banner-blog.jpg

BLOG

Securing the New Normal: Future of Work

Posted by Mehul Patel on Jul 2, 2020

For most of us, working has always been social. We’d commute to an office every day where we’d spend our day in strategy meetings and whiteboard sessions, grab a coffee to catch up with colleagues, and catch the boss while walking the hall to provide the latest project update. Once in a while, if we had a personal appointment, a customer meeting across town, or an early-morning conference call from overseas, we’d be able to work from home, logging in from a VPN where we’d have secure access to productivity tools.

 

Read More

Tags: phishing, ransomware, anti-phishing, SWG, Secure Remote Worker, CASB, Digital Workforce, Remote Work

Equation Editor—Attackers continue to exploit CVE-2017-1182….

Posted by Vinay Pidathala on Jun 30, 2020

Menlo labs has observed limited attacks, where attackers are continuing to exploit CVE-2017-11882, an old Microsoft exploit with a patch that was issued more than two years ago. As a matter of fact, an FBI report published on May 12 2020, listed it as one of the top 10 vulnerabilities routinely getting exploited. We are still analyzing some details of the malware involved in the three attacks and will post it in part 2 of this series. The following are some noteworthy features in all the attacks we identified

Read More

Tags: phishing, ransomware, anti-phishing, SWG, Secure Remote Worker, Working From Home, CASB, cloud-delivered security, Digital Workforce, Remote Work

Menlo Security Thwarts Covid-19–Related Phishing Attacks

Posted by Mehul Patel on Jun 24, 2020

Threat actors can be ruthless. They use social engineering to comb through people’s personal and professional lives to uncover details that they can use in spearphishing campaigns to manipulate users into unwittingly downloading malware or giving up their credentials

 

Read More

Tags: phishing, isolation, security, Isolation Core, Cloud Proxy, Secure Remote Worker, Remote Working, SaaS, internet access, cloud-delivered security

How to Mitigate Phishing Threats inYour Organization

Posted by Kowsik Guruswamy on Dec 5, 2019

From a bad actor perspective, phishing is the cheapest and easiest way to infiltrate organizations and personal information
to make a profit. By nature, humans are curious and are oft en overconfident when it comes to security. Phishing is an even greater threat for mobile users, too. Without key visual cues, like the ability to hover over a link to determine its destination, it is much easier for a user to make the simple mistake of clicking a bad link and falling victim to a phishing attempt. The popularity of social media has also made it much easier for hackers to find valid email addresses and research users’
life activities to create sophisticated, tailored phishing attacks.  From a security perspective, there are typically three approaches to solving the phishing problem – email security gateways, web proxies and security training awareness – but each has its own limitations.

Read More

Tags: phishing, email attachments, anti-phishing, phishing prevention, Google Docs email scam, email threats

How Isolation Would Have Stopped The Russian Election Cyberattacks

Posted by Jay Kelley on Jul 19, 2018

Regardless of the political fall-out from Special Counsel Robert J. Mueller’s indictment of twelve Russian intelligence operatives for tampering with the 2016 U.S. Presidential election, this much seems clear after reading the 29-page, John LeCarre-like document: It has become unreasonable to expect any organization to successfully defend against such a massive, coordinated cyberattack.

Read More

Tags: malware, phishing, isolation, credential theft, spear-phishing, remote browsing, cyberattacks, browser isolation, presidential election, Russian hackers, Russian operatives, Russian intelligence, DNC, DCCC, Podesta, cryptojacking, X-Agent, Mueller, U.S. election, GRU, Clinton Campaign, Democratic National Committee, Democratic Congressional Campaign Committee, Clinton, cryptocurrency

Compromised Websites and Download Bomb Attacks

Posted by Andrew Prince on Jul 11, 2018

Compromised Websites and Download Bomb Attacks

In recent weeks a resurgence of download bomb attacks has been observed in the wild, attempting to add legitimacy to malicious websites serving a tech support based phishing scam. For users of Menlo Security’s Isolation Platform (MSIP), this attack is trivially defeated with zero malicious content reaching the end user’s device. However, the same may not be said for reputation based security, as we review below.

Read More

Tags: malware, phishing, isolation, javascript, compromised websites, download bomb

10 Reasons Why You Shouldn't Consider Isolation

Posted by Jay Kelley on Dec 7, 2017

 

While this post is intended to be a little tongue-in-cheek for readers, it’s been written to provoke discussion on how organizations continue to do the same things they have done for the last 15 years, without thinking of all the issues they bring with them…

Read More

Tags: phishing, isolation, ransomware, spear-phishing, web isolation, malvertising

Cyber Monday: Going Phishing?

Posted by Jay Kelley on Nov 21, 2017

 

The holiday shopping season kicks off this week with Black Friday (November 24 th) and Cyber Monday (November 27 th). And, if it’s any indication of how much online shopping will occur, last year (2016), Cyber Monday set a new sales record of $3.45 billion USD!
Read More

Tags: malware, phishing, isolation, cyber attacks, isolation platform, cyber Monday, Black Friday

The SWIFT Security Controls Framework and Isolation

Posted by Jay Kelley on Nov 7, 2017

If you are in the financial services community, you are likely well-aware of and well-acquainted with SWIFT and the services it performs. As a quick primer for the uninitiated, SWIFT is an acronym for the Society for Worldwide Interbank Financial Telecommunication, a cooperative built over forty years ago by banks and financial institutions globally to address a mutual problem: A better, more secure, and automated way to communicate inter-bank payments across borders. SWIFT addressed this common issue, and today, it is a world-leading provider of secure messaging services for over 11,000 banks, financial organizations, and enterprises in over 200 countries.

Read More

Tags: malware, phishing, spear-phishing, cyber attacks, isolation technology, isolation platform, SWIFT

Why Financial Institutions Are Phishing’s “Big Catch”

Posted by Jay Kelley on Aug 29, 2017

The financial services industry is consistently among the most highly targeted industries for cyberattacks. Financial services institutions (FSIs) are a popular and frequent focus of attackers because, to quote famed bank robber Willie Sutton, when asked why he robbed banks: “That’s where the money’s at.”  

Read More

Tags: malware, phishing, isolation, ransomware, credential theft, drive-by exploits, phishing prevention, spear-phishing, watering hole attacks, phishing attacks, financial services industry, cyberattacks, banking credentials, keyloggers, employee credential theft

Connect with us

Lists by Topic

see all

Recent Posts