SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS Stormcast Tuesday Mar 4th: Mark of the Web Details; Sharepint and Click-Fix Phishing; Paragon Partionmanager BYOVD Exploit
Mar 4, 2025
Discover the nuances of the 'Mark of the Web' in Windows, revealing how it stores information like source URLs and referrers. Dive into a crafty phishing attack that exploits SharePoint via the Microsoft Graph API, luring users to execute harmful commands. Learn about a critical vulnerability in Paragon Partition Manager that enables attackers to escalate privileges for ransomware deployment, even without the software installed. Stay informed on these pressing cybersecurity threats!
06:17
AI Summary
AI Chapters
Episode notes
Podcast summary created with Snipd AI
Quick takeaways
- The Mark of the Web serves as a crucial indicator for downloaded files, enhancing user awareness of potential security risks.
- Recent phishing attacks exploit users through misleading HTML emails and SharePoint interactions, illustrating the evolving tactics of cybercriminals.
Deep dives
Understanding the Mark of the Web
The mark of the web serves as an important security feature indicating that a file has been downloaded from the internet, providing users with warnings when attempting to execute potentially harmful files. It is implemented as an alternate data stream on NTFS file systems but is not consistently supported across all file formats or archive utilities. This discrepancy can result in the loss of the mark when files are extracted or transferred, which diminishes its protective function. The mark contains zone information, such as where the file originated, and may also include URL details, although these specifics may vary depending on the browser's settings, particularly in incognito mode.
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
