Tipo: Threats

ImageMagick: The hidden vulnerability behind your online images

ImageMagick: The hidden vulnerability behind your online images

By Bryan Gonzalez from Ocelot Team Introduction ImageMagick is a free and open-source software suite for displaying, converting, and editing image files. It can read and write over 200 image file formats and, therefore, is very common to find it in websites worldwide since there is always a need to process pictures for users’ profiles, …

ImageMagick: The hidden vulnerability behind your online images Read More »

PINATA: The new cyberthreat affecting the financial sector

By Salvador Mendoza from Metabase Q’s R&D Team Metabase Q’s offensive security team, Ocelot, discovered a potential abuse of an inadequate issuer business practice to reset the PIN RETRY Counter (PRC) on Europay, MasterCard, Visa (EMV) chip contact cards. It would lead to a new attack called Pin Automatic Try Attack (PINATA). PINATA could brute …

PINATA: The new cyberthreat affecting the financial sector Read More »

Janeleiro.mx Threat Briefing

By  Jesus Dominguez from Metabase Q’s Ocelot Team Context Janeleiro is amalware that has been attacking corporate users of large banks in Brazil since2019. This malware displays fake pop-up windows that pretend to be legitimateBrazilian bank forms, enabling it to gain unauthorized access to the victims’online banking accounts. Since January26, 2021, the Ocelot team has …

Janeleiro.mx Threat Briefing Read More »

Neshta and Avaddon groups teaming up to infect Mexican company

By  Miguel Gonzalez from Metabase Q’s Ocelot Team Ransomware-as-a-Service is on the rise worldwide, and Mexico has become a target. Just a few days after the group Avaddon announced the compromise of Loteria Nacional, Ocelot detected a second variant of the malware targeting another company in the same country. In this blog, we present the …

Neshta and Avaddon groups teaming up to infect Mexican company Read More »

Inside DarkSide, the ransomware that attacked Colonial Pipeline

By Miguel Gonzalez & Jesus Dominguez from Metabase Q’s Ocelot Team Executive Summary On May 7th, 2021, Colonial Pipeline reported that its digital infrastructure had been compromised due to a cyberattack, and as a precautionary measure, it would suspend its services until the severity of the situation was determined. Colonial is the largest pipeline operator …

Inside DarkSide, the ransomware that attacked Colonial Pipeline Read More »