Ok, so it turns out it is a straight up credential stealing phish attack.It's a link to a website that links to another website with a fake o365 login. Since there is no executable it escapes malware detection. I would still have thought it would get black-listed based on the URL in the PDF but I guess that shows how weak standard filtering is. I suspect the PDF in the URL is uniquely generated for each email attachment so it can't be easily black-listed.
John
On Wed, Jan 19, 2022 at 12:19 PM Gilbert E. Detillieux < gedetil@cs.umanitoba.ca> wrote:
On 2022-01-19 12:04 p.m., eh@eduardhiebert.com wrote:
Lastly, forgive my lack of knowing, what does "zero-day attack" mean?
Essentially, an attack that exploits a brand-new vulnerability, either before it has been disclosed, or on the day of disclosure (hence 0-day). The key point being that it's a vulnerability for which there likely is not yet an update, patch, or even a mitigation strategy.
See also:
https://en.wikipedia.org/wiki/Zero-day_(computing)
Gilbert
-- Gilbert E. Detillieux E-mail: gedetil@cs.umanitoba.ca Dept. of Computer Science Web: http://cs.umanitoba.ca/~gedetil/ University of Manitoba Winnipeg MB CANADA R3T 2N2
Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable