Or Eshed Published - December 30, 2024
During the past few weeks, LayerX Labs identified a phishing campaign that impersonates legitimate DocuSign emails, attempting to trick victims into revealing sensitive information. Here’s what happened, and how LayerX prevented a potential security disaster. It started like any other Monday morning. Sarah, a senior account manager (a fictional character for illustration purposes), was going […]
LayerX Labs has identified a novel attack vector for malicious actors to try and extract sensitive data from unsuspecting users: GPT Masquareding Attacks. In this attack, hackers impersonate legitimate GPTs hosted on OpenAI’s ChatGPT platform in order to lure users to fake versions of those GPTs and send the data that users share with the […]
LayerX Labs identified a new zero-day phishing campaign that impersonates Microsoft security notifications to lure victims into sharing their login credentials and payment details. The attack mimics a Microsoft Windows Defender security alert, urging users to call a hotline number, enter their credentials, and provide payment to the call center to ‘secure’ their computer. This […]
Data warehousing giant Snowflake disclosed on May 23, 2024, that they experienced a data breach affecting at least 165 of its customers. Since Snowflake’s customers are industry giants such as LiveNation and Santander Bank, this incident is already shaping up to be one of the most significant data breaches in history. Snowflake has not yet […]
Web traffic encryption (AKA SSL, TLS, HTTPS) has long been the norm for most web services, particularly so for corporate SaaS applications such as Salesforce, Microsoft Outlook 365, and Skype. To help protect this traffic from eavesdropping and potential sensitive data exposure, end-to-end encryption is a critical and effective security measure for reducing risk. Organizations, […]
Shadow IT is the phenomenon of employees using IT systems, devices, software, applications, and services within an organization without explicit approval from the IT department. Employees usually choose this path when the available IT solutions provided by their organization do not meet their needs, are too cumbersome, or are perceived as inefficient. As a result, […]
URL filtering is the security process for blocking or allowing access to specific websites based on their URLs. The primary objective is to prevent users from accessing content that is deemed inappropriate, harmful, or not related to their tasks. This widely popular Internet usage policy is often implemented in various environments, from workplaces to educational […]
In 2019, a network of browser extensions, primarily for Chrome, was revealed to have been scraping sensitive data from as many as four million users. The scraped data included PII, browsing history, medical information, and more. The data was then monetized through a commercialization scheme. This breach became known as the DataSpii incident, and it […]
BYOD (Bring Your Own Device) has become a popular strategy for many enterprises, aiming to blend the convenience of personal devices with professional requirements. But is BYOD able to live up to its promise for increased flexibility and heightened productivity? In reality, BYOD introduces serious cybersecurity challenges. This is not to say BYOD shouldn’t be […]
Data Loss Prevention (DLP) solutions help enterprises protect sensitive information from unauthorized access or exfiltration. For example, ensuring that intellectual property, personal information, financial records, and health records, are not lost, misused, or accessed by unauthorized individuals. As such, DLPs are a key solution in the organization’s cybersecurity strategy and stack. This blog post dives […]
With businesses shifting to cloud-based services and remote or hybrid work becoming ubiquitous, the web browser has become the central hub of enterprise productivity. As such, it also requires dedicated security controls. Enterprise browsers and extensions are the security solutions that protect against web-borne threats and risks that exploit the browser. In this blog post, […]
Virtual Desktop Infrastructure Alternatives you Should Consider Virtual Desktop Infrastructure (VDI) is a remote connectivity technology that operates by hosting a user’s desktop environment on a remote server/virtual machine. This makes the desktop accessible from any device with an internet connection. With VDIs, organizations get flexibility for remote work, since VDIs free employees from having […]
Globalization and cloudification have enabled the adoption of remote and hybrid work models. This new workstyle provides businesses and employees with unprecedented flexibility, access to a global talent pool, and the ability to expand to new markets, among several other benefits. However, it has also driven a new risky practice: Shadow IT. “Shadow IT” is […]
In recent years, the browser has become the core working interface. However, web-borne cyber attacks and data breaches can compromise sensitive data, disrupt business operations, and even lead to financial losses. IT teams are responsible for implementing robust cybersecurity practices controls that protect against malware, ransomware, phishing attacks, pasting sensitive data into ChatGPT, and other […]
The browser security industry is rapidly gaining prominence and capturing significant attention in the cybersecurity landscape. A number of browser security companies have been established as an answer to the market’s demand for securing the most popular organizational workspace. Without browser security solutions, CISOs are left to trust cloud security solutions, which were designed to […]
Chrome extensions are small software programs that can be added to the Google Chrome web browser to enhance its functionality and customize their browsing experience. They are typically developed by third-party developers and can be found in the Chrome Web Store. But while Chrome extensions offer numerous benefits, they can also pose potential vulnerabilities to […]
