Enhance cybersecurity awareness and survivability for DoD, industry partners, and academia in the face of the ever-increasing threat of cyber attacks. Cybersecurity (CS) includes managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes, including analog and physical form. CS includes information availability, identification and authentication, confidentiality, integrity, and non-repudiation as well as the economic considerations with respect to selection of CS techniques, CS processes, and industry trends.
Specially Crafted ZIP Files Used to Bypass Secure Email Gateways
Attackers strike once again in an interesting and obscure way at end users of secure email gateways. These gateways are made to scan through emails to filter out spam and malicious content, but attackers have found a way to trick the gateways. By creating a dual archive in a single zip file, they were able to bypass security measures by tricking the gateway into extracting the first archive that had no harmful content, while ignoring the secondary archive with a malicious RAT. The only problem with this approach is that not all archiving utilities will be able to extract the RAT properly, therefore greatly diminishing the malware’s effectiveness.
You must be logged in to reply to this topic.