Notices by Fellows (fellows@cyberplace.social)

@cirriustech @GossiTheDog Thanks for the info! From their site: “The Logo API is offered as a free, legacy product and is unsupported at this time”. Good chance that means it’s not monitored for abuse! Hopefully they’ll EOL it before December 1st.

Recently I’ve seen a number of good looking malicious emails pretending to be from various orgs, all with included company logos.

Looking over the HTML of the emails I noticed an image URL common to all of them, logo.clearbit[.]com. It was in the image tag for logo.

It’s a company logo API that uses logo.clearbit[.]com/“domain.whatever” for logo creation.

Might be a domain you want to start filtering for, as the API is clearly being abused thanks to it being absolutely free.

#ThreatIntel

@GossiTheDog I have to watch the entire season again. Too much times passed since it originally came out that I need a refresher.

@GossiTheDog that doesn’t seem very humane

@GossiTheDog it had a good run

Over the past few days, I’ve noticed a variety of malicious emails with different styles. All of these emails use the lure URL link.shoppermeet[.]net.

Link attempts to redirect users to a Microsoft 365 phishing page for credential harvesting. The threat actor even tries to include company images and logos to make the email appear more legitimate.

#ThreatIntel

If you still haven’t applied Microsoft Office patches since January 2024, now might be a good time to

https://www.bleepingcomputer.com/news/security/critical-rce-bug-in-microsoft-outlook-now-exploited-in-attacks/

@GossiTheDog I guess it’s no Starfield

@GossiTheDog aside from graphics, is the gameplay any good?

@GossiTheDog I think this fits the quintessential definition of “first world problem”

Not sure if you’ve heard of Pixpa[.]com. They label themselves as “an easy, all-in-one portfolio website builder for photographers & creators…”

I’ve recently seen threat actors use Pixpa as a trusted domain within links in malicious email campaigns. Watch out as the service isn’t always photography.

#ThreatIntel

@GossiTheDog I cracked out my Nintendo Switch the other day after seeing your post about the Switch 2. As a guy born in the first half of the 1980s, maybe it’s the nostalgia, but I like the gameplay of stuff like Mario Wonder. I bet the Switch 2 outsells everything - I’m in for one.

The fact that the X/S is trailing the One in sales doesn’t seem too surprising

@GossiTheDog wow that’s neat, and kinda terrifying.

I wonder what my neighbours would think if I started flying that over their homes. I had to write a test and get licensed just to be able to fly my drone here!

@GossiTheDog is that vehicle something that exists in the physical world?

@GossiTheDog I gave it a try, didn’t like it, added no value. The bar was low but they didn’t make it over.

If you’re not blocking SVG (Scalable Vector Graphic) attachments in email messages you might want to.

I have observed something I haven’t yet seen. Malicious email messages where the attachment the threat actor wants the target to open is a to SVG file pretending to be an agreement.

The SVG file when loaded makes a HTTP call to load a remote image, it also contains a transparent layer which links to the malicious website.

Looks to be an attempt at evading detection.

#ThreatIntel

@GossiTheDog no need to go to the theater with events so expertly scripted.

@GossiTheDog He must be playing TMNT

@GossiTheDog thanks for this Kevin, I have passed the info around to some MSPs I have friends working at.

@GossiTheDog Those graphics look pretty amazing. Is this game like WWII Online? (If you’ve ever played that one) I used to play WWII Online as a teen on my old Power Mac G4 and Power Mac G5.