29868

TL;DR If you employ a Java application with a token-based password recovery mechanism, be sure that said token isn't generated using: RandomStringUtils. Spoiler: You can crack it and predict all past and future tokens generated by the application! Some Context During a Penetration Test I was sifting through the internet - as one often does - looking for ways to do some damage in...
Posted By
10May-24

Kelvin Security and Spectre, investigating possible relationships

Kelvin Security and Spectre, investigating possible relationships Introduction The Yarix Cyber Threat Intelligence Team (YCTI) has conducted an investigation that has discovered a possible relationship between the threat actor Kelvin Security with another threat actor called Spectre. This relations was identified through the discovery and analysis of an indicator found within an Italian governmental leak that was shared by a malicious actor....
Posted By
4Apr-24

BlueDuck: an(other) Infostealer Coveting Digital Marketing Agencies’ Facebook Business Accounts

Introduction In November 2023, the Yarix Cyber Threat Intelligence team (YCTI) intercepted a set of suspicious phishing emails addressed to digital marketing agencies that were impersonating different famous fashion brands. Through the analysis of these emails, we uncovered the activities of a Vietnamese cybercriminal group distributing a malicious python-based infostealer, tracked as BlueDuck, aimed to collect sensitive information from infected...
Posted By
21Mar-24

Citrix ADC – Unexpected Treasure

 TL;DR Setting secure rules for the RelayState parameter is a MUST when configuring Citrix Application Delivery Controller (ADC) and Citrix Gateway as SAML Service Provider, because an attacker can exploit a chain of three low-risk vulnerabilities to compromise victims’ accounts. By luring users to a malicious domain, attackers can steal session cookies and gain unauthorized access to the protected applications....
Posted By