First, we've just launched a new revision of the portal that includes a self-service OAUTH sign-up. Your now "legacy" API keys will still work in any scripts which talk to the API directly, but if you're interfacing through the UI, you'll need to re-register. Do let us know if there are any issues, and all feedback is welcome. We are already hard at work on the next revision, which focuses on expanded search capabilities, improved performance, and access to all file types within our corpus, as opposed to just Office documents. Stay tuned.

Second, we've launched a dedicated section for an ongoing research project we call "The Trystero Project." In a nutshell, we're leveraging our daily harvest of malware (not just the Office documents) to compare the efficacy rates of Google vs. Microsoft regarding email security. It's a neat experiment, and the trophy goes back and forth between the two. Please take a look at our live dashboards, read more from the linked blogs, listen in on the podcast, or watch our CTO Pedram Amini's presentation on the experiment. One interesting freebie atop of this experiment is extending this assessment to any corporate domain.

InQuest Mail Provider Comparison

This month we tested 12,196 malicious file samples against Google and Microsoft's email defenses, and here's what made it through:

1,775 (14.5%) Missed

GSuite

2,044 (16.7%) Missed

O365 ATP + Phishing

InQuire for a free, personalized email security assessment!

Latest InQuest™ Blog Posts

IcedID: 07.07.21

Posted on 2021-07-19 by Dmitry Melikov

Email-borne pathogens frequently commence with the inclusion of a malicious document. This long-running trend continues to pose a severe threat to the security of organizations and users. Criminals are constantly improving their methods and looking for new ways to compromise victims. Payload trends change over time, with Ransomware being one that is capturing many headlines.

Espionage Utilizing Mobile Devices

Posted on 2021-07-30 by Dmitry Melikov

Pegasus is an advanced cyber-espionage tool that includes plenty of functionality that allows you to spy on mobile users. Cybersecurity researchers are not aware of many of the vectors that the team uses to identify victims. One of them is sending the user a malicious link that exploits a specific vulnerability to install the implant. It is not a problem for them to know the victim's location using the GPS locator function. The attackers get access to the phonebook and also to the files stored on the victim's device. They can read SMS messages and view the call history.

InQuest™ Labs Research Spotlight

PyWhat

Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text, and it'll tell you what it is!

BruteShark

BruteShark is a Network Forensic Analysis Tool that performs deep processing and inspection of network traffic. It includes: password extracting, building a network map, reconstruct TCP sessions, and more.

Malwoverview

Malwoverview.py is a first response tool for threat hunting, which performs an initial and quick triage of malware samples, URLs, IP addresses, domains, malware families, IOCs, and hashes.

Global Security Events

Operation SpoofedScholars: A Conversation with TA453

Masquerading as UK scholars with the University of London’s School of Oriental and African Studies (SOAS), the threat actor TA453 has been covertly approaching individuals since at least January 2021 to solicit sensitive information.

CISA’s Top 30 Bugs: One’s Old Enough to Buy Beer

In a perfect world, CISA would laminate cards with the year’s top 30 vulnerabilities: You could whip it out and ask a business if they’ve bandaged these specific wounds before you hand over your cash. This is not a perfect world. There are no laminated vulnerability cards.

NSA shares guidance on how to secure your wireless devices

The US National Security Agency (NSA) published guidance on how to properly secure wireless devices against potential attacks targeting them when traveling or working remotely.

Useful Links

Support

Social

Twitter

GitHub

InQuest™ Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.

Unsubscribe here.