There are a variety of email hygiene technologies, and wrapping one's head around them all is challenging.

Enter your business email address to receive an instant automated report for your company's posture. We'll analyze SPF, DKIM, DMARC, and other factors for you automatically.

You'll receive a simple rating, iterative guidance where needed, and a comparison against the Fortune 500.

Check out the FREE Email Hygiene Analysis.

InQuest Email Security Assessment

This month we harvested 959 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 316 (33%), and Google missed 369 (38%). The distribution of misses by file type is depicted below:

InQuire for a free, personalized email security assessment!

Latest InQuest Blog Posts

Don’t Get Caught Under The MistleTOAD

Posted on 2022-11-28 by Chase Sims

InQuest Labs has observed an uptick in TOAD (Telephone-oriented attack delivery) threat actors targeting personal and business email addresses, presumably in line with the coming holiday shopping season. Based on our research efforts, we have observed that they employ multiple team members to execute this attack. The threat actors themselves refer to these components as “customer support” and “the security team”

InQuest Labs Research Spotlight

Catherine

Catherine is a blue team security framework created to make retrieving data, decoding data, and overall defense operations easier.

DocIntel

DocIntel is an open-source centralized knowledge base for your threat intelligence. It makes information available to all team members, facilitate searches, and encourage collaboration.

Maltrail

Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails.

Global Security Events

Invisible npm malware – evading security checks with crafted versions

The npm CLI has a very convenient and well-known security feature – when installing an npm package, the CLI checks the package and all of its dependencies for well-known vulnerabilities.

Attacker Uses a Popular TikTok Challenge to Lure Users Into Installing Malicious Package

A trending TikTok challenge called “Invisible Challenge” where the person filming it poses naked while using a special video effect called “Invisible Body.” Attackers post TikTok videos with links to a fake software called “unfilter” that claims to be able to remove TikTok filters on videos shot while the actor was undressed.

Emotet coming in hot

Emotet is back again with a new campaign displaying many characteristics of older runs, including the use of Auto_Open macros inside XLS documents. Cisco Talos has observed an increased activity of spam distributing this new strain beginning in early November 2022.

Useful Links

Support

Social

Twitter

GitHub

InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.

Unsubscribe here.