Zyxel vulnerability exploited by “Helldown” ransomware group
Introduction
As Yarix's Incident Response Team, our responsibilities are to manage critical issues related to cyber-attacks carried out by cybercriminals, intervening promptly in order to guarantee security to victim companies and to minimize latent risks, analyzing the systems within their infrastructures and indicating precise remediation actions capable of re-establishing a state of security sufficient for normal...
Behind The Scenes: Yarix Approach to Mobile Security
TLDR: This article highlights the Yarix Red Team’s daily challenges and internal work done to improve the quality of our outcomes. We will explore the topic by taking the Mobile Security field as a case: we will start with the common reporting problems every red team faces day after day, as well as those arising...
Threat Actors leverage Chinese SHOPOEM Platforms to spread infamous scam campaign
Introduction
As Yarix Cyber Threat Intelligence (YCTI) team, we keep a close eye on and track phishing and scam campaigns on a daily basis. Protecting the reputation and image of client companies is one of the main goals of YCTI’s Brand Abuse team. This includes determining whether and how their officially registered trademarks are being used...
Java – Cracking the Random: CVE-2024-29868
TL;DR
If you employ a Java application with a token-based password recovery mechanism, be sure that said token isn't generated using: RandomStringUtils. Spoiler: You can crack it and predict all past and future tokens generated by the application!Some Context
During a Penetration Test I was sifting through the internet - as one often does...
Citrix ADC – Unexpected Treasure
TL;DR Setting secure rules for the RelayState parameter is a MUST when configuring Citrix Application Delivery Controller (ADC) and Citrix Gateway as SAML Service Provider, because an attacker can exploit a chain of three low-risk vulnerabilities to compromise victims’ accounts. By luring users to a malicious domain, attackers can steal session cookies and gain unauthorized...
Rhysida – Ransomware Payload Analysis
RANSOMWARE GROUP DETAILS
Ryhsida is a ransomware gang that became famous starting from May 2023 after being correlated to a series of high profile cyber attacks in west Europe, north an south America and Australia. The group seems to be linked with the known Threat Actor “Vice Society”. The team takes his name from a centipede species...
Pizza, Pasta and Red Teaming: insights and ideas for an Italian-style report
Pizza, Pasta and Red Teaming: insights and ideas for an Italian-style report
Foreword
After more than 2 years from the inauguration of Labs, made with my friend Paolo Stagno aka VoidSec, it was perhaps time for me to write something . But $whoami? Make yourself comfortable and go to the "Author" section at the end of the article.The...
GhostSec, the hacktivist collective targeting ICSs
Introduction
To be able to achieve their objectives, hacktivist groups have been traditionally employing techniques such as distributed denial of services (DDoS), website defacements, and leaks of documents. These operations are usually conducted to advocate for specific social or political causes. Recently, it has been observed that hacktivist groups have shifted towards the targeting of Industrial Control...