Blog
The latest from Swascan: news, stories and events from the company and the Cyber world.
Lockbit and Babuk Ransomware Data Leaks analysis
Intro: The evolution of ransomware over the last five years has certainly been characterised by an unprecedented rate of growth and innovation. The transformation of what were almost ‘artisanal’ and not particularly targeted operations into full-fledged online crime franchises has no comparison in this world’s (albeit recent) past. Towards the end of 2022, we witnessed a […]
DISCOVER MORESwascan partners with Cloudflare to enhance SoC services
Swascan partners with Cloudflare to enhance SoC services and bring Cloudflare One Zero Trust solutions to the Italian market Milan XXXX 2022 – Swascan, the innovative Cyber Security company, has announced a new go-to-market partnership with Cloudflare, Inc. (NYSE: NET), the security, performance, and reliability company helping to build a better Internet. The two companies […]
DISCOVER MOREMalware analysis: Babuk Ransomware (mathematical curve analysis)
In this analysis, the methodology and encryption/decryption algorithm used by a sample of Babuk Ransomware (Linux variant) were considered. Babuk originated in 2021, the gang also known as ‘Vasa Locker’. In April of that year, they had their highest moment of ‘fame’, when the group went so far as to threaten the Metropolitan Police Department […]
DISCOVER MORESilent ETH Miner Builder: Malware analysis
Author: Fabio Pensa In this analysis it has been taken into consideration the builder of a Silent ETH Miner sample, whichperforms mining operations and it does “process masking” techniques by pointing to terminate somespecific processes which, as we will see next, are related to Process Explorer, Process Hacker, TaskManager and Performance Monitor (to render more […]
DISCOVER MOREReport: DarkWeb Analysis 2022
Today more than ever, the Dark Web is a parallel world on the internet, operating under the premise of greater anonymity and a libertarian philosophy in terms of rules. Obviously, you cannot access the dark web via a simple Google search. You need to use a specialbrowser called TOR, where communication is encrypted and each […]
DISCOVER MORESecurity Advisory: Yeastar N412 and N824 Configuration Panel Account Takeover (CVE-2022-47732)
Swascan Offensive Security Team has identified several vulnerabilities during a Penetration Test on Yeastar PBX Configuration Panel series N. After contacting the vendor on multiple occasions no official reply has been issues as of 19/10/2022. Swascan has published this responsible vulnerability disclosure well after the 90-day grace period recommended for this activity. YEASTAR Yeastar is […]
DISCOVER MORELockBit 3.0: Decryptor Analysis
In this analysis, conducted by Soc Team Swascan, the decryptors of “LockBit 3.0” (Windows version) and “LockBit” (Linux variant) were analyzed. This was possible thanks to a leak that appeared in the last few hours on GitHub. Just a few days ago, on September 17, the same Criminal Hacker gang announced that it had awarded […]
DISCOVER MORESecurity Advisory: Inaz Comunication System HEXPERIENCE v8.8.
Swascan Offensive Security Team has identified 1 vulnerability on Inaz HExperience v8.8.0 application. The vulnerability has been fixed in version 8.9.0. INAZ INAZ is the Italian company specialized in software and solutions for administering, managing and organizing work. It designs, manufactures and markets products, tools and services and continues to do research and innovation, collaborates […]
DISCOVER MORERansomware Report: trends and analysis Q2 2022
As speculated in the report published by Swascan analysing ransomware activity in January-March 2022, ransomware was also confirmed as the number one threat in the global computer security landscape in Q2 of the same year. The second quarter of 2022 actually shows how ransomware gangs remained “enemy number one” in terms of threats and continued […]
DISCOVER MORELockBit 3.0: Dynamic malware analysis
Author: Fabio Pensa LockBit 2.0 ransomware, during the last weeks, has been updated through the releasing of a new version and the announcing of a bug bounty program: in exchange of money it is possible to report to the developers of the threat possible bugs and security vulnerabilities to make it as evasive as possible […]
DISCOVER MORE