InQuest Blog

Posted on 2021-11-02 by Dmitry Melikov
We found a wave of phishing documents that contained a very interesting lure. We researched the tactics of this attack in more depth and discovered some unique TTPs including the stage-2 blogspot service is marked as adult content requiring that you must be logged in as an authorized user with an account not less than 1 year old
Posted on 2021-10-27 by Isabelle Quinn
In Part 1 of the Email Security Blog series, we discuss how email works. Read through the process, a description of different mail protocols, and some key terminology. The second part of the series will cover how the InQuest Email Security capability is installed, while the final part will cover the features to include detection or prevention for ransomware, VIP impersonation, phishing, password-protected attachments, invoice fraud, crypto scams, brand impersonation, and other forms of ever-evolving social engineering.
Posted on 2021-10-19 by Dmitry Melikov
A few days ago, we discovered a wave of phishing emails with an attached document. The fact is that a considerable number of samples had zero detection on the VT service. While several files had no AV detection for some time, we decided to focus on this wave and explore it in more detail.
Posted on 2021-09-29 by Dmitry Melikov
Protecting an organization from today's cyber threats is not a simple and extensive task. The threat landscape is constantly changing, requiring a flexible approach to defense. The threats, techniques and vulnerabilities that cybercriminals exploit may be unknown to organizations that provide protection to their users. This is a prime example of the exploitation of a critical vulnerability. An exploit that was found in the wild.
Posted on 2021-09-13 by Nick Chalard and Dmitry Melikov
As we roll into autumn and the season changes, so does the threat landscape. The emergence of new CVE signals another arms race with both sides vying for effectively leveraging the exploit and understanding how to mitigate the effects respectively. As with all Common Vulnerabilities and Exposures, comes questions such as “How does this affect me or my organization?” and “What can I do to mitigate this?” The focus of this blog is to explore these concerns as well as provide further context surrounding CVE-2021-40444 and the initial maldoc delivery

Blog Archive

Subscribe to InQuest Insider

Subscribe

* indicates required