Breaking in with CrashFix, supply chain security, and CMMC phase 1 - David Zendzian, Anna Pham, Jacob Horne - ESW #449
9 March - 1 hour 34 minsInterview with Anna Pham Breaking in with ClickFix: Anatomy of a modern endpoint attack
Cybersecurity company Huntress just published a report on a new ClickFix variant they’ve discovered, which they’ve dubbed CrashFix. This technique was developed by KongTuke to serve as the primary lure within a new custom malicious browser extension also created by the group.
In short, the team observed the threat actors using KongTuke’s malicious browser extension to display a fake security warning, claiming the browser had “stopped abnormally” and prompting users to run a “scan” to remediate the threats. Upon “running the scan,” the user is presented with a fake “Security issues detected” alert and...
Series Episodes
Staypuft, Claude, One Pixel, deepfakes, Raccoon, BOFH, Satoshi Nakamoto, Josh Marpet. - SWN #571
30 mins
10 April Finished
Cthullu, BlueHammer, NK, CUPs, Axios, Fortinet, Cognitive Surrender, Aaran Leyland - SWN #570
32 mins
7 April Finished
AppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design - Idan Plotnik, Raj Mallempati - ASW #377
1 hour 8 mins
7 April Finished
