[email protected]

Defence and Security

In Evidence

Cybercrime, an RFQ mail carries an unknown malware
The xlsx file uses an Excel CVE to contact an IP and download the payload. The link is not active now, but downloaded several during the day.
Cybercrime, new Ursnif/Gozi campaign in Italy via false BRT invoice
The email xlsm attachment contacts single url from which it downloads the dll, which starts malware infection. But only from Italian IPs and if they are not blacklisted.
Cybercrime, Formbook conveyed through a false request for quotation
The email gz attachment contains an exe file: the malware itself. This, if opened, starts the infection.
WordPress, critical vulnerability discovered on “Spam protection, AntiSpam, FireWall”
The flaw in the plugin can be used to extract sensitive info from a site's database, including user emails and password hashes. There is also a PoC.
Syria, the SDF launch the hunt for the Islamic State north of Deir Ezzor
Maneuvers underway with Inherent Resolve in Wadi al-Ajij. Objective: to neutralize the IS operative cells and their logistic network with Turkey.
Cybercrime, the MH370 tragedy lure for a new scam campaign
The fake vice chairman of a Turkish bank, managing the asset of a businessman killed in the Malaysia Airlines flight crash, offers to divide it with the potential victim.

Restricted Area

“Restricted Area” is born: a new exclusive channel in Italian and English on the latest cyber security researcher JAMESWT hunting, documented with pictures. For the moment it’s open, but soon it will only be visible by subscription.

Visit the Restricted Area

Defence

Syria, the SDF launch the hunt for the Islamic State north of Deir Ezzor
11 May 2021
Maneuvers underway with Inherent Resolve in Wadi al-Ajij. Objective: to neutralize the IS operative cells and their logistic network with Turkey.
Syria, rival militias target HTS leaders between Idlib and Aleppo
10 May 2021
Attack on one of al-Jolani's bodyguards. The smaller pro-Turkey groups are increasingly desperate and ready to do anything not to disappear.
Syria, Iran’s new strategy: from recruiting to medicines, passing through real estate
7 May 2021
Pro-Tehran militias are expanding rapidly in Deir Ezzor, Aleppo, Hasaka, Homs and Ghouta. Different levers are used in each area.
Syria, mysterious attack on HTS in Idlib: an ammunition depot explodes
6 May 2021
The most likely hypothesis: it is the work of a rival militia. In the area live several leaders of the group, which has recently suffered an escalation of attacks.
Syria, pro-Iran militias start recruiting also east of Aleppo
5 May 2021
Strategy identical as in Deir Ezzor: to offer financial incentives and better living conditions. The SAA and Russia react with a base in Khan Al-Sha'r.
Syria, the tension between the pro-Turkish militias in Aleppo is still growing
4 May 2021
Clashes in al-Bab between al-Hamza Division and Jaysh al-Ahfad. Only a few hours ago there was a battle in Tel Sha'eer. Meanwhile, resources are still dwindling.
Syria, pro-Iran militias try to expand towards Kurdistan
3 May 2021
Groups close to Tehran open a base east of Aleppo. Formally against the Islamic State. Basically, to extend Shiite influence to the east.
Syria, pro-Iran militias launch a campaign to recruit civilians in Deir Ezzor
30 April 2021
The offer is a salary of $ 40 for 15 days of work per month, as well as free access to treatment at the group's clinics and hospitals.

Cyber

WordPress, critical vulnerability discovered on “Spam protection, AntiSpam, FireWall”
11 May 2021
The flaw in the plugin can be used to extract sensitive info from a site's database, including user emails and password hashes. There is also a PoC.
Cybercrime, beauty salons worldwide could be targeted soon
10 May 2021
A user called bob934 is selling on Raid Forums a huge private database with 1,253,686 records. Many of them are still active.
Cyber Espionage, Chinese hackers exploit anti virus flaws to strike
7 May 2021
Recorded Future cybersecurity experts: Unit 61419 bought small English AV batches from Western companies through intermediaries.
White-hat hackers can now target all publicly accessible U.S. Defense information systems
6 May 2021
The DoD expanded the VDP Program to let cybersecurity researchers testing also the less “famous” ones, but often strategic as the others.
Cybercrime, Pingback is a new malware exploiting ICMP tunnelling for communications
5 May 2021
Trustwave cybersecurity experts: It uses ICMP for receiving commands from its C2 server, and maintains persistency thanks DLL hijacking.
Cybercrime, Rocke Group uses a new malware to attack via saved SSH keys and weak passwords
4 May 2021
Intezer cybersecurity experts: The China-linked APT’s code, after the victim has been infected, executes a Monero cryptominer.
Cybercrime, Darkside gang now target stock markets organizations
3 May 2021
Recorded Future cybersecurity experts: The ransomware group will notify info to crooked market traders in advance, so they can short a company’s stock price.
Cyber Espionage, NAIKON exploited RainyDay to target military organizations in Asia
30 April 2021
Bitdefender cybersecurity experts: China’s APT used the backdoor to compromise the victims’ network and to get to the information of interest.
Back To Top