Whilst working with a customer on a web isolation project over the past two weeks, I was passed on a query based on a report published by Recorded Future in December 2016. The report was a summary of what were the popular vulnerabilities used in exploit kits by attackers in 2016 (source: RecordedFuture).
Read More
Tags:
ransomware,
malware vulnerabilities,
web-based vulnerabilities,
web isolation,
malvertising
There was a time not long ago when victims of phishing attacks were considered stupid. But now that the general population is becoming more aware of the phishing problem, the “pool of stupidity” is shrinking. Easy prey is becoming more difficult to find, so phishing is evolving to new levels of sophistication. Attacks using OAuth, Data URI, PDF credential phish, and PunyCode are now so difficult to detect, even security administrators themselves are falling victim.
Read More
Tags:
malware,
phishing,
malware vulnerabilities,
anti-phishing,
punycode,
oAuth,
gmail phishing campaign,
uniform resource identifier (URI) scheme
Over 350,000 of the world’s top 1 million web sites may be running vulnerable software -- which the recent WannaCry cyber attack has shown can spell considerable risk of hacker exploitation. According to the Menlo Security State of The Web report, software on some web sites dates back to over a decade ago, as far back as the year 2000. The cyber security research reveals that nearly half (46%) of the Internet’s top 1 million web sites, as ranked by Alexa, are risky, and that 1 in 5 domains run vulnerable software.
Read More
Tags:
isolation,
ransomware,
credential theft,
malware vulnerabilities,
phishing prevention,
spear-phishing,
banks,
cyber attacks,
wannacry,
hackers,
financial security firms,
credit unions,
web threats,
email threats

I just spent a week in several new geographical markets for Menlo Security, the United Arab Emirates and Qatar, meeting and talking to new and existing customers. Online risks are no different in the Middle East than they are in the USA, Asia or Europe. The risks may have different names, but the impact remains the same.
Read More
Tags:
isolation,
credential theft,
malware vulnerabilities,
spear-phishing,
Qatar,
United Arab Emirates,
Shamoon attack,
cyber attacks
Half of the web is vulnerable to malware, as we measured recently in our State of the Web research report, making it clear that merely visiting a legitimate web site is risky.
Read More
Tags:
malware,
cybersecurity,
phishing,
isolation,
security,
ransomware,
credential theft,
malware vulnerabilities,
cyber theft,
security strategy,
anti-phishing,
cyber threats,
Google Chrome,
bitcoins
Users must recognize that they are taking a significant risk when connecting directly to the Internet. The new Menlo Security State of The Web report reveals that nearly half (46%) of the Internet’s top 1 million web sites, as ranked by Alexa, are risky.
Read More
Tags:
malware,
cybersecurity,
blog,
isolation,
malware vulnerabilities,
cyber theft,
security strategy,
anti-phishing,
state of the web
Across the Asia Pacific, cyber security communities are sharing information about malicious actor techniques from other regions, in hopes of avoiding copycat attacks. In one case, data theft from a US government agency exploit was foiled when individual users repeatedly asked IT to have their malware-ridden laptops re-imaged. It turns out, it wasn’t just malware that was the security issue – the malware was a cover up for a sophisticated ring of insider data-stealing activities. Each time the externally-based ring leader thought their data stealing attempts might be discovered, the malware was inflicted on internal users to force a reimage and cover their tracks.
Read More
Tags:
malware,
cybersecurity,
isolation,
security,
malware vulnerabilities,
phishing prevention,
Australian Information Security Association
A new and rapid growth trend during the U.S. political season is that various treasure troves of leaked documents now await the masses on the Internet, including via sites like WikiLeaks and "Guccifer 2.0’s” latest Wordpress blog.
Read More
Tags:
malware,
cybersecurity,
phishing,
isolation,
pdf,
security,
ransomware,
risk,
malicious code,
malware vulnerabilities,
cyber theft,
security strategy,
email attachments