Date: 7th November 2022 Written by: Dan Shallom, Director of Research at OP Innovate. TL;DR Overview & Coverage Unfortunately, I have a long relationship with Broken Access Control (BAC) in most of its forms. As a research leader, I often encounter critical security flaws that have one thing in common – they are all the
Read MoreIntro As technology advances, we tend to think that advances in security should run in parallel. This is only partly true. End to-end encryption is now standard in instant messaging chats. Bug bounty programs are commonplace, with companies handsomely rewarding ethical hackers who report software flaws. Companies are hiring security teams to track bugs. However,
Read MoreI just registered my first CVE. Here is the background story. One of our goals at OP Innovate is to protect our clients and partners at all times. During a recent penetration testing engagement, the testing scope included a WordPress website. So I decided to channel some effort into WordPress plugins where a vulnerability could
Read MoreEarlier today our OP Innovate research team received yet another Smishing attempt asking them to provide credit card details. The SMS looks like a legitimate message from the Israeli post offices and even contains a correctly formatted tracking number: החבילה שלך: RU0041902037Z מוכן לאיסוף, אנא לחץ על הקישור והשלם את התשלום: https://2u.pw/MT5To The message requests
Read More
This article pulls together some of the tactics and techniques used by OP Innovate researchers during a red team exercise. Please note, tools, tactics and techniques are described below for educational purposes only! What is Red Teaming During a red team/blue team cybersecurity simulation, the red team mimics the role of the adversary, attempting to
Read More
Since life in the shadow of the Covid-19 pandemic became “new normal”, we at OP Innovate have seen an excess of business email compromises (BEC) incidents. As the pandemic played out across the globe, workers got vaxxed and IT departments got used to this “new normal”, we genuinely hoped we’d see a drop in this
Read MoreUpdated: 15:00 GMT 09/05/21 A new ransomware attack group called N3tw0rm is claiming to have penetrated the network of several Israeli companies included Veritas, an international shipping and logistics company, Ecolog, an infrastructure engineering company, and Israel’s branch of clothing retailer H&M. In a departure from previous behaviour, a source familiar with the matter stated
Read More