#markoftheweb

2025-03-12

Take heed, traveler, those that are marked by the Web are everywhere.

They can be friends, acquaintances, or even family. Stay vigilant.

en.wikipedia.org/wiki/Mark_of_

#markoftheweb

BlackSquirrelz 👾aptwi@infosec.exchange
2024-12-23

Need to quickly get an overview on which files have been downloaded from the internet on macOS?

Use

mdfind "kMDItemWhereFroms=*" -attr "kMDItemWhereFroms"

to find the extended attributes to get a list of files, inlcuding the URL where the item was downloaded from.

Hint: Might not find all the files, especially if the attributes have been deleted.

#macos #incidentresponse #markoftheweb #apple

2024-09-10

Bug Left Some Windows PCs Dangerously Unpatched - Microsoft Corp. today released updates to fix at least 79 security vulnerabilities... krebsonsecurity.com/2024/09/bu #patchtuesdayseptember2024 #microsoftoffice #cve-2024-38217 #cve-2024-38226 #cve-2024-43491 #immersivelabs #markoftheweb #satnamnarang #timetopatch #microsoft #kevbreen #rapid7

2024-08-13

Six 0-Days Lead Microsoft’s August 2024 Patch Push - Microsoft today released updates to fix at least 90 security vulnerabilities in Wi... krebsonsecurity.com/2024/08/si #zerodayinitiative #microsoftproject #cve-2024-38106 #cve-2024-38107 #cve-2024-38178 #cve-2024-38189 #cve-2024-38193 #cve-2024-38213 #markoftheweb #timetopatch #windowsedge #kevbreen

2024-08-13

Six 0-Days Lead Microsoft’s August 2024 Patch Push

krebsonsecurity.com/2024/08/si

#ZeroDayInitiative #MicrosoftProject #CVE-2024-38106 #CVE-2024-38107 #CVE-2024-38178 #CVE-2024-38189 #CVE-2024-38193 #CVE-2024-38213 #markoftheweb #TimetoPatch #WindowsEdge #KevBreen

2024-04-01

Another Zero Day Initiative security advisory, since RARLAB failed to include the CVE ID in their release notes: CVE-2024-30370 (4.3 medium, CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. I'm not a betting man, but I can see threat actors utilizing this quickly based on historical abuse. 🔗 zerodayinitiative.com/advisori and rarlab.com/rarnew.htm#27.%20Bu

This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action on a malicious page.

The specific flaw exists within the archive extraction functionality. A crafted archive entry can cause the creation of an arbitrary file without the Mark-Of-The-Web. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current user.

#CVE_2024_30370 #markoftheweb #WinRAR #vulnerability

Tobias Schmidltobias@schmidl.dev
2023-01-27

TIL: Das Mark of the Web enhält unter Windows 10 sowohl den Referrer als auch die komplette Download-URL. 🤦🏻‍♂️ #windows #windows10 #security #markoftheweb

Unbenannt.PNG
2022-11-30
Reading up on some #infosec news after three crazy days of moving (reminder: never move) and came across the most amazing attribute name Windows gives to files from untrusted remote locations:

Mark of the Web.

But when you open such a file, you only see a boring 'Security Warning' popup.

Why not just have burning flames, cackling demons and blood-red dripping capital letters shouting "WARNING! THIS FILE BEARS THE MARK OF THE WEB!" Missed opportunity!

Also, excuse my noobness if Mark of the Web is something I should TOTALLY know about already, sheesh.

#markoftheweb #cybersecurity #bleepingcomputer #zeroday #malware
Screenshot of article on Bleeping Computer including the first few paragraphs. Article is about phishing attacks using a Windows zero-day vulnerability to drop the Qbot malware without displaying Mark of the Web security warnings.

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst