During the past few weeks, LayerX Labs identified a phishing campaign that impersonates legitimate DocuSign emails, attempting to trick victims into revealing sensitive information. Here’s what happened, and how LayerX prevented a potential security disaster. It started like any other Monday morning. Sarah, a senior account manager (a fictional character for illustration purposes), was going […]
LayerX Labs has identified a novel attack vector for malicious actors to try and extract sensitive data from unsuspecting users: GPT Masquareding Attacks. In this attack, hackers impersonate legitimate GPTs hosted on OpenAI’s ChatGPT platform in order to lure users to fake versions of those GPTs and send the data that users share with the […]
Data warehousing giant Snowflake disclosed on May 23, 2024, that they experienced a data breach affecting at least 165 of its customers. Since Snowflake’s customers are industry giants such as LiveNation and Santander Bank, this incident is already shaping up to be one of the most significant data breaches in history. Snowflake has not yet […]
Web traffic encryption (AKA SSL, TLS, HTTPS) has long been the norm for most web services, particularly so for corporate SaaS applications such as Salesforce, Microsoft Outlook 365, and Skype. To help protect this traffic from eavesdropping and potential sensitive data exposure, end-to-end encryption is a critical and effective security measure for reducing risk. Organizations, […]
Shadow IT is the phenomenon of employees using IT systems, devices, software, applications, and services within an organization without explicit approval from the IT department. Employees usually choose this path when the available IT solutions provided by their organization do not meet their needs, are too cumbersome, or are perceived as inefficient. As a result, […]
URL filtering is the security process for blocking or allowing access to specific websites based on their URLs. The primary objective is to prevent users from accessing content that is deemed inappropriate, harmful, or not related to their tasks. This widely popular Internet usage policy is often implemented in various environments, from workplaces to educational […]
In 2019, a network of browser extensions, primarily for Chrome, was revealed to have been scraping sensitive data from as many as four million users. The scraped data included PII, browsing history, medical information, and more. The data was then monetized through a commercialization scheme. This breach became known as the DataSpii incident, and it […]
BYOD (Bring Your Own Device) has become a popular strategy for many enterprises, aiming to blend the convenience of personal devices with professional requirements. But is BYOD able to live up to its promise for increased flexibility and heightened productivity? In reality, BYOD introduces serious cybersecurity challenges. This is not to say BYOD shouldn’t be […]
Data Loss Prevention (DLP) solutions help enterprises protect sensitive information from unauthorized access or exfiltration. For example, ensuring that intellectual property, personal information, financial records, and health records, are not lost, misused, or accessed by unauthorized individuals. As such, DLPs are a key solution in the organization’s cybersecurity strategy and stack. This blog post dives […]
With businesses shifting to cloud-based services and remote or hybrid work becoming ubiquitous, the web browser has become the central hub of enterprise productivity. As such, it also requires dedicated security controls. Enterprise browsers and extensions are the security solutions that protect against web-borne threats and risks that exploit the browser. In this blog post, […]
We use cookies to make sure our website works seamlessly and to improve your experience with us. By continuing to browse, you agree to the use of cookies. To find out more please refer to our privacy policy.
