A recent report highlighted by the National Cyber Security Centre uncovered a 37% increase in supply chain attacks in the previous year. Unsurprisingly, this increase coincides with a growing demand to integrate Internet-of-Things (IoT) and Industrial IoT (IIoT) into company networks. Supply chain corruption via (I)IoT is an area that demands further research and attention. 

Welcome to the July 2022 SCYTHE #ThreatThursday! This edition features an emulation of Qakbot, a piece of malware that is no stranger to the threat intel community.

June’s Threat Thursday will focus on a unique persistence method that is not widely used by threat actors, but works all the way through at least Windows 11 21H2. In 2020 a few researchers from TrustedSec outlined a unique method of persistence that leverages Windows Telemetry.

There’s a new vulnerability abusing the ms-msdt protocol handler to execute arbitrary code in Office. Since “msdt vulnerability” is hard to track, Kevin Beaumont dubbed this vulnerability Follina (and we’ll continue to use that nomenclature in this post).