20Apr-23
Analysis of BlackBasta ransomware gang (Part 1)
Executive Summary The present article provides valuable highlights about BlackBasta ransomware-as-a-service (RaaS), as a result of the analysis conducted by Yarix Cyber Threat Intelligence – YCTI team. BlackBasta emerged in April 2022 and has already compromised over 200 organizations, thus representing one of the most threatening ransomware gangs in the cyber-scene. From April 2022 until March 2023, YCTI team estimates that the...
30Mar-23
PrivEsc on a production-mode POS
Earlier this year, we were involved in the security assessment of a mobile application that included the use and verification of a POS, a Pax D200. An Internet search aimed at identifying any known vulnerabilities about it, led us to this post called pax-pwn and written by lsd.cat where three CVEs were reported and described (CVE-2020-28044, CVE-2020-28045, CVE-2020-28046). The vulnerabilities...
20Feb-23
SIRI WI400: XSS on Login Page – CVE-2022-48111
WI400 is a software developed by SIRI that acts as a web interface for the IBM Power Systems (AS/400). During a penetration test activity, a reflected cross-site scripting (XSS) vulnerability was found on the login page. This allowed to craft URLs with arbitrary JavaScript code injected that would execute once the link was visited. Advisory - CVE-2022-48111 A cross-site scripting (XSS) vulnerability...
3Feb-23