🕷️ Are you breached? 🕷️ with @RESecurity

Enter your domain at our booth at GISEC and let Resecurity find out how much of your sensitive info is already exposed on the dark web.

Get ready to be shocked by what you discover...

🔒 Cybersecurity starts with Awareness.
📍 Stand B145, Hall 6, Dubai World Trade Centre.

@Resecurity | @emt Distribution META | @emt Distribution META

#DarkWebScan #CyberThreats #GISEC2025 #emtDisti #Resecurity #CybersecurityAwareness

China-based SMS Phishing Triad Pivots to Banks

https://krebsonsecurity.com/2025/04/china-based-sms-phishing-triad-pivots-to-banks/

#Ne'er-Do-WellNews #CSISSecurityGroup #ALittleSunshine #LatestWarnings #TheComingStorm #googleandroid #SmishingTriad #WebFraud2.0 #FordMerrill #SecAlliance #XinxinGroup #ZachEdwards #Lighthouse #mastercard #Resecurity #SilentPush #Citigroup #iMessage #Darcula #ProDaft #Paypal #Stripe #Z-NFC #Visa

Ah, it seems that #Resecurity wished #BlackLock aka #ElDorado a belated Merry Xmas and season's greetings by intruding into their infrastructure.

It's an interesting read.

https://www.resecurity.com/blog/article/blacklock-ransomware-a-late-holiday-gift-with-intrusion-into-the-threat-actors-infrastructure

#disruption #OffensiveCyber #infosecurity #ransomware

Cyberespionage groups or cybercriminals? UAV and C-UAV vendors and buyers are increasingly targeted.

#Resecurity had an interesting post on the topic.

As an example: about 1 GB of compressed #FortemTechnologies internal files wound up in the hands of an adversary, but Fortem denies there was any breach, claiming (wait for it):

" There was no breach. The files in question were attached to emails that had been shared outside of our network."

Shared intentionally with an adversary or cybercriminal? I tend to doubt that....

https://databreaches.net/2025/02/19/cyberespionage-groups-or-cybercriminals-uav-and-c-uav-vendors-and-buyers-are-increasingly-targeted/

#cyberespionage #cyberwar #cybercrime #UAV #UAS

How Phished Data Turns into Apple & Google Wallets

https://krebsonsecurity.com/2025/02/how-phished-data-turns-into-apple-google-wallets/

#CSISSecurityGroup #AllAboutSkimmers #ALittleSunshine #TheComingStorm #AndyChandler #ThreatFabric #WebFraud2.0 #FordMerrill #SecAlliance #GrantSmith #Resecurity #ghosttap #iMessage #smishing #google #M3AAWG #apple #ZNFC #RCS

Resecurity has identified a new version of JSOutProx, a sophisticated attack framework that targets financial institutions in the APAC (Asia-Pacific) and MENA (Middle East and North Africa)regions. This malware, which uses JavaScript and .NET, was first spotted in 2019 and has been linked to phishing campaigns by SOLAR SPIDER. It exploits .NET (de)serialization to interact with a core JavaScript module on the victim's machine, allowing it to load malicious plugins for further attacks.

Before this new campaign, JSOutProx was used in targeted attacks against Indian Cooperative Banks and Finance Companies, with notable incidents in April 2020 involving Indian government establishments and banks. The attackers used malicious archive file attachments containing JavaScript and Java-based backdoors, which were linked to the JSOutProx RAT.

A significant spike in activity was observed around February 8, 2024, when a major system integrator in Saudi Arabia reported an incident targeting customers of one of their banks. The attackers used impersonation tactics, including fake SWIFT payment notifications and Moneygram templates, to trick victims into executing malicious code. Most of the identified payloads were hosted on GitHub repositories, with some being disguised as PDF files.

In March 2024, Resecurity noticed a shift in the attackers' tactics, with the use of GitLab instead of GitHub in a multi-stage infection chain. The attackers registered multiple accounts on GitLab and used them to deploy repositories containing malicious payloads. Once the malicious code was delivered, the actor removed the repository and created a new one, likely to manage multiple payloads and differentiate targets.

The increasing abuse of public cloud and web 3.0 services by threat actors to distribute malicious code is highlighted by the discovery of the new version of JSOutProx and its exploitation of platforms like GitHub and GitLab. This underscores the continuous evolution of cybercriminals' strategies and the relentless efforts of these actors to escalate global malicious campaigns. As these threats become more complex and widespread, Resecurity remains vigilant in tracking JSOutProx and protecting financial institutions and their customers globally from such activities.

https://www.resecurity.com/blog/article/the-new-version-of-jsoutprox-is-attacking-financial-institutions-in-apac-and-mena-via-gitlab-abuse

#cybersecurity #github #gitlab #JSOutProx #malware #payload #javascript #swift #moneygram #resecurity