Threat isolation is fast becoming the new “must-have” technology for IT security teams. It has gained recognition from leading analysts, and enterprise adoption is taking off. Case-in-point, Menlo Security now has hundreds-of-thousands of users across the globe using isolation to access the web without worry of malware infections. What is of particular importance is that 90% of these Menlo Security customers are isolating ALL of their web traffic, which unlocks isolation’s full potential. So why is this significant?
Read More
Tags:
cyber threats,
web isolation,
cyber security,
isolation technology
Lately, instances of malware with built-in worm functionality have been on the rise. The WannaCry cyberattack is a perfect example. Although the malware was classified as ransomware, to increase the number of infections, the attackers used an SMB exploit to propagate it laterally within enterprises.
Read More
Tags:
malware,
isolation,
ransomware,
cyber threats,
cyber attacks,
wannacry,
web isolation,
worm,
Houdini,
remote access trojan
There was a time not long ago when victims of phishing attacks were considered stupid. But now that the general population is becoming more aware of the phishing problem, the “pool of stupidity” is shrinking. Easy prey is becoming more difficult to find, so phishing is evolving to new levels of sophistication. Attacks using OAuth, Data URI, PDF credential phish, and PunyCode are now so difficult to detect, even security administrators themselves are falling victim.
Read More
Tags:
malware,
phishing,
malware vulnerabilities,
anti-phishing,
punycode,
oAuth,
gmail phishing campaign,
uniform resource identifier (URI) scheme
The world could rid itself of ransomware overnight if we, as a society, could collectively agree to stop paying ransom. If there was a 100% certainty that they would not get paid, attackers would simply shift their attention elsewhere. But the fact of the matter is people do pay criminals to release their critical data. According to a new survey, 52% would pay up if their computer were taken hostage by ransomware. Why is this?
Read More
Tags:
ransomware,
cyber theft,
bitcoin,
cyber threats,
bitcoins,
browser-based attacks
By now, after years of ransomware in the news, one would think that the problem would begin to ebb, given nearly every security vendors’ claims to prevent it. Obviously this has not proven true, particularly in healthcare.
Read More
Tags:
malware,
isolation,
ransomware,
anti-phishing,
phishing prevention,
healthcare
In the past, an attacker looking to steal credentials would craft a convincing email and landing page that did not trigger any red flags to the user. Attackers could be certain that at least 11% of people, even those who’d had phishing awareness training, would click malicious email links. Looking to up this percentage, attackers have evolved phishing exploits to use novel techniques, and OAuth is an important part of this evolution. This new approach is making it more challenging than ever for users to know when it is safe to click.
Read More
Tags:
phishing,
isolation,
phishing prevention,
Eugene Pupov,
phishing scams,
Google Docs email scam
There were many hot topics and cybersecurity themes at this year’s RSA Conference in San Francisco, from ransomware, to Sec Ops, to post breach mitigation.
Read More
Tags:
cybersecurity,
phishing,
credential theft,
phishing prevention,
Adaptive Clientless Rendering,
isolaton
In recent weeks, I’ve been traveling the country speaking to audiences about the two leading enterprise threat vectors: web and email. During these presentations, we spend a significant amount of time discussing ransomware, where Bitcoin is the payment of choice. People want to know why it’s so prevalent, and how they can protect themselves.
Read More
Tags:
ransomware
In medical terms, Patient Zero is loosely defined as the first human infected by a new or recently discovered viral or bacterial outbreak. The term has found its way into the IT security lexicon where its corollary is the first individual to be infected by a new malware strain, or the first victim in a phishing campaign.
Read More
Tags:
malware,
cybersecurity,
blog,
phishing,
isolation,
security,
malicious code,
anti-phishing,
phishing prevention