The browser has become a key component of the attack surface for modern businesses. Cybersecurity architectures have inadvertently created a safe haven for attackers to target users through the browser without meaningful scrutiny. Despite attempts to implement defense-in-depth strategies at scale, people are still exposed to cyber threats every single day. This challenge is being...Read More
Due to the recent LastPass incident and ongoing discovery of the impact of the breach, a person’s LastPass master password is all that remains between an adversary and all of their maintained passwords. LastPass warns that a successful brute-force attempt on users that followed the suggested master password guidelines is unlikely, but this has been...Read More
Using Keep Aware, our clients have detected an attack type that we have dubbed “Notification Hijacking.” The attack involves malicious redirects that manipulate users to enable browser notifications. These notifications can then be used to deliver malware payloads, phishing attacks, or other malicious content. This blog post provides an analysis of browser notification attacks that...Read More
Modern cyber security architecture has a critical blind spot that is leaving our people vulnerable to attack and causing real harm. That blind spot is in a piece of technology that we all interact with nearly every single day: the web browser. The encrypted privacy protections that browsers support have inadvertently created a safe haven...Read More
Our problem is simple: despite the layers of security tools in place, threats still get to our people. According to the latest FBI Internet Crime Report, threat volume and scale are rising too. Here’s a quote said to me by an organization describing some of the biggest security-related problems they faced: If we didn’t have...Read More
Keep Aware is focused on securing organizations through their people. To see how we make security simple for everyone, get in touch. Our approach studies user behavior and interactions around threats in the workplace. In today’s work environments, phishing attacks, data loss and sophisticated social engineering threats still find a way to the user. Keep Aware...Read More