Threat Trends
How to mitigate the NetScaler vulnerability and protect your web applications
You may have seen the recent security bulletin from Citrix that advises NetScaler ADC and NetScaler Gateway customers that a vulnerability allows threat actors to gain access to the NetScaler administration console ...
How to mitigate the NetScaler vulnerability and protect your web applications
You may have seen the recent security bulletin from Citrix that advises NetScaler ADC and NetScaler Gateway customers that a vulnerability allows threat actors to gain access to the NetScaler administration console ...
EvilProxy Phishing Attack Strikes Indeed
Executive Summary Menlo Labs recently identified a phishing campaign targeting executives in senior level roles across various industries, but primarily Banking and Financial services, Insurance providers, Property Management and Real Estate, and ...
EvilProxy Phishing Attack Strikes Indeed
Executive Summary Menlo Labs recently identified a phishing campaign targeting executives in senior level roles across various industries, but primarily Banking and Financial services, Insurance providers, Property Management and Real Estate, and ...
Browser Extensions: A Hidden Gateway for Cybercriminals
The way we work continues to evolve – shifting critical business applications from the hardened data center to the web browser. Users can log in from anywhere with an Internet connection and ...
How Legacy URL Reputation Evasion (LURE) attacks easily bypass current security tech
Whether it’s the push for fully remote work, in-office work, or a hybrid workstyle, the conversation around how and where employees will work continues. But guess what? To cybercriminals, this conversation doesn’t ...
Digital smugglers: How attackers use HTML smuggling techniques to beat traditional security defenses
It’s hard to imagine a time when the web browser wasn’t the critical enterprise productivity app. Many enterprise workers born in the 1990s likely don’t recall when the web browser wasn’t the ...
Escalating evasive browser attacks: Understanding the whys
Cybersecurity is a perpetual challenge of strategy and adaptation. