Twitter | Search | |
Jérôme Segura
Director of Threat Intelligence at Malwarebytes. Special interest for web threats.
8,563
Tweets
211
Following
9,671
Followers
Tweets
Jérôme Segura Aug 6
Replying to @eliyastein
No question about that. Glad to see browser vendors taking those seriously (and even assigning them CVEs)
Reply Retweet Like
Jérôme Segura Aug 6
Replying to @eliyastein
That one is from a campaign we both know about ;-) Probably that bug was there for a while but seeing the ZDNet post on the FF patch for evil cursor made me want to double check.
Reply Retweet Like
Jérôme Segura Aug 6
Reply Retweet Like
Jérôme Segura Aug 6
Replying to @jeromesegura
If you're lucky, only Firefox will crash. However it is nasty enough to crash the entire machine (bare metal, 16 GB of RAM) and cause a reboot.
Reply Retweet Like
Jérôme Segura Aug 6
New full working on latest version of Firefox (79.0) again using 'evil cursor' technique. The previous one (CVE-2020-15654) reported by Sophos was fixed in version 79 (ref: ). Filed a new bug report with Mozilla.
Reply Retweet Like
Jérôme Segura Aug 6
Inter skimming kit used in homoglyph attacks
Reply Retweet Like
Jérôme Segura retweeted
Affable Kraut Jul 31
Digital Skimming/ kits like Inter and mr.SNIFFA get lots of attention, but a lot of cards are skimmed using basic PHP backends. Let's take a look at a really simple kit that collects cards, manages data, and uploads JS, all in about ~120 lines of code. 1/7
Reply Retweet Like
Jérôme Segura retweeted
Catalin Cimpanu Jul 31
BREAKDOWN: How the FBI tracked down the Twitter hackers This is a timeline of the Twitter hack composed from the court documents that were published today.
Reply Retweet Like
Jérôme Segura retweeted
MB Threat Intel Jul 30
Malspam campaign caught using after service relaunch
Reply Retweet Like
Jérôme Segura Jul 24
Dossier Magecart/skimmers en 2 parties, suite à un entretien en 🇫🇷 avec Louis Adam de . 1) Passage en revue du problème et des enjeux: 2) Comment se protéger en tant que commerçant et client:
Reply Retweet Like
Jérôme Segura Jul 22
Reply Retweet Like
Jérôme Segura Jul 22
Replying to @twilio @serghei
However, I don't believe skimming was the purpose here and not sure why HookAds is mentioned either. HookAds (AKA Ebates) is a specific malvertising chain leading to EKs (RIG mostly, but also Fallout).
Reply Retweet Like
Jérôme Segura Jul 22
The redirect campaign in the incident is from a prolific traffic distributor dealing in malvertising, ad fraud, tech scams and at one point skimming. We covered it here: cc
Reply Retweet Like
Jérôme Segura retweeted
MB Threat Intel Jul 21
Chinese APT group targets India and Hong Kong using new variant of MgBot malware
Reply Retweet Like
Jérôme Segura Jul 18
Replying to @RachelTobac
I’d be curious to know how they were able to reach Twitter employees specifically. We all know how hard it is to get a hold of a human when wanting to solve an issue on the platform.
Reply Retweet Like
Jérôme Segura Jul 18
Replying to @RachelTobac
The phishing itself could be to drop malware (stealer) on the victim or simply harvest creds that lead them to other creds. I’d be inclined to think it’s the latter.
Reply Retweet Like
Jérôme Segura Jul 18
Replying to @RachelTobac
For sure. In their blog they make a reference to reinforcing phishing training, so that might have been the entry point. Trying to phish a number of Twitter employees and getting lucky with one of them.
Reply Retweet Like
Jérôme Segura Jul 18
Replying to @RachelTobac
“Mr. O'Connor said other hackers had informed him that Kirk got access to the Twitter credentials when he found a way into Twitter’s internal Slack messaging channel and saw them posted there, along with a service that gave him access to the company’s servers.” Source: NYT
Reply Retweet Like
Jérôme Segura Jul 17
Speaking of names, whatever happened to David Dede? ;-)
Reply Retweet Like
Jérôme Segura retweeted
MB Threat Intel Jul 17
The long-dreaded return of is here. IOCs and more in our blog:
Reply Retweet Like