D-Link Middle East “DLink-MEA” website is secretly mining cryptocurrencies


Bitcoin mining websites became the new fashion of 2017 and there is no dust on that but when it comes to compromise websites to host such fashion it becomes a headache (well to the consumers at least). Have you heard about KRACK the WPA2 vulnerability? If you did you probably was searching for your device/router vendor’s patch, no? if you are using D-Link products and living in the middle east and while looking for KRACK’s cure and the search results led you to D-LINKMEA.com website unfortunately you were mining Monero cryptocurrency!

In this blogpost we are taking you to a journey in one of our investigations!

Continue reading “D-Link Middle East “DLink-MEA” website is secretly mining cryptocurrencies”


List of IPs you should block in your SSH server

2 months ago we have installed some servers in countries such as Germany and Singapore in which constantly we are receiving automated SSH bruteforce attacks trying to compromise the root user mainly from countries like China, Argentina, Brasil, Ecuador, Taiwan, Korea and India. After analyzing the traffic, we disabled the root user but hours later we started receiving attacks with different users, then we proceed to block the usage of users like: admin, test, guest, info, oracle, testing, webmaster and user.

Continue reading “List of IPs you should block in your SSH server”


#OperationTakeDown: Netflix Phishing Attack & Analysis


Hi Folks,

Days ago, one of our clients received an email with the next subject in Spanish: “Problemas con tu membresia de Netflix” (Problems with your Netflix membership).
The email was in his SPAM folder with the follow caption: “Be careful with this message. It contains a suspicious link that has been used to steal people’s personal information. Unless you trust the sender, don’t click on links or reply with personal information.”
Thanks Google SPAM filters! But we aren’t sure if the rest of email service providers can flag the email as SPAM, maybe not because Google has a powerful spam filter. The first time we took down the malicious site, it appeared again in a few hours.
Here is what we found:

Continue reading “#OperationTakeDown: Netflix Phishing Attack & Analysis”


Cookie stuffing: How we are part of a fraud of millions of dollars


What is Cookie stuffing fraud?

Is an activity which allows actors online to defraud affiliate marketing programs by causing themselves to receive credit for purchases made by web users (for this case users who made an online purchase in Amazon, Walmart, eBay or any other Online Store), even if the affiliate marketer didn’t actively perform any marketing for the affiliate program. It occurs when a fraudulent publisher, tricks a web user’s browser into visiting an Online Store, that the web user didn’t intent to visit. This links causes to the Online Store to record that the publisher generated the “sale” and gives the fraudulent publisher credit for any purchases the web user might make.

Continue reading “Cookie stuffing: How we are part of a fraud of millions of dollars”


VoIP Security Analysis with Asterisk

Adopting new technologies such as VoIP by small, medium and large companies,
isn’t only  about the benefit representing a decrease in costs, is about an risk increase exposure too,
which can be reflected in the payment of  large sums of money , because (national or international)
calls made by people outside the company.