Eric LeVanMar 12, 2025

Take heed, traveler, those that are marked by the Web are everywhere.

They can be friends, acquaintances, or even family. Stay vigilant.

https://en.wikipedia.org/wiki/Mark_of_the_Web

#markoftheweb

Mark of the Web - Wikipedia

Marcel SIneM(S)USFeb 8, 2025
7-Zip: Mark-of-the-Web-Lücke wurde von Angreifern missbraucht | Security https://www.heise.de/news/7-Zip-Mark-of-the-Web-Luecke-wurde-von-Angreifern-missbraucht-10269973.html #MarkOfTheWeb #MotW #exploit #7zip #Patchday
7-Zip: Mark-of-the-Web-Lücke wurde von Angreifern missbraucht

Die kürzlich gemeldete Mark-of-the-Web-Schwachstelle in 7-Zip wurde von Angreifern in freier Wildbahn für Schadcode-Schmuggel missbraucht.

heise online
BlackSquirrelz 👾Dec 23, 2024

Need to quickly get an overview on which files have been downloaded from the internet on macOS?

Use

mdfind "kMDItemWhereFroms=*" -attr "kMDItemWhereFroms"

to find the extended attributes to get a list of files, inlcuding the URL where the item was downloaded from.

Hint: Might not find all the files, especially if the attributes have been deleted.

#macos #incidentresponse #markoftheweb #apple

KrebsOnSecurity RSSSep 10, 2024

Bug Left Some Windows PCs Dangerously Unpatched

https://krebsonsecurity.com/2024/09/bug-left-some-windows-pcs-dangerously-unpatched/

#PatchTuesdaySeptember2024 #MicrosoftOffice #CVE-2024-38217 #CVE-2024-38226 #CVE-2024-43491 #ImmersiveLabs #markoftheweb #SatnamNarang #TimetoPatch #microsoft #KevBreen #Rapid7

Bug Left Some Windows PCs Dangerously Unpatched – Krebs on Security

ITSEC NewsSep 10, 2024
Bug Left Some Windows PCs Dangerously Unpatched - Microsoft Corp. today released updates to fix at least 79 security vulnerabilities... https://krebsonsecurity.com/2024/09/bug-left-some-windows-pcs-dangerously-unpatched/ #patchtuesdayseptember2024 #microsoftoffice #cve-2024-38217 #cve-2024-38226 #cve-2024-43491 #immersivelabs #markoftheweb #satnamnarang #timetopatch #microsoft #kevbreen #rapid7
Bug Left Some Windows PCs Dangerously Unpatched – Krebs on Security

ITSEC NewsAug 13, 2024
Six 0-Days Lead Microsoft’s August 2024 Patch Push - Microsoft today released updates to fix at least 90 security vulnerabilities in Wi... https://krebsonsecurity.com/2024/08/six-0-days-lead-microsofts-august-2024-patch-push/ #zerodayinitiative #microsoftproject #cve-2024-38106 #cve-2024-38107 #cve-2024-38178 #cve-2024-38189 #cve-2024-38193 #cve-2024-38213 #markoftheweb #timetopatch #windowsedge #kevbreen
Six 0-Days Lead Microsoft’s August 2024 Patch Push – Krebs on Security

KrebsOnSecurity RSSAug 13, 2024

Six 0-Days Lead Microsoft’s August 2024 Patch Push

https://krebsonsecurity.com/2024/08/six-0-days-lead-microsofts-august-2024-patch-push/

#ZeroDayInitiative #MicrosoftProject #CVE-2024-38106 #CVE-2024-38107 #CVE-2024-38178 #CVE-2024-38189 #CVE-2024-38193 #CVE-2024-38213 #markoftheweb #TimetoPatch #WindowsEdge #KevBreen

Six 0-Days Lead Microsoft’s August 2024 Patch Push – Krebs on Security

Not SimonApr 1, 2024

Another Zero Day Initiative security advisory, since RARLAB failed to include the CVE ID in their release notes: CVE-2024-30370 (4.3 medium, CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. I'm not a betting man, but I can see threat actors utilizing this quickly based on historical abuse. 🔗 https://www.zerodayinitiative.com/advisories/ZDI-24-357/ and https://www.rarlab.com/rarnew.htm#27.%20Busgs%20fixed

This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action on a malicious page.

The specific flaw exists within the archive extraction functionality. A crafted archive entry can cause the creation of an arbitrary file without the Mark-Of-The-Web. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current user.

#CVE_2024_30370 #markoftheweb #WinRAR #vulnerability

ZDI-24-357

RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability

Tobias SchmidlJan 27, 2023
TIL: Das Mark of the Web enhält unter Windows 10 sowohl den Referrer als auch die komplette Download-URL. 🤦🏻‍♂️ #windows #windows10 #security #markoftheweb
joost 🐞 Nov 30, 2022
Reading up on some #infosec news after three crazy days of moving (reminder: never move) and came across the most amazing attribute name Windows gives to files from untrusted remote locations:

Mark of the Web.

But when you open such a file, you only see a boring 'Security Warning' popup.

Why not just have burning flames, cackling demons and blood-red dripping capital letters shouting "WARNING! THIS FILE BEARS THE MARK OF THE WEB!" Missed opportunity!

Also, excuse my noobness if Mark of the Web is something I should TOTALLY know about already, sheesh.

#markoftheweb #cybersecurity #bleepingcomputer #zeroday #malware