InQuest, a leader in the development of cutting-edge cybersecurity solutions, and Quad9, the non-profit DNS service that prioritizes user privacy and security, today announced their partnership to integrate InQuest’s Insights Threat Intelligence feeds into Quad9’s DNS filtering service.

This collaboration marks a pivotal step forward in the global fight against cyber threats, offering Quad9 users complimentary access to one of the most sophisticated threat intelligence feeds available. During rigorous testing phases, InQuest’s intelligence contributed to over 20 million daily blocks of potentially harmful domains, showcasing the immediate impact of this partnership on enhancing online security for individuals and organizations worldwide.

Find the press release here .

InQuest Email Attack Simulation

This month we harvested 224 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 141 (63%), and Google missed 81 (36%). InQuest, MailTAC for reference, missed 5 (0.2%). The distribution of misses by file type is depicted below:

InQuest EAS includes samples sourced from 50+ industry leading blogs. This month, we sourced 434 samples from these blogs for inclusion in attack simulation.

Want to validate the efficacy of your email security stack? InQuire here for a one-month free email attack simulation.

100 Days of YARA 2024: It's a Wrap.

Posted on 2024-04-10 by Pedram Amini

The third year of the #100DaysOfYARA challenge has wrapped! Check out our midway point write-up from February 19th,100 Days of YARA 2024: Halfway Point, where we covered an overview of the challenge and highlighted various contributions from the community. 100 days of community contribution is certainly a challenge.

Strengthening Cybersecurity: InQuest Insights & Quad9 Partnership

Posted on 2024-04-11 by Andre Ludwig

As cyber threats grow more sophisticated, the need for advanced defensive strategies becomes critical. The partnership between InQuest.net and Quad9.net lays a foundation for continual protection and innovation in the Threat Intelligence space. InQuest, with its advanced threat intelligence feeds, namely InQuest Insights C2 and InQuest Insights TI, has begun supplying Quad9 with crucial data. This data includes indicators of compromise (IoCs) related to exploit sites, malware command and control (C2) servers, phishing domains, and more. By integrating these feeds into Quad9’s DNS filtering service, the collaboration aims not just to react to threats but to proactively block them, protecting users from the myriad dangers lurking online.

InQuest Labs Research Spotlight

DNSViz

DNSViz is a tool suite for analysis and visualization of Domain Name System (DNS) behavior, including its security extensions (DNSSEC).

Monocle

Monocle is tooling backed by a large language model for performing natural language searches against compiled target binaries. Monocle can be provided with a binary and a search criteria (e.g., authentication code, vulnerable code, password strings, and more), and it will decompile the binary and use its in-built LLM to identify and score areas of the code that meet the criteria.

Gungnir

Gungnir is a command-line tool written in Go that continuously monitors certificate transparency (CT) logs for newly issued SSL/TLS certificates. Its primary purpose is to aid security researchers and penetration testers in discovering new domains and subdomains as soon as they are issued certificates, allowing for timely security testing.

Global Security Events

A CUNNING OPERATOR: MUDDLING MEERKAT AND CHINA’S GREAT FIREWALL

This paper introduces a perplexing actor, Muddling Meerkat, who appears to be a People’s Republic of China (PRC) nation state actor. Muddling Meerkat conducts active operations through DNS by creating large volumes of widely distributed queries that are subsequently propagated through the internet using open DNS resolvers.

I installed 100 apps and left my iPhone idle: it reached out to Russia

Your iPhone does not go to sleep with you – it buzzes with activity, accessing your data and sensors and beaming back and forth mostly with Apple, but sometimes also reaching out to servers in Russia. At least if you have the popular apps.

ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices

ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are the perfect intrusion point for espionage-focused campaigns. As a critical path for data into and out of the network, these devices need to be routinely and promptly patched; using up-to-date hardware and software versions and configurations; and be closely monitored from a security perspective.

Useful Links

Support

Social

X.com

GitHub

InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips, and tools. Subscribe here.

Unsubscribe here.