Blog

Email-based attacks in the COVID-19 era

Email-based attacks in the COVID-19 era

Since life in the shadow of the Covid-19 pandemic became “new normal”, we at OP Innovate have seen an excess of business email compromises (BEC) incidents. As the pandemic played out across the globe, workers got vaxxed and IT departments got used to this “new normal”, we genuinely hoped we’d see a drop in this

Read More
Who’s the Boss?

Who’s the Boss?

Cyber Incident Response Pay2key – December 2020 During the last 10 days, OP Innovate has handled a number of cyber incidents resulting from the Iranian ‘Pay2key’ campaign. This intelligence gathering and ransomware campaign has targeted over 80 Israeli companies thus far and if successful, would have paralyzed significant sectors of Israeli industry. Incident Response Methodology

Read More
Innovative Incident Response Framework

Innovative Incident Response Framework

“If you want peace, prepare for war” This article is one of a series of articles revealing our Incident Response Framework, including juicy examples from past scenarios.  Click to follow us This article in a minute In this article, we share our experiences handling cyber incidents, and the sweeping effects our intervention has had on

Read More
DLL Injection Attack in Kerberos NPM package

DLL Injection Attack in Kerberos NPM package

Written by: Dan Shallom, Cyber-security expert at OP Innovate.  TL;DR There is a need for awareness of the potential risks of using open-source code Introducing the DLL preloading vulnerability we discovered on Kerberos. Mitigation & helpful tools and utilities. https://www.npmjs.com/advisories/1514 The CVE: https://nvd.nist.gov/vuln/detail/CVE-2020-13110  For those who are not familiar with NPM (Node Package Manager), it is

Read More

N3tw0rm IOCs

Updated: 15:00 GMT 09/05/21 A new ransomware attack group called N3tw0rm is claiming to have penetrated the network of several Israeli companies included Veritas, an international shipping and logistics company, Ecolog, an infrastructure engineering company, and Israel’s branch of clothing retailer H&M. In a departure from previous behaviour, a source familiar with the matter stated

Read More
Prototype Pollution high vulnerability in ‘mixme’ NPM package

Prototype Pollution high vulnerability in ‘mixme’ NPM package

TL;DR Learn about JavaScript Prototypes Learn about Prototype Pollution Introducing the Prototype Pollution vulnerability that OP Innovate discovered on mixme. Mitigation & helpful tools and utilities. https://nvd.nist.gov/vuln/detail/CVE-2021-28860 ; https://nvd.nist.gov/vuln/detail/CVE-2021-29491 https://www.npmjs.com/advisories/1668 NPM (Node Package Manager) is a gigantic software registry that contains hundreds of thousands of open source Node.js projects in the form of packages. As

Read More
Halloween and Cyber-Security: Malware in Disguise

Halloween and Cyber-Security: Malware in Disguise

TL;DR: Intro to malware The art of disguise – learn about how malware hides itself Ready to look at some real malware? Don’t be a scaredy cat! ♫ Who you gonna call? Us, of course. Ghostly greetings one and all. On Halloween night, children the world over dress up in scary costumes and prowl from

Read More
Offensive Campaign To Upgrade Your Cyber Resilience

Offensive Campaign To Upgrade Your Cyber Resilience

TL;DR:  Journey into the attack life cycle Make the most out of mimicking an offensive campaign to adopt a suitable cybersecurity plan Free tailored strategy for your organization Do you have a Cybersecurity strategy? Creating a planned and defined strategy is good advice for any challenge you face in your personal or professional life. Having

Read More
Social Engineering Under COVID-19

Social Engineering Under COVID-19

  As a leader of an organization you’re always trying to seize the next opportunity while avoiding unnecessary risks and threats. You can prepare clear strategies, build emergency plans and sometimes even purchase products that will keep your organization safe but most of the time you are so focused on the technological security solutions that

Read More
Don’t Let Hackers Hold Your Business for Ransom

Don’t Let Hackers Hold Your Business for Ransom

Ransomware is on the rise. It’s one of the biggest dangers facing small and medium-sized businesses (SMBs) today, especially as it doesn’t differentiate between the recently recruited intern and the seasoned CEO. Anyone can be fooled into opening that malicious attachment. So much so that ransomware is predicted to reach US$20 billion by 2021. Furthermore,

Read More
Under Cyber Attack? Click Here