Attackers have advanced their #techniques for leveraging the "search-ms" uniform resource identifier (#URI) #protocol from #malicious #documents to direct users to websites that exploit #search-ms functionality using #JavaScript hosted on the page.

The search-ms protocol lets Windows users conduct search operations via a URI. Normally, it’s a #benign operation, but if combined with another vulnerability such as within #Windows documents, #attackers can potentially use it as a part of a broader #phishing or #malware campaign.

This attack requires #gaps at multiple layers of an organization’s defenses. First, properly leveraging email filters with URL rewriting and malicious content controls will limit the impact of a search-ms attack. Second, it relies on limited restrictions on outbound internet browsing — both at the firewall and internet proxy level. Once again, outbound controls are critical.

https://www.scmagazine.com/news/attackers-exploit-windows-based-search-ms-protocol

Full blog post with technical details available here: https://www.trellix.com/en-us/about/newsroom/stories/research/beyond-file-search-a-novel-method.html

I enjoyed this blurb on the website where I reported racist graffiti to #Glasgow City Council:

"My Council Services offer a fully automated solution, where all your reports are directly loaded into your Citizen Management System. To comment on our service or to receive more information about how to offer more functionality to your citizen, please contact us... "

Who wouldn't want more functionality? I'm pro-functionality for yr citizens as long as we're all citizens

#benign
#PhilDickian

I wonder whether I was the first man in #NewZealand to have a #mammogram on my #80th #birthday. (Result: #benign.)