Breaking in with CrashFix, supply chain security, and CMMC phase 1 - David Zendzian, Anna Pham, Jacob Horne - ESW #449

<h3>Interview with Anna Pham</h3> <p><strong>Breaking in with ClickFix: Anatomy of a modern endpoint attack</strong></p> <p>Cybersecurity company Huntress just published a report on a new ClickFix variant they’ve discovered, which they’ve dubbed CrashFix. This technique was developed by KongTuke to serve as the primary lure within a new custom malicious browser extension also created by the group.</p> <p>In short, the team observed the threat actors using KongTuke’s malicious browser extension to display a fake security warning, claiming the browser had “stopped …