Come join us and our partners, Exodus Intelligence and OPSWAT at the Foundation Room on the top floor of the Mandalay Bay. Enjoy an open bar, relaxed conversation, and hors d'oeuvres. No projectors, nor presentations. Just a gathering with a mixed group of security veterans representing a blend of pillars in the industry.

There will also be a special announcement that you don't want to miss!

InQuest Email Attack Simulation

This month we harvested 320 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 195 (61%), and Google missed 164 (51%). InQuest, MailTAC for reference, missed 53 (16%). The distribution of misses by file type is depicted below:

InQuest EAS includes samples sourced from 50+ industry leading blogs. This month, we sourced 435 samples from these blogs for inclusion in attack simulation.

Want to validate the efficacy of your email security stack? InQuire here for a one-month free email attack simulation.

USPS Parcel Delivery Themed Smishing Campaign Activity

Posted on 2024-07-17 by Hunter Headapohl

Cybercriminals and threat actors continually evolve their tactics to deceive and exploit users. One of the most persistent threats is smishing—a blend of SMS (text message) and phishing attacks. Recently, smishing campaigns have increasingly leveraged themes from the United States Postal Service (USPS), making them particularly dangerous and difficult to detect when targeted directly at users via text message.

InQuest Labs Research Spotlight

Fragtunnel

Fragtunnel is a PoC TCP tunneling tool that exploits the design flaw that IDS/IPS engines and Next Generation Firewalls have; therefore, it can tunnel your application's traffic to the target server and back while not being detected and blocked by Next Generation firewalls using Layer 7 application rules.

STRIDE GPT

STRIDE GPT is an AI-powered threat modelling tool that leverages Large Language Models (LLMs) to generate threat models and attack trees for a given application based on the STRIDE methodology. Users provide application details, such as the application type, authentication methods, and whether the application is internet-facing or processes sensitive data. The model then generates its output based on the provided information.

Satyrn

A modern Jupyter client for Mac

Global Security Events

UNC4393 Goes Gently into the SILENTNIGHT

In mid-2022, Mandiant's Managed Defense detected multiple intrusions involving QAKBOT, leading to the deployment of BEACON coupled with other pre-ransomware indicators. This marked Mandiant's initial identification of UNC4393, the primary user of BASTA ransomware. Mandiant has responded to over 40 separate UNC4393 intrusions across 20 different industry verticals.

“EchoSpoofing” — A Massive Phishing Campaign Exploiting Proofpoint’s Email Protection to Dispatch Millions of Perfectly Spoofed Emails

Just a few years ago, spoofing an email's “FROM” header was straightforward; you could write whatever you wanted. Nowadays, security protocols require emails to be sent from approved servers and authenticated with the domain’s private DKIM encryption key — all aligned with the domain mentioned in the FROM header. And yet, threat actors still manage to launch large-scale phishing email campaigns, swiftly taking hold of the identities of major brands like Disney, IBM, and Coca-Cola.

The Scam Strikes Back: Exploiting the CrowdStrike Outage

Recently we witnessed one of the most significant IT disruptions in history, affecting a wide range of sectors such as banking, airlines, and emergency services. At the heart of this disruption was CrowdStrike, known for its Falcon enterprise security solutions. The issue stemmed from a faulty security update that corrupted the Windows OS kernel, leading to a widespread Blue Screen of Death (BSOD). The incident spurred opportunistic behaviors among scammers and malware creators.

Useful Links

Support

Social

X.com

GitHub

InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips, and tools. Subscribe here.

Unsubscribe here.