Reawakening of Emotet: An Analysis of its JavaScript Downloader

Reawakening of Emotet: An Analysis of its JavaScript Downloader

In mid-September 2019, Emotet resumed its activity and we evaluated changes to its operation in a previous blog post by Alex Holland. One of the noticeable changes is that some of the ...
Deobfuscating Ostap: TrickBot’s 34,000 Line JavaScript Downloader

Deobfuscating Ostap: TrickBot’s 34,000 Line JavaScript Downloader

Introduction For a malicious actor to compromise a system, they need to avoid being detected at the point of entry into the target’s network. Commonly, phishing emails delivering malicious attachments (T1193) serve ...
🤷🏻‍♀️

Polyglot FizzBuzz in R (Plus: “Why Can’t Johnny Code?”)

| | C++, Javascript, python, R
I caught this post on the The Surprising Number Of Programmers Who Can’t Program from the Hacker News RSS feed. Said post links to another, classic post on the same subject and ...
Application Security Platform

The Danger of Content Scraping – And How to Prevent It

Many of today’s hyper-connected organizations are faced with the challenge of how to address content scraping attacks in an efficient and scalable manner. The impact of this attack can be wide-ranging, starting ...

Welcome to the New Secureideas.com

We are excited to announce the launch of the new Secure Ideas website. It is located at the same url: https://www.secureideas.com. We hope you like our new look, designed to help you ...
Announcing the Deobfuscating JavaScript White Paper

Announcing the Deobfuscating JavaScript White Paper

The topic of this white paper is an example of how to deobfuscate JavaScript code as it's often used in phishing pages. Deobfuscation is the process used to convert a program that ...
Malware Campaigns Sharing Network Resources: r00ts.ninja

Malware Campaigns Sharing Network Resources: r00ts.ninja

We recently noticed an interesting example of network infrastructure resources being used over a period of time by more than one large scale malware campaign (e.g redirected traffic, cryptomining). This was discovered ...
A now-patched vulnerability in the web version of Google Photos allowed malicious websites to expose where, when, and with whom your photos were taken.

Now-Patched Google Photos Vulnerability Let Hackers Track Your Friends and Location History

A now-patched vulnerability in the web version of Google Photos allowed malicious websites to expose where, when, and with whom your photos were taken. Background One trillion photos were taken in 2018 ...
Fake Browser Updates Push Ransomware and Bank Malware

Fake Browser Updates Push Ransomware and Bank Malware

Recently we came across a malicious campaign injecting scripts that push fake browser updates onto site visitors. This is what a typical fake update request looks like: Users see a message box ...
Google Analytics and Angular in Magento Credit Card Stealing Scripts

Google Analytics and Angular in Magento Credit Card Stealing Scripts

Over the last few months, we’ve noticed several credit card-stealing scripts that use variations of the Google Analytics name to make them look less suspicious and evade detection by website owners. The ...
Loading...