Interview with Anna Pham
Breaking in with ClickFix: Anatomy of a modern endpoint attack
Cybersecurity company Huntress just published a report on a new ClickFix variant they've discovered, which they've dubbed CrashFix. This technique was developed by KongTuke to serve as the primary lure within a new custom malicious browser extension also created by the group.
In short, the team observed the threat actors using KongTuke's malicious browser extension to display a fake security warning, claiming the browser had "stopped abnormally" and prompting users to run a "scan" to remediate the threats. Upon "running the scan," the user is presented with a fake "Security issues detected" alert and instructed to manually "fix" the issue by opening the Windows Run dialog, pasting from their clipboard, and pressing Enter.
The malicious extension silently copies a PowerShell command to the clipboard, disguised as a legitimate repair command. From there, they execute the malicious command.
Segment Resources:
BLOG - Dissecting CrashFix: KongTuke's New Toy
Interview with David Zendzian
Continuous compliance and real security lifecycle management
Supply chain attacks are not just on the rise; attackers are learning from the past, making these attacks even more effective and dangerous than before. It was just over a month ago when the Shai-Hulud attack first impacted NPM packages, forcing enterprises around the world into lockdown. While only 187 packages were compromised in that initial incident, it served as a wake-up call for many: an accurate inventory of systems is good, but a clear, real-time Software Bill of Materials (SBOM) for applications is non-negotiable.
In this world of manifest based infrastructure and container based applications with (real) "devsecops", the dream of continuous upgrades of OS/Runtime/Stack/App and App Dependencies is very mature and there are solid examples of companies and federal entities managing this at scale without thousands of teams and people.
Segment Resources:
BLOG - Supply Chain Security: How accurate SBOMs can deliver proactive threat mitigation
Interview with Jacob Horne
CMMC Phase 1 Enforcement — What the November 10 Deadline Means for the Defense Supply Chain
With the upcoming CMMC Phase 1 enforcement on November 10, cybersecurity teams across the defense and federal supply chain are facing new compliance requirements that directly affect contract eligibility and data-protection standards. Jacob Horne, Chief Cybersecurity Evangelist at Summit 7, can break down what this milestone means for enterprise security leaders, MSPs/MSSPs, and contractors preparing for audits.
Show Notes: https://securityweekly.com/esw-449
México