News
S21sec

Beautifying the webinjects of Gootkit

Beautifying the webinjects of Gootkit At first glance, Gootkit's webinjects may look like a messy bulk of binary data. But there is an easy way to decode them very nicely in just a matter of seconds. In this short article…

Read more

EFAIL: Malleability in symmetric cipher systems

In the previous post about EFAIL (https://www.s21sec.com/en/blog/2018/05/8326/) we talked about the risk that results from PGP using a “malleable” encryption algorithm. But, what does this mean? In this post we will see how this “malleability” allows the creation of fake…

Read more

EFAIL – Is PGP really dead?

A vulnerability affecting PGP and S/MIME has been recently published (https://efail.de/). These are two mechanisms used for email encryption. As a way to mitigate this vulnerability, it has been recommended to disable message decryption plugins installed in email clients, and…

Read more

First year of the COMPACT Project

Hacker themed films always tend to focus on threats against nation-wide organizations, such as army infrastructures, intelligence and counter-intelligence agencies, or even huge hydroelectric power plants whose failure threaten to flood thousands of square kilometres, affecting millions of people. Of…

Read more

Solving the ROBOT CTF

After the publication of the previous post on ROBOT (https://www.s21sec.com/en/blog/2017/12/robot-bleichenbacher-returns/), some people wanted to see a proof of concept of the attack, so I started developing a set of tools that demonstrated an attack using a Bleichenbacher oracle. After a…

Read more

ATM Jackpotting attacks reach the U.S.A

ATM Jackpotting attacks reach the U.S.A ATM operators in the U.S.A. have started 2018 with a new headache to take care of, as recent news show that ATM Jackpotting (a cyber-criminal technique widely spread across LATAM, Asia & Europe) has…

Read more

ROBOT: Bleichenbacher returns

“Those who do not remember the past are condemned to repeat it” (George Santayana) Some days ago, a new vulnerability known as ROBOT and affecting some SSL/TLS implementations has been published. This acronym refers to “Return Of Bleichenbacher’s Oracle Thread”.…

Read more

COBALT ATTACKS IN THE WILD

Recently, our analyst team had come across a suspicious email coming from a Russian sender with the following information: Subject: Блокировка интернет ресурса Sender: info@roskomnadzor.info Attached File: Wire problems.doc The Microsoft Word (MD5: c2c753f440314d1ec88c1569aa845ac2) was indeed a Microsoft Office RTF…

Read more

Androkins hits Colombia

  A few weeks ago we wrote about Androkins (1). Since then we have been actively monitoring Androkins activity, and we are periodically seeing new and new botnets added to the list. Androkins botnets have an internal name which can…

Read more