Browsing blind: Understanding the dangers of limited browser visibility
The browser has emerged as the most widely used enterprise application today. That’s good news for users who need to access corporate data and business tools from anywhere with a reliable Internet connection. But threat actors have taken notice as well, and, as a result, the popularity of the browser ... Read More
How Legacy URL Reputation Evasion (LURE) attacks easily bypass current security tech
Whether it’s the push for fully remote work, in-office work, or a hybrid workstyle, the conversation around how and where employees will work continues. But guess what? To cybercriminals, this conversation doesn’t really matter. Not one bit. That’s because no matter where today’s enterprise worker resides and where the work ... Read More
Digital smugglers: How attackers use HTML smuggling techniques to beat traditional security defenses
It’s hard to imagine a time when the web browser wasn’t the critical enterprise productivity app. Many enterprise workers born in the 1990s likely don’t recall when the web browser wasn’t the primary window to access nearly every office application. Today, the web browser is the de facto enterprise app ... Read More
Real-world examples of Highly Evasive Adaptive Threats (HEAT) in the news
Despite some good news from the recently released 2023 CyberEdge Cyberthreat Defense Report (CDR), high-profile breaches continue to plague the industry. From Rackspace to Twitter to GitHub, businesses, organizations and government agencies around the world have been victimized by sophisticated threat actors who are getting better at evading traditional security ... Read More
Malicious password-protected files: The issue of prioritizing business decisions over security policies
Attackers are constantly crafting new ways to evade enterprise cybersecurity defenses. Consider both how phishing attacks and the delivery of malware are evolving. In this case, through password-protected files to infect endpoints. It’s a growing risk for all organizations. There was a time when nearly all phishing attacks, whether crafted ... Read More
The art of MFA Bypass: How attackers regularly beat two-factor authentication
Whether it’s cloud-based productivity suites, powerful analytics platforms, the largest of enterprise ERP systems, and every application in between — to get work done, the web browser is the modern go-to application interface. Unfortunately, it also means that the web browser is the go-to target for modern attackers. This profoundly ... Read More
The illusion of safety: Unmasking evasive browser attacks for a secure cyber landscape
Security used to be pretty straightforward. Enterprises would build a strong perimeter defense in front of a robust data center and shore up entry points into the network—ensuring that malicious actors couldn’t gain access. Then, a few decades ago, desktop computers connected to the Internet, and suddenly, threat surfaces extended ... Read More
