2018 has barely started and we've already got our first big major security vulnerabilities of the year, with the media generating lots of deserved attention worldwide on them. In case you missed the news, two major CPU vulnerabilities have been disclosed by Google and several other researchers: Meltdown and Spectre
Tags: web-based vulnerabilities, remote browsers, browser-based attacks, isolation technology
I think we’ve blogged a few times now on the risks of JavaScript and the role it plays in browser-based cyber attacks. We’ve recently seen the details of the Pornhub attack, where malicious adverts were used to target users visiting the Pornhub website and served up fake browser updates as another in a very long list of malvertising attacks.
Tags: javascript, cyber threats, coinhive, cyber attacks, isolation technology
It’s another day and another cyber attack headline in the media. This time it’s another ransomware-style attack; this one is called “Bad Rabbit”. According to media reports, it has impacted organizations in Russia and Ukraine mostly, with reports of some businesses in Turkey and Germany (and possibly in Poland and Japan) also being affected (that we know of so far).
Tags: ransomware, bad rabbit, credential theft, javascript, isolation technology, web isolation, cyber threats
Spear phishing attacks continue to plague businesses of all sizes, across all sectors. Detection of these messages remains an impossible feat. Spear phishing messages plague everyone and their intent ranges from delivering malware or ransomware, to stealing passwords and personal information, such as bank account information. All of these things have a high value in the online criminal world, hence why spear phishing is the most popular tool in the cyber attack arsenal today.
Tags: spear-phishing, anti-phishing, cyber attacks, cyber security, ransomware, cyber training
Whilst working with a customer on a web isolation project over the past two weeks, I was passed on a query based on a report published by Recorded Future in December 2016. The report was a summary of what were the popular vulnerabilities used in exploit kits by attackers in 2016 (source: RecordedFuture).
Tags: malware vulnerabilities, web isolation, web-based vulnerabilities, ransomware, malvertising
It’s 2017, and many organisations are still grappling with solving two of the biggest routes of attack into their business from the Internet - via their employees' in-boxes and web browsers.
Tags: cyber attacks, spear-phishing, anti-phishing, credential theft, isolation, infosec euope, cybersecurity
Tags: ransomware, WCry, North Korea, isolation
Another week, another web security story where organisations need to consider how to defend against another phishing attack.
Tags: punycode, anti-phishing, phishing prevention, remote browsing, isolation, state of the web, browser-based attacks, cyber attacks, cybersecurity
Tags: spear-phishing, phishers, spammers, patient zero, anti-phishing, anti-spam, isolation, risk, browser-based attacks, credential theft
I just spent a week in several new geographical markets for Menlo Security, the United Arab Emirates and Qatar, meeting and talking to new and existing customers. Online risks are no different in the Middle East than they are in the USA, Asia or Europe. The risks may have different names, but the impact remains the same.
Tags: United Arab Emirates, Qatar, Shamoon attack, cyber attacks, spear-phishing, malware vulnerabilities, credential theft, isolation
