This month we’re introducing you to GhostSec, a threat group with ties to the Anonymous collective, and their shift from hacktivist to financially motivated hacking activities Threat actor profile: GhostSec Image 1: Screenshot of GhostSec’s profile from the Threat Context module Known Aliases GhostSecMafia GSM Key points GhostSec is a highly...

​  These wiper attacks are designed to identify and destroy data housed on infected machines and appears to be consistent with similar DDoS attacks against the nation during this period. The US Cybersecurity & Infrastructure Security Agency (CISA) issued a “Shields Up” advisory in the wake of these attacks, while...

In the last phishing blog we discussed how modern phishing works on the frontend. Read on to find out how threat actors can easily find and authenticate a suitable domain by modifying both Gophish and Evilginx to evade security controls. In the last phishing blog we discussed how modern phishing works on...

Social engineering is the art of manipulating people, so that they give up confidential information or perform an action you ask them to do. Read and learn first hand how modern phishing works to trick victims into giving up their credentials, bank information or computer access to secretly install malicious...

Stockholm – 13 July 2022: Outpost24 (“Outpost24” or the “Company”), a leading innovator in identifying and managing cybersecurity threats and vulnerabilities, today announced it has partnered with Vitruvian Partners (“Vitruvian”) to power the Company’s next phase of growth. The new ownership structure will enable Outpost24 to invest in its people, processes,...

Ransomware attacks are growing at an alarming rate thanks in a large part to Ransomware-as-a-Service (RaaS) operations. RaaS is a business model where cybercriminals develop ransomware and lease it out to other criminals, known as affiliates, in exchange for a percentage of the ransom payments. Essentially, it's a subscription-based service...

Ransomware is the biggest cyber threat to businesses. First burst onto the scene in 1989, it has evolved significantly over the past few years from widespread attacks to highly targeted Ransomware-as-a-Service (RaaS) operations affecting organizations of all sizes and sectors. This article takes a look at the evolution of the...

Jester stealer is an information stealer that has been around since mid-July 2021. Originally sold by the Russian speaking threat group "Jester_Stealer", in several underground forums and Telegram channels, they operate under a Malware-as-a-Service (MaaS) model and present themselves as a group of programmers. Here we delved into the Jester...

This blog describes the attack path we have uncovered during a recent penetration test of a web application, coupled with a back-end infrastructure assessment. Throughout we introduce different attack techniques and tools that can be used to attack the underlying infrastructure and APIs of a web application. Utilizing what was...

In our latest credit card fraud investigation blog our threat intelligence analysts investigate the current card shop ecosystem, from active shops and the return of Rescator as well as other recently shuttered card shops and credit card fraud to look out for. In February 2021, shortly after the closure of...