Welcome to the 70th issue of the InQuest monthly newsletter! In this special edition, we're excited to spotlight one of our exceptional team members, Nick Chalard. Nick is a detection engineer on our Threat Intelligence team who began his journey with us as an intern and has since become an invaluable full-time employee. Known for his dedication, expertise, and accountability, Nick has significantly contributed to our mission of enhancing cybersecurity. Join us as we delve into his background, insights on detection engineering, and thoughts on the use of YARA for threat detection in an exclusive interview.

Read his interview

InQuest Email Attack Simulation

This month we harvested 120 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 65 (54%), and Google missed 71 (59%). InQuest, MailTAC for reference, missed 14 (11%). The distribution of misses by file type is depicted below:

InQuest EAS includes samples sourced from 50+ industry leading blogs. This month, we sourced 435 samples from these blogs for inclusion in attack simulation.

Want to validate the efficacy of your email security stack? InQuire here for a one-month free email attack simulation.

Employee Spotlight: Nick Chalard

Posted on 2024-06-27 by Josiah Smith

In this special employee spotlight, we are thrilled to introduce Nick Chalard, a detection engineer on our Threat Intelligence team at InQuest. Nick’s journey with us began as an intern, and he has since become a full-time team member, known for his dedication, expertise, and accountability. In this exclusive interview, Nick shares his background, insights on detection engineering, and thoughts on the use of YARA for threat detection. Read on to learn more about his valuable contributions and experiences in the ever-evolving field of cybersecurity.

Ever Rising Threat of Modern Data Extortion

Posted on 2024-06-28 by William MacArthur

Glancing at the present-day threat landscape, ransomware is top of mind whenever an incident starts flooding the news cycle. It is a constantly growing problem that seems to know no bounds, no organization is immune, and everyone is a potential target. The large number of companies leveraging cloud services and systems always connected to the internet equates to a target-rich environment. Though most actors tend to lean towards financial gain, the interconnectivity of systems across different industries and their associated verticals provides a wide variety of opportunities for impact based on other motives.

InQuest Labs Research Spotlight

aiDAPal

aiDAPal is an IDA Pro plugin that uses a locally running LLM that has been fine-tuned for Hex-Rays pseudocode to assist with code analysis.

TotalRecall

This very simple tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.

Whisky

Whisky provides a clean and easy to use graphical wrapper for Wine built in native SwiftUI. You can make and manage bottles, install and run Windows apps and games, and unlock the full potential of your Mac.

Global Security Events

Keeping GenAI technologies secure is a shared responsibility

Generative artificial intelligence (GenAI) is reshaping our world, from streamlining work tasks like coding to helping us plan summer vacations. As we increasingly adopt GenAI services and tools, we also face the emerging risks of their malicious use. Security is crucial, as even one vulnerability can jeopardize users’ information or worse. However, securing GenAI is too vast and complex for a single entity to handle alone. Mozilla believes sharing this responsibility is essential to successfully keep people safe.

TeamViewer links corporate cyberattack to Russian state hackers

RMM software developer TeamViewer says a Russian state-sponsored hacking group known as Midnight Blizzard is believed to be behind a breach of their corporate network this week.

Polyfill.io supply chain attack hits 100,000+ websites — all you need to know

In a significant supply chain attack, over 100,000 websites using Polyfill[.]io, a popular JavaScript CDN service, were compromised. Earlier this year, a Chinese company called Funnull took over the ownership of the polyfill[.]io domain. What followed was the CDN delivering malicious JavaScript code which was automatically deployed on websites that embedded scripts from cdn.polyfill[.]io. The code would redirect mobile visitors of a website to scam sites.

Useful Links

Support

Social

X.com

GitHub

InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips, and tools. Subscribe here.

Unsubscribe here.