Posted on 2022-09-02Pedram Amini
The average Internet user sees a harmless file that contains something to be read, viewed, or run - either for pleasure or as a responsibility. They just want to get on with their daily task list. Attackers, just as drug smugglers, see this complacency - vehicles where illegal substances can be hidden from view in the undercarriage, a door panel, or some other area of a vehicle that no one commonly (or easily) checks on a moment-by-moment basis. Next thing you know, you’ve been phished, or ransomware has locked up your business.
Posted on 2022-08-31Pedram Amini
The threat landscape is said to be changing all the time. But is it really? In some ways yes, in some ways no. Let’s peel this back a bit - as it is really easy to get lost in all the factoids packed into each year’s Verizon DBIR, let alone the cacophony of vendor messages bombarding your eyes and ears at major cybersecurity venues like RSA or BlackHat. Now before I start, let me say, we obviously realize cyberspace is inordinately complex - universal attack surface, human error, motivated and skilled adversaries - we all know the tropes.
Posted on 2022-08-29David Ledbetter
In a previous post, we discussed the “@” symbol used to separate an apparent legitimate URL from the real target. In this case, there has been a small flood using the URL of “http://jmcglone.com@” with many different URLs or IP addresses after the “@” symbol. If we look at the VirusTotal information for this page, we see the online scan says it is clean and that it has also been around for ten years.
Posted on 2022-08-18David Ledbetter
Follow along through the dissection and analysis of an oddly obfuscated maldoc that ultimately delivers the well-known GOZI ISFB banking trojan.
Posted on 2022-08-17Michael Arcamone
We are excited to announce File Detection and Response (FDR) as the new moniker for InQuest solutions. I’d like to give you a little background on how this came about. As most of our readers know, InQuest is all about Deep File InspectionTM (DFI) and RetroHuntingTM, these two core technologies are what sets InQuest solutions apart from other file analysis solutions on the marketplace.