Hello, welcome to the Thursday, January 23rd, 2020 edition of the Santernet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Not all malicious emails are written in English.

The latest example from Pratt here is a malicious email campaign that's actually targeting

German speakers by being written in German.

Now, another kind of thing that's interesting about this email campaign and something that

becomes more and more common is that these emails appear to be continuing a conversation

you may have had with someone. If someone you exchange emails with is getting infected by this

malware, then the malware will not just plainly pull in the contact list from the victim, but they'll also look at recent emails

that the victim exchanged with the target.

The malware is going to send the next message to, and they're trying sort of to follow up

on a conversation here.

Now, it's still pretty mechanic and the text is very short,

but it may be enough to trick you into opening the attachment, enabling macros, and

getting infected yourself. And with the recent update of Safari in Mac OS, one of the features that was added was

intelligent tracking prevention and what that's supposed to accomplish is to make it more difficult

for advertised as such to track what websites you are visiting. Well, it turns out that this

feature can actually be used against the user and can lead to more tracking. Some researchers

from Google have an interesting paper outlining some of the techniques that can be used. What it comes

down to is that Safari maintains a list of prevalent domains, domains that you have been

visiting and that have consistently been receiving so third-party requests so they could potentially be used for tracking.

So Safari will then start blocking requests for these domains and what these Google researchers found is that by essentially loading images and such from these domains checking whether or not the load fails or

...