Posted on 2021-12-28Dmitry Melikov
On December 9, 2021, a vulnerability (CVE-2021-44228) was published to the global information security community. Logging utility Log4j (version 2.0 to 2.15.0-rc2 version) contained a critical remote code execution (RCE) vulnerability, which was dubbed Log4Shell. If a threat actor manages to execute an exploit on a vulnerable machine, they are able to execute arbitrary code and potentially gain full control over the system.
Posted on 2021-12-20Nick Chalard
With the holiday season upon us and Log4j-nia still keeping most of us awake at night, we want to revisit an old chum who continues to operate in full swing amidst the chaos. With fresh tactics at their disposal, Dridex continues to target large organizations with somewhat elaborate lures to ensure user interaction and infection. On Monday, December 15th we noticed an uptick in the amount of verified malware hiding behind password-protected Microsoft Excel spreadsheets, specifically ones containing the dated "macrosheet" functionality.
Posted on 2021-11-23Dmitry Melikov
How does fishing work in real life? The fisherman chooses a suitable place for fishing, he chooses the right tools; a fishing rod or nets, and he also needs to choose the right bait. When everything is ready, he can expect a good degree of success. In fact, fishing in cyberspace is not that different from fishing in real life. A threat actor needs to choose the right tools. Depending on the purpose, he can use different tools; such as bankers to steal money or espionage tools to steal data. A threat actor can also use third-party tools such as Cobalt Strike or Metasploit, everything will depend on the goals.
Posted on 2021-11-02Dmitry Melikov
We found a wave of phishing documents that contained a very interesting lure. We researched the tactics of this attack in more depth and discovered some unique TTPs including the stage-2 blogspot service is marked as adult content requiring that you must be logged in as an authorized user with an account not less than 1 year old
Posted on 2021-10-27Isabelle Quinn
In Part 1 of the Email Security Blog series, we discuss how email works. Read through the process, a description of different mail protocols, and some key terminology. The second part of the series will cover how the InQuest Email Security capability is installed, while the final part will cover the features to include detection or prevention for ransomware, VIP impersonation, phishing, password-protected attachments, invoice fraud, crypto scams, brand impersonation, and other forms of ever-evolving social engineering.