Threat hunting in public sandboxes has been, admittedly, a hobby of mine for the last two years or so. Recently, I have been looking through the geo-specific uploads that arrive in one such sandbox called Any.Run. It is no secret I am from the UK, so from time-to-time I like to check what malware is […]
Category Archives: Uncategorized
Phishing threat actors continue to launch successful credential harvesting campaigns via compromised Office 365 accounts. One of the most common themes for these campaigns is a “shared file” notification, whereby a compromised account shares a file with a user that is hosted in the SharePoint drive. The file is usually a PDF document that contains […]
01
Aug
Aug
Online shopping sites are prime targets for cybercriminals. Large sites can process vast quantities of personal information and payment data, making them a high-value reward if successfully hijacked. On 29 April, Malwarebytes Threat Intelligence shared a JavaScript web skimmer their team discovered on a compromised French Canadian online shoe store. The skimmer was injected into the online […]
01
Jul
Jul
Aviation is an interest of mine as some of my family worked on airlines and I enjoy volunteering my time to work with organisations such as the Aviation ISAC with vulnerability disclosure, threat intelligence, and security research. So when another interesting OSINT challenge with aviation-related attributes cropped up on my radar this week, shared by @fs0131y, I was […]
01
May
May
There is no doubt that mobile banking has taken the world by storm. Another growth industry is digital-only banks, especially in the UK. As of January 2022, over a quarter (27%) of British adults have opened an account with a digital-only bank, equating to 14 million people. This has created a new pool of targets for phishing threat […]