Threats

ImageMagick: The hidden vulnerability behind your online images

ImageMagick: The hidden vulnerability behind your online images

By Bryan Gonzalez from Ocelot Team Introduction ImageMagick is a free and open-source software suite for displaying, converting, and editing image files. It can read and write over 200 image file formats and, therefore, is very common to find it in websites worldwide since there is always a need to process pictures for users’ profiles, …

ImageMagick: The hidden vulnerability behind your online images Read More »

Ploutus is back, targeting Itautec ATMs in Latin America

By Jesus Dominguez from Metabase Q’s Ocelot Team Ploutus, one of the most sophisticated ATM malware families worldwide, is back with a new variant focused on Latin America. Discovered for the first time in 2013, Ploutus enables criminals to empty ATMs by taking advantage of ATM XFS middleware vulnerabilities via an externally connected device. Since …

Ploutus is back, targeting Itautec ATMs in Latin America Read More »

How does ALPHV operate the RaaS membership program?

By Ramses Vazquez & Miguel Gonzalez from Metabase Q’s Ocelot Team Context DARKSIDE/BLACKMATTER/ALPHV-BLACKCAT The ALPHV Ransomware group also known as BlackCat has positioned itself in the Top 5 of most active ransomware groups. Among the target industries of this group are construction, energy, financial, logistics, manufacturing, pharmaceuticals, retail, and technology. The scheme under which this …

How does ALPHV operate the RaaS membership program? Read More »

Redline, the infostealer used by LAPSUS$ in LATAM

By Metabase Q’s Ocelot Threat Intelligence Team // Introduction LAPSUS$ is a cybercriminal group focused on cyberextortion with one single main objective, money. Hence the money symbol in their name. It’s important to mention that their way of acting is not traditional, this group enjoys the attention, so they choose to announce all their activities …

Redline, the infostealer used by LAPSUS$ in LATAM Read More »

Honey! I bypassed Cortex XDR with ransomware

By Miguel González  from Metabase Q’s Ocelot Team // Introduction Ransomware as a Service (RaaS) is what consolidated, industrialized cybercrime looks like. It is a business model between ransomware operators and affiliates in which affiliates – both, technical and non-technical – pay to launch ransomware attacks developed by operators. What makes it dangerous is how …

Honey! I bypassed Cortex XDR with ransomware Read More »

Filezilla DLL Side-Loading

By Jesús Domínguez from Metabase Q’s Ocelot Team // Summary Metabase Q’s Offensive Security Team, Ocelot, recently evaluated the protection capabilities of an XDR during an APT Simulation exercise – part of Ocelot’s portfolio. In this exercise, the Ocelot team found that FileZilla, one of the most popular and worldwide known FTP file transfer software, …

Filezilla DLL Side-Loading Read More »

Car Hacking: Current Trend in Car Theft

Salvador Mendoza from Metebase Q’s R&D Team Car Hacking: Current Trend in Car Theft // Keyless entry system risks. Vol 1 // Research Summary With inexpensive hardware and Software Defined Radio (SDR) open-source tools, malicious individuals can compromise vehicles’ security entry systems by exploiting their keyless system weaknesses. Most automobiles around the world rely on …

Car Hacking: Current Trend in Car Theft Read More »

EvilCorp arrives to Mexico

By José Zorrilla Metebase Q’s Ocelot Team Context Figure 1. Maksim Yakubets, leader of Evil Corp, wanted by the FBI since the end of 2019 Metabase Q’s offensive security team, Ocelot, discovered multiple malicious campaigns from the criminal group, EvilCorp. Since April 2021, they have been compromising Mexican websites and then using them to distribute …

EvilCorp arrives to Mexico Read More »