Join InQuest Live, tomorrow 3/30 at 1 pm ET, for “Think Before You Click: How Your Files Are Exposing You to Malware Every Day,” as we discuss why file-borne threats should be your number one priority for cybersecurity in 2023.

During this webinar, industry experts will review the most infamous file-borne attacks, highlight recent malware tactics, and discuss what’s in store for the future of cybersecurity.

What you’ll learn:

What you can do to close the end-user gap that threat actors are continuously striving to breach every day
How to stay ahead of the game while protecting your organization from cyberattacks with Deep File Inspection (DFI).

Reserve Your Spot

InQuest Email Security Assessment

This month we harvested 648 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 153 (24%), and Google missed 235 (36%). The distribution of misses by file type is depicted below:

Want to validate the efficacy of your email security stack? InQuire here for a one-month free email attack simulation

InQuest Latest Blog Posts

Credential Caution: Exploring the New Public Cloud File-Borne Phishing Attack

Posted on 2023-03-22 by Darren Spruell

New malicious documents named with a payment/invoice theme contain an image that is hyperlinked in an attempt to draw clicks to a phishing site. The impact of this threat activity is the compromise of user credentials. Recently, InQuest Labs analysts responded to a specific credential phishing attack discovered by a municipal government organization. Discover our tips organizations should consider to protect users and their credentials.

InQuest Labs Research Spotlight

Secretive

Secretive is an app for storing and managing SSH keys in the Secure Enclave. It is inspired by the sekey project, but rewritten in Swift with no external dependencies and with a handy native management app.

Network Flight Simulator

flightsim is a lightweight utility used to generate malicious network traffic and help security teams to evaluate security controls and network visibility. The tool performs tests to simulate DNS tunneling, DGA traffic, requests to known active C2 destinations, and other suspicious traffic patterns.

ChatDoctor

ChatDoctor is a next-generation AI doctor model that is based on the LLaMA model. The goal of this project is to provide patients with an intelligent and reliable healthcare companion that can answer their medical queries and provide them with personalized medical advice.

Global Security Events

New CISA tool detects hacking activity in Microsoft cloud services

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has released a new open-source incident response tool that helps detect signs of malicious activity in Microsoft cloud environments. Known as the 'Untitled Goose Tool' and developed in collaboration with Sandia, a U.S. Department of Energy national laboratory, this Python-based utility can dump telemetry information from Azure Active Directory, Microsoft Azure, and Microsoft 365 environments.

Journalist plugs in unknown USB drive mailed to him—it exploded in his face

Five Ecuadorian journalists have received USB drives in the mail from Quinsaloma. Each of the USB sticks was meant to explode when activated. Upon receiving the drive, Lenin Artieda of the Ecuavisa TV station in Guayaquil inserted it into his computer, at which point it exploded.

Suspected Chinese Campaign to Persist on SonicWall Devices, Highlights Importance of Monitoring Edge Devices

Mandiant, working in partnership with SonicWall Product Security and Incident Response Team (PSIRT), has identified a suspected Chinese campaign that involves maintaining long term persistence by running malware on an unpatched SonicWall Secure Mobile Access (SMA) appliance.

Useful Links

Support

Social

Twitter

GitHub

InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips, and tools. Subscribe here.

Unsubscribe here.