look mom HR application look mom no job

TLDR I have recieved a legit Zoom doc email from HR “while on job hunt” . It redirected to a site with a fake “bot protection” gate and then to a Gmail credential phish. The attackers exfiltrate creds live over WebSocket and even validate them in the backend. Keep reading for detailed analysis. look mom HR application look mom no job Okay, this is kind of funny (in a “please tell me this is not my life” way).
Read more →

Magecart Skimmer Analysis: From One Tweet to a Campaign

Starting Point It all began with a tweet: sdcyberresearch on X This tweet hinted at a Magecart-style campaign involving malicious JavaScript injection to skim payment data. Initial Sample The script was hosted at: https://www.cc-analytics[.]com/app.js The original code was heavily obfuscated: (function() { function _0x1B3A1(_0x1B563, _0x1B3FB, _0x1B455, _0x1B509, _0x1B4AF, _0x1B5BD) { _0x1B4AF = function(_0x1B3A1) { return (_0x1B3A1 < _0x1B3FB ? '' : _0x1B4AF(parseInt(_0x1B3A1 / _0x1B3FB))) + ((_0x1B3A1 = _0x1B3A1 % _0x1B3FB) > 35 ?
Read more →

Announcing API for Cloud Intel Atomic Indicators

We are excited to announce the launch of our new API for Cloud Intel Atomic Indicators, a tool designed to provide essential data on malicious IP addresses. This API is a step forward in our commitment to enhancing cybersecurity and is available free of charge. Behind the Scenes: Cloudflare Infrastructure Our API leverages the robust Cloudflare infrastructure, utilizing Cloudflare Workers for efficient handling of API requests, Cloudflare KV Store for secure key management, and Cloudflare R2 for reliable data storage.
Read more →