More and more security decision makers have come to realize that the browser is the ultimate frontline against multiple cyber threats. This insight has led them to add Browser Isolation solutions to their security stacks. However, we have lately witnessed an increasing trend of security professionals who are moving away from these solutions and towards […]
In recent years, businesses have witnessed a concerning rise in phishing attacks. According to the Verizon DBIR 2023, phishing is one of three primary ways in which attackers access an organization. These deceptive tactics exploit human vulnerabilities, tricking employees into revealing sensitive information or granting unauthorized access to cybercriminals. As a result, they pose a […]
As an industry leader in browser security, we are committed to shedding light on the risks associated with revolutionary technologies, like GenAI tools. Our latest research, “Revealing the True GenAI Data Exposure Risk”, provides critical insights into the scope and nature of these risks. Specifically, we examine the troubling risk of data exfiltration through GenAI. […]
Generative AI tools like ChatGPT are taking the world by storm. Like any new technology, CISOs need to find a way to embrace the opportunities while protecting the organization from generative AI and ChatGPT risks. Let’s explore the opportunities and security best practices in this article. What is Generative AI? Generative AI is a type […]
As the adoption of SaaS continues to soar, the browser has become the key work interface in today’s corporate world. However, this heavy reliance on browsers also exposes organizations to a range of cybersecurity threats and operational risks they need to protect against. To gain insights into how CISOs are managing these security challenges, we […]
Financial firms have not been exempt from the spur in cybersecurity attacks. According to the 2022 Verizon DBIR report, “The Financial sector continues to be victimized by financially motivated organized crime, often via the actions of Social (Phishing), Hacking (Use of stolen credentials) and Malware (Ransomware).” Therefore, to protect and secure customer data and meet […]
With ChatGPT being 1.16 billion users strong, it has become an inseparable part of many people’s lives. This significant user base requires security and IT teams to find and implement a solution in their stack that can protect the organization from its potential security vulnerabilities. This is not a hypothetical risk; numerous reports of potential […]
In the last few years, both attackers and defenders have increased their capabilities in the infinite cat-and-mouse game. Attackers have scaled their phishing operations for stealing credentials and identities. Defenders have adopted a zero trust security approach in which users often use their mobile devices to authenticate into their desktop applications. The chase goes on. […]
In 2022 there was tremendous hype around browser security and enterprise browsers. But while they claim to provide “enterprise grade security”, enterprise browsers are actually far from perfect. In fact, they have some critical downsides. What are they and what’s the alternative? In this blog I will distinguish between browser security and enterprise browsers, address […]
As we spend more time online, the security of our browsers has become increasingly important. Our browsers are the gatekeepers to the vast amount of information available on the internet, and protecting them from threats is crucial to keeping organizations’ data safe. In the “2023 Browser Security Annual Report” (download the full report here), we […]
New year, new cyber threats. Experts predict that consumer data will be at high risk this year, and attackers are likely to get it through attacks on large corporations and financial institutions, among others. As you assess your security going into 2023, you’ll want to make sure all the bases are covered, including browser security. […]
In the past couple of years, we have witnessed unprecedented growth in cyber attacks originating from the web: phishing schemes, social engineering, malware sites and other malicious attacks. One of the main security services offered on the market nowadays for user protection against these threats is reputation-based URL filters. Reputation-based security services determine the security […]
The latest breach announced by LastPass is a major cause for concern to security stakeholders. As often occurs, we are at a security limbo – on one hand, as LastPass has noted, users followed LastPass best practices would practically be exposed to zero to extremely low risk. However, saying that password best practices are not […]
What is Phishing? Phishing is a type of cybersecurity attack in which malicious actors disguise themselves as a trusted person, website or other entity and interact directly with the victim through messages. The bad actors use these messages to obtain sensitive information or deploy malicious software on the victim’s infrastructure. In an organization, once a phishing […]
With 80% of web attacks being browser-borne, organizations are constantly exposed to various attacks when employees use their browser. These include drive-by downloads, malvertising, malicious code injection, cross site scripting and many others. As a result, organizations are constantly searching for effective ways to protect against web-borne risks, threats and attacks. Some organizations turn to […]
The idea to build a browser security platform has been on my mind for several years. In the last decade, I have seen and experienced the browser security world from both sides of the barricade. First, during my service as an information warfare specialist in the IDF Intelligence directorate, and then in my career as […]
We use cookies to make sure our website works seamlessly and to improve your experience with us. By continuing to browse, you agree to the use of cookies. To find out more please refer to our privacy policy.
