S21sec Labs

EFAIL: Malleability in symmetric cipher systems

In the previous post about EFAIL (https://www.s21sec.com/en/blog/2018/05/8326/) we talked about the risk that results from PGP using a “malleable” encryption algorithm. But, what does this mean? In this post we will see how this “malleability” allows the creation of fake…

Leer más

EFAIL – Is PGP really dead?

A vulnerability affecting PGP and S/MIME has been recently published (https://efail.de/). These are two mechanisms used for email encryption. As a way to mitigate this vulnerability, it has been recommended to disable message decryption plugins installed in email clients, and…

Leer más

First year of the COMPACT Project

Hacker themed films always tend to focus on threats against nation-wide organizations, such as army infrastructures, intelligence and counter-intelligence agencies, or even huge hydroelectric power plants whose failure threaten to flood thousands of square kilometres, affecting millions of people. Of…

Leer más

Solving the ROBOT CTF

After the publication of the previous post on ROBOT (https://www.s21sec.com/en/blog/2017/12/robot-bleichenbacher-returns/), some people wanted to see a proof of concept of the attack, so I started developing a set of tools that demonstrated an attack using a Bleichenbacher oracle. After a…

Leer más

COBALT ATTACKS IN THE WILD

Recently, our analyst team had come across a suspicious email coming from a Russian sender with the following information: Subject: Блокировка интернет ресурса Sender: info@roskomnadzor.info Attached File: Wire problems.doc The Microsoft Word (MD5: c2c753f440314d1ec88c1569aa845ac2) was indeed a Microsoft Office RTF…

Leer más

PLOUTUS-D: RENEWED ATM MALWARE STRIKES BACK

  An old friend in the ATM malware space is back in town, and nowwith some renewed advanced features. Ploutus, one of the most sophisticated ATM malware families, was first discovered in the wild in Mexico in 2013. Designed for…

Leer más

ALICE: Simplicity for ATM Jackpotting

  ATM malware is clearly a hot topic and a big concern nowadays for the banking industry, with the number of attacks rapidly growing and targeting all countries and regions. On recent posts we have described a new wave of…

Leer más

Massive spam campaign hits banks in Chile

S21sec has detected an ongoing spam campaign targeting netbank users of Chilean banks. This campaign is hitting around ten banks of this country including BBVA, Santander and Itaú among others. The fake message pretends to be sent from a law…

Leer más

Security in Joomla: yes, we can!

Joomla! is one of the most popular Content Management Systems (CMS) used to build websites, together with other CMS such as Wordpress, Drupal and Magento. This makes the life of hackers looking to compromise websites much easier, as they can…

Leer más

Reverse engineering Gootkit

Gootkit - in some places also referred to as Xswkit - is a banking malware written almost entirely in javascript. In this blog post we will go through on reverse engineering the malware to an extent where we are able…

Leer más