InQuest Blog

Posted on 2021-10-19 by Dmitry Melikov
A few days ago, we discovered a wave of phishing emails with an attached document. The fact is that a considerable number of samples had zero detection on the VT service. While several files had no AV detection for some time, we decided to focus on this wave and explore it in more detail.
Posted on 2021-09-29 by Dmitry Melikov
Protecting an organization from today's cyber threats is not a simple and extensive task. The threat landscape is constantly changing, requiring a flexible approach to defense. The threats, techniques and vulnerabilities that cybercriminals exploit may be unknown to organizations that provide protection to their users. This is a prime example of the exploitation of a critical vulnerability. An exploit that was found in the wild.
Posted on 2021-09-13 by Nick Chalard and Dmitry Melikov
As we roll into autumn and the season changes, so does the threat landscape. The emergence of new CVE signals another arms race with both sides vying for effectively leveraging the exploit and understanding how to mitigate the effects respectively. As with all Common Vulnerabilities and Exposures, comes questions such as “How does this affect me or my organization?” and “What can I do to mitigate this?” The focus of this blog is to explore these concerns as well as provide further context surrounding CVE-2021-40444 and the initial maldoc delivery
Posted on 2021-08-25 by Josiah Smith
The "Trystero Project" is our code name for an experiment that we're actively conducting to measure the security efficacy of the two largest mail providers, Google (Workspace, aka GSuite) and Microsoft (O365), against real-world emerging malware.
Posted on 2021-08-23 by Dmitry Melikov
A few days ago, we found an exciting Javascript file masquerading as a PDF that, upon activation, will drop and display a PDF (to maintain the ruse) as well as drop an executable. The document is a lure for the Korean Foreign Ministry document and its newsletter. The same attack was reported earlier by Malwarebytes in June.

Blog Archive

Subscribe to InQuest Insider

* indicates required

Already subscribed and want to unsubscribe? Please follow this link: Unsubscribe.