Threat Trends & Research
Browsing blind: Understanding the dangers of limited browser visibility
The browser has emerged as the most widely used enterprise application today. That’s good news for users who need to access corporate data and business tools from anywhere with a reliable Internet ...
How Legacy URL Reputation Evasion (LURE) attacks easily bypass current security tech
Whether it’s the push for fully remote work, in-office work, or a hybrid workstyle, the conversation around how and where employees will work continues. But guess what? To cybercriminals, this conversation doesn’t ...
Digital smugglers: How attackers use HTML smuggling techniques to beat traditional security defenses
It’s hard to imagine a time when the web browser wasn’t the critical enterprise productivity app. Many enterprise workers born in the 1990s likely don’t recall when the web browser wasn’t the ...
Escalating evasive browser attacks: Understanding the whys
Cybersecurity is a perpetual challenge of strategy and adaptation. Threat actors find a vulnerability, and, eventually, security vendors plug the hole. Attackers find another way into the network, and a patch is ...
Not your average Joe: An analysis of the XeGroup’s attack techniques
Disclaimer: Menlo Labs has informed the appropriate law enforcement agencies on the intelligence presented in this report. Executive Summary XeGroup is a hacking group that has been active since at least 2013 ...
Malicious password-protected files: The issue of prioritizing business decisions over security policies
Attackers are constantly crafting new ways to evade enterprise cybersecurity defenses. Consider both how phishing attacks and the delivery of malware are evolving. In this case, through password-protected files to infect endpoints ...
The art of MFA Bypass: How attackers regularly beat two-factor authentication
Whether it’s cloud-based productivity suites, powerful analytics platforms, the largest of enterprise ERP systems, and every application in between — to get work done, the web browser is the modern go-to application ...
The increasing emphasis on browser security: Insights from the 2023 Cyberthreat Report
The latest findings from the 2023 CyberEdge Cyberthreat Defense Report (CDR) features some positive news about the state of cybersecurity. The industry is making progress and is showing increased confidence in its ...
The many faces of the IcedID attack kill chain
Executive Summary The Menlo Labs Team noticed some very interesting and seemingly overlapping IcedID campaigns over the past couple of months. IcedID is a modular trojan that made its appearance in 2017, ...
PureCrypter targets government entities through Discord
Executive Summary Menlo Labs has uncovered an unknown threat actor that’s leveraging an evasive threat campaign distributed via Discord that features the PureCrypter downloader and targets government entities. The PureCrypter campaign uses ...