OPSWAT, a global leader in critical infrastructure protection (CIP) cybersecurity solutions, announced at Black Hat USA its acquisition of InQuest, a leading cybersecurity solutions provider known for its novel Deep File Inspection® and RetroHunting™ technologies. InQuest is highly regarded for protecting Department of Defense (DoD) customers with its network appliances that peer up to and beyond Layer 7, and combined with their threat intelligence solutions, have a proven track record of protecting the nation’s most critical networks.

OPSWAT’s relationship with InQuest has significantly grown since their technology partnership was established in 2013 when OPSWAT’s MetaDefender module was integrated with InQuest’s Network Detection and Respond solution for a joint customer at the Pentagon.

With this acquisition, OPSWAT will accelerate its go-to-market strategy for the federal market and enhance protection against network-based threats. By merging InQuest’s threat intelligence capabilities with OPSWAT MetaDefender Cloud and FileScan.io into a single repository, OPSWAT will significantly boost its intelligence capabilities. InQuest customers will also benefit from enhanced Network Detection and Response (NDR) with built-in integration with MetaDefender.

InQuest Email Attack Simulation

This month we harvested 552 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 167 (36%), and Google missed 245 (44%). InQuest, MailTAC for reference, missed 45 (12%). The distribution of misses by file type is depicted below:

InQuest EAS includes samples sourced from 50+ industry leading blogs. This month, we sourced 449 samples from these blogs for inclusion in attack simulation.

Want to validate the efficacy of your email security stack? InQuire here for a one-month free email attack simulation.

InQuest Labs Research Spotlight

Shellcoder

Shellcoder is a lightweight plugin for Binary Ninja that enhances shellcode development and analysis.

Multiplier

Multiplier provides precise and comprehensive code understanding capabilities. It does so by saving build artifacts into a database, and then making them persistently accessible using a C++ or Python API.

Fztea (flipperzero-tea)

A bubbletea-bubble and TUI to interact with your flipper zero. The flipper will be automatically detected, if multiple flippers are connected, the first one will be used.

Global Security Events

The Malware That Must Not Be Named: Suspected Espionage Campaign Delivers “Voldemort”

In August 2024, Proofpoint researchers identified an unusual campaign using a novel attack chain to deliver custom malware. The threat actor named the malware “Voldemort” based on internal filenames and strings used in the malware. The attack chain comprises multiple techniques currently popular within the threat landscape as well as uncommon methods for command and control (C2) like the use of Google Sheets.

“State-backed attackers and commercial surveillance vendors repeatedly use the same exploits

Today, we’re sharing that Google’s Threat Analysis Group (TAG) observed multiple in-the-wild exploit campaigns, between November 2023 and July 2024, delivered from a watering hole attack on Mongolian government websites. The campaigns first delivered an iOS WebKit exploit affecting iOS versions older than 16.6.1 and then later, a Chrome exploit chain against Android users running versions from m121 to m123.

Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations

Between April and July 2024, Microsoft observed Iranian state-sponsored threat actor Peach Sandstorm deploying a new custom multi-stage backdoor, which we named Tickler. Tickler has been used in attacks against targets in the satellite, communications equipment, oil and gas, as well as federal and state government sectors in the United States and the United Arab Emirates. This activity is consistent with the threat actor’s persistent intelligence gathering objectives and represents the latest evolution of their long-standing cyber operations.

Useful Links

Support

Social

X.com

GitHub

InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips, and tools. Subscribe here.

Unsubscribe here.