Blog

Email-based attacks in the COVID-19 era

Email-based attacks in the COVID-19 era

Since life in the shadow of the Covid-19 pandemic became “new normal”, we at OP Innovate have seen an excess of business email compromises (BEC) incidents. As the pandemic played out across the globe, workers got vaxxed and IT departments got used to this “new normal”, we genuinely hoped we’d see a drop in this

Read More
Who’s the Boss?

Who’s the Boss?

Cyber Incident Response Pay2key – December 2020 During the last 10 days, OP Innovate has handled a number of cyber incidents resulting from the Iranian ‘Pay2key’ campaign. This intelligence gathering and ransomware campaign has targeted over 80 Israeli companies thus far and if successful, would have paralyzed significant sectors of Israeli industry. Incident Response Methodology

Read More
Innovative Incident Response Framework

Innovative Incident Response Framework

“If you want peace, prepare for war” This article is one of a series of articles revealing our Incident Response Framework, including juicy examples from past scenarios.  Click to follow us This article in a minute In this article, we share our experiences handling cyber incidents, and the sweeping effects our intervention has had on

Read More
DLL Injection Attack in Kerberos NPM package

DLL Injection Attack in Kerberos NPM package

Written by: Dan Shallom, Cyber-security expert at OP Innovate.  TL;DR There is a need for awareness of the potential risks of using open-source code Introducing the DLL preloading vulnerability we discovered on Kerberos. Mitigation & helpful tools and utilities. https://www.npmjs.com/advisories/1514 The CVE: https://nvd.nist.gov/vuln/detail/CVE-2020-13110  For those who are not familiar with NPM (Node Package Manager), it is

Read More

Broken Access Control in REST APIs – Shields Up 🛡️ !

Date: 7th November 2022 Written by: Dan Shallom, Director of Research at OP Innovate.  TL;DR Overview & Coverage Unfortunately, I have a long relationship with Broken Access Control (BAC) in most of its forms. As a research leader, I often encounter critical security flaws that have one thing in common – they are all the

Read More

“Are you using Slack, WhatsApp, Telegram or other DM apps for work? congrats you are in a critical cyber risk”

Intro  As technology advances, we tend to think that advances in security should run in parallel. This is only partly true. End to-end encryption is now standard in instant messaging chats. Bug bounty programs are commonplace, with companies handsomely rewarding ethical hackers who report software flaws. Companies are hiring security teams to track bugs. However,

Read More

How I found a CVE in a 4 milion (!) active users of WordFence

I just registered my first CVE. Here is the background story. One of our goals at OP Innovate is to protect our clients and partners at all times. During a recent penetration testing engagement, the testing scope included a WordPress website. So I decided to channel some effort into WordPress plugins where a vulnerability could

Read More

Under the hood of a Smishing campaign

Earlier today our OP Innovate research team received yet another Smishing attempt asking them to provide credit card details.  The SMS looks like a legitimate message from the Israeli post offices and even contains a correctly formatted tracking number: החבילה שלך: RU0041902037Z‌ מוכן לאיסוף, אנא לחץ על הקישור והשלם את התשלום: https://2u.pw/MT5To The message requests

Read More
The Art of the Red Team

The Art of the Red Team

This article pulls together some of the tactics and techniques used by OP Innovate researchers during a red team exercise. Please note, tools, tactics and techniques are described below for educational purposes only! What is Red Teaming During a red team/blue team cybersecurity simulation, the red team mimics the role of the adversary, attempting to

Read More

N3tw0rm IOCs

Updated: 15:00 GMT 09/05/21 A new ransomware attack group called N3tw0rm is claiming to have penetrated the network of several Israeli companies included Veritas, an international shipping and logistics company, Ecolog, an infrastructure engineering company, and Israel’s branch of clothing retailer H&M. In a departure from previous behaviour, a source familiar with the matter stated

Read More
Prototype Pollution high vulnerability in ‘mixme’ NPM package

Prototype Pollution high vulnerability in ‘mixme’ NPM package

TL;DR Learn about JavaScript Prototypes Learn about Prototype Pollution Introducing the Prototype Pollution vulnerability that OP Innovate discovered on mixme. Mitigation & helpful tools and utilities. https://nvd.nist.gov/vuln/detail/CVE-2021-28860 ; https://nvd.nist.gov/vuln/detail/CVE-2021-29491 https://www.npmjs.com/advisories/1668 NPM (Node Package Manager) is a gigantic software registry that contains hundreds of thousands of open source Node.js projects in the form of packages. As

Read More
Halloween and Cyber-Security: Malware in Disguise

Halloween and Cyber-Security: Malware in Disguise

TL;DR: Intro to malware The art of disguise – learn about how malware hides itself Ready to look at some real malware? Don’t be a scaredy cat! ♫ Who you gonna call? Us, of course. Ghostly greetings one and all. On Halloween night, children the world over dress up in scary costumes and prowl from

Read More
Under Cyber Attack? Click Here