Showing posts from December, 2020

Operational Security Tips and Tricks

For my last blog of 2020, I wanted to share a short checklist for users and researchers to keep themselves secure on the internet. Many attackers cast a wide net and many of those that fail the basics get caught. Hopefully this guide will help those on the path to Operational Security (OPSEC): Social Media: Set social media accounts (e.g. Twitter, Facebook, Instagram, Tiktok) to private. Avoid using your real name when creating accounts. Avoid using identifiable personal pictures for profile pictures and cover pictures. Leave bio details blank and avoid sharing identifiable information. Do not check-in to locations or share your location for social media posts. Have a vetted list of friends/contacts that you permit to view your social media content.  Finally, personnel who work in cleared positions may often ask family members not to share pictures of you and prevent tagging.  Personal Security (PERSEC): Use more than one email account - ideally one for critical services like finances,

Analysis of Meyhod JavaScript Web Skimmers

  A new web skimmer, dubbed Meyhod, has been disclosed by RiskIQ. The malware (named after a typo in the code) appeared in October on several e-commerce sites, including the hair treatment company Bosley and the Chicago Architecture Center (CAC). While investigating the attacker's domain (jquerycloud[.]com) a bit further and other potential victims from this campaign were uncovered some months ago. This includes Doves Farm UK, The Fruit Company, Customer Earth Promos, and - due to the file names - potentially iCanvas or TFC: Active compromise of Skimmer 1: Identifier - sClass="yeikyd" - 'dovesfarm.js' (available here ) Skimmer 2: Identifier - sClass="frydbt" - 'icanvas.js' (available here ) Skimmer 3: Identifier - sClass="bfiyad" - 'tfc.js' (available here ) Skimmer 1 - Listener: Skimmer 2 and 3 - Listener: Skimmed Data: RC4 encryption: Data collected: Credit Card Number, Card Holder Name, CVV, expiry day, mont