Hello and welcome to the Tuesday, January 28th, 2025 edition of the Sands and the Storm Center's

Stormcast. My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

Well, today we have a diary by Jan looking at one of his favorite topics, and that's how attackers are bypassing

fishing filters. The common trick being used here is often referred to as C-Wasp for Cerro

with characters, and there are a number of different spaces, non-breaking spaces and the

like that are often used here that are invisible to the

user, but a machine looking for keywords like password would not recognize those keywords

because they are broken up with these special characters.

A particular character that Jan is looking at in this example is the soft hyphen,

which is why Jan dubs this particular version of the attack, the C-Sci attack, where S-H-Y is the

HTML entity being used for the soft hyphen that is then included in these emails in order to

obfuscate them and make them similar to these serral white space, another sero-width characters

readable to the human but not readable to the machine.

Interesting technique and what this really drives home is that yes, you know, we have

fancy filters for our email messages that try to identify spam, but a sufficiently motivated

attacker is probably going to figure out a way around this because there are just so many

options to make a text look

very different to the machine compared to the user.

And Apple today released its usual updates for everything.

So we got updates for Vision OS, iOS, iPad, OX.

We got updates for MacOS going back three versions to Ventura of MacOS 13.

We also got updates for WatchOS, TVOS, and of course, Safari for these older versions of MacOS.

...