Last year, I had the chance to attend the globally renowned Black Hat security conference for the first time, and I shared with you last month that, thanks to the NormShield company, I would be attending it again this year with great excitement. During the conference and in the time leading up to it, I […]
Author Archives: Emin Baylarov
05
Jul
Jul
Prologue I find uncovering new campaigns and sharing research on novel threats is one the most enjoyable parts of my job as a CTI researcher. Especially the types of threats not many other researchers really spend much time investigating, or at least those who do rarely disclose their findings publicly. My investigation on the RedZei group is […]
01
Jul
Jul
Executive summary: Threat actors continue to leverage the NetWire Remote Access Trojan (RAT) in malicious spam email attacks using low-detection scripts, URL shorteners, and the Discord content delivery network (CDN). The Infection chain begins with a targeted email from the t-online[.]de mail service. These contain an XLS file or ZIP archive that, if opened, triggers […]
01
Jun
Jun
Keen-eyed Tweeps may have noticed that AnyRun tweeted out a Christmas CTF in their Xmas post card this year (see above). I enjoy a good CTF and with some help from @KrabsOnSecurity we uncovered a code for a free trial of AnyRun Explorer (an account option which is not on the pricing package). The CTF […]
12
May
May
The Magecart collective is a network of cybercriminal groups that have rapidly and successfully inserted credit card skimming scripts into compromised e-commerce websites. These malicious scripts steal payment information from unsuspecting customers, often without detection. This tactic has led to widespread breaches, with Magecart continuing to target vulnerable sites at an alarming rate. Magecart achieved […]