KrebsOnSecurity RSS<p>ClickFix: How to Infect Your PC in Three Easy Steps</p><p><a href="https://krebsonsecurity.com/2025/03/clickfix-how-to-infect-your-pc-in-three-easy-steps/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">krebsonsecurity.com/2025/03/cl</span><span class="invisible">ickfix-how-to-infect-your-pc-in-three-easy-steps/</span></a></p><p> <a href="https://burn.capital/tags/U" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>U</span></a>.S.DepartmentofHealthandHumanServices <a href="https://burn.capital/tags/MicrosoftWindows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MicrosoftWindows</span></a> <a href="https://burn.capital/tags/MicrosoftOffice" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MicrosoftOffice</span></a> <a href="https://burn.capital/tags/GoogleChrome" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleChrome</span></a> <a href="https://burn.capital/tags/booking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>booking</span></a>.com <a href="https://burn.capital/tags/ArcticWolf" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ArcticWolf</span></a> <a href="https://burn.capital/tags/proofpoint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>proofpoint</span></a> <a href="https://burn.capital/tags/mshta" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mshta</span></a>.exe <a href="https://burn.capital/tags/ClickFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClickFix</span></a> <a href="https://burn.capital/tags/Facebook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Facebook</span></a> <a href="https://burn.capital/tags/Other" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Other</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
242active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.6
#proofpoint
0 posts · 0 participants · 0 posts today
ITSEC News<p>ClickFix: How to Infect Your PC in Three Easy Steps - A clever malware deployment scheme first spotted in targeted attacks last year has... <a href="https://krebsonsecurity.com/2025/03/clickfix-how-to-infect-your-pc-in-three-easy-steps/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">krebsonsecurity.com/2025/03/cl</span><span class="invisible">ickfix-how-to-infect-your-pc-in-three-easy-steps/</span></a> <a href="https://schleuss.online/tags/u" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>u</span></a>.s.departmentofhealthandhumanservices <a href="https://schleuss.online/tags/microsoftwindows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>microsoftwindows</span></a> <a href="https://schleuss.online/tags/microsoftoffice" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>microsoftoffice</span></a> <a href="https://schleuss.online/tags/googlechrome" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>googlechrome</span></a> <a href="https://schleuss.online/tags/booking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>booking</span></a>.com <a href="https://schleuss.online/tags/arcticwolf" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>arcticwolf</span></a> <a href="https://schleuss.online/tags/proofpoint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>proofpoint</span></a> <a href="https://schleuss.online/tags/mshta" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mshta</span></a>.exe <a href="https://schleuss.online/tags/clickfix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>clickfix</span></a> <a href="https://schleuss.online/tags/facebook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>facebook</span></a> <a href="https://schleuss.online/tags/other" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>other</span></a></p>
Jonathan Kamens<p>It turns out this isn't so simple.<br>I can't say whether Gmail's servers accept insecure TLS ciphers, because it turns out the TLS connection failures weren't the only reason <a href="https://federate.social/tags/Proofpoint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Proofpoint</span></a> was failing to deliver email to my server.<br>There was another reason, which was my fault.<br>I started looking deeper into this when I discovered that <a href="https://federate.social/tags/IronPort" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IronPort</span></a> appliances were having the same problem as Proofpoint delivering email to me.<br>I wrote up the whole debugging story here:<br><a href="https://blog.kamens.us/2024/11/21/yet-another-night-debugging-email-delivery-problems/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.kamens.us/2024/11/21/yet-</span><span class="invisible">another-night-debugging-email-delivery-problems/</span></a></p>
Jonathan Kamens<p><a href="https://federate.social/tags/ProofPoint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProofPoint</span></a> has no trouble sending emails to <a href="https://federate.social/tags/gmail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>gmail</span></a>, implying that gmail's servers support <a href="https://federate.social/tags/TLS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TLS</span></a> versions or ciphers that are no longer considered sufficiently secure. <a href="https://federate.social/tags/smdh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>smdh</span></a></p>
Jonathan Kamens<p>It looks like PNC Paid is using <a href="https://federate.social/tags/ProofPoint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProofPoint</span></a> servers for its outbound email delivery. I know from personal experience that ProofPoint absolutely sucks at email delivery, so perhaps that's part of the problem.</p><p>Note that ProofPoint, A SECURE EMAIL COMPANY, runs mail servers that are incapable of negotiating non-deprecated TLS ciphers:</p><p>STARTTLS=server, error: accept failed=-1, reason=no shared cipher, SSL_error=1, errno=0, retry=-1, relay=mx0a-000ade01.pphosted.com [205.220.165.107]</p><p><a href="https://federate.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload