Blog
Home > Resources > Blog

Blog

SMTP Multipass

In July 2020 7 Elements discovered a vulnerability in Rackspace that exposed all its global hosted email customers to the potential malicious use of their email domain by unauthorised actors. Malicious actors had the ability to leverage multiple accounts and pass security checks designed to detect spoofed emails. This was utilised in the wild to […]

Read More

Phish and Clicks

7 Elements have been assisting businesses in investigating cybersecurity incidents for over 10 years. We’ve seen a significant increase in phishing incidentsover the last 6 months, mostly as a direct result of the increased use of remote services such as Zoom and Microsoft Teams.  The increased use of these services results in the perfect environment for phishing, […]

Read More

Ryuk Ransomware

A recent client incident response engagement relating to a ransomware attack has led us here at 7 Elements to explore trends in attack vectors and malware strains. As part of the response, we took a deep dive into the Emotet and TrickBot malware strains used to support a Ryuk ransomware attack.  This included identification of […]

Read More

Zooming in on security

The business landscape has undergone a sudden, drastic shift to remote access, in order to cope with the current social isolation requirements. Commensurately, the usage of video conferencing applications has skyrocketed. Perhaps the video conference tool that has most benefited from this change in business model is Zoom. The company has seen a huge boost […]

Read More

BEC Attacks via LinkedIn Email

A new business email compromise (BEC) based campaign using compromised LinkedIn profiles to deliver content was identified by the team at 7 Elements today (7th November 2019). The campaign uses LinkedIn email to deliver a message enticing the user to follow a link, which would result in the user being prompted for credentials. The phishing […]

Read More

I know what you did this summer…

Introduction In a recent technical advisory that can be found here, 7 Elements discovered that it was possible to download valid boarding passes (not belonging to the user) for future flights that impacted all airlines using the Amadeus Check-in platform. This was due to a weakness within the application known as an IDOR vulnerability (Insecure […]

Read More

Facebook’s Burglary Shopping List

Whilst investigating the technical feasibility of scraping Facebook Marketplace to aid in the recovery of stolen goods, it was possible to identify sensitive data disclosing the exact location of the sale item. The Location data contained within the JSON responses of adverts made through the Facebook Mobile Application, seemed… a little specific. Which goes against […]

Read More

Best Customer Experience Award Nomination 2018

We are thrilled to have been nominated for the ‘Best Customer Experience’ award at the 2018 Scottish Cyber Awards! The Scottish Cyber Awards are back for their third year, and we are delighted to have been nominated for the ‘Best Customer Experience’ award. This nomination means even more to us because all recommendations are from […]

Read More

ZoneFox Collaboration

We are excited to announce our recent partnership with ZoneFox, to enhance our award winning Incident Response Service. At 7 Elements we work with clients across the globe, providing expertise in technical information assurance. We use an event-driven approach to Incident Response encompassing five key stages: situational awareness; establishing response parameters; resource deployment; establishing compromise […]

Read More

Threat Hunting

The sides from ‘Threat Hunting in the O365 Ecosystem’ given at the International Conference on Big Data in Cyber Security are now online and can be found here: . The video of the talk can be found here:

Read More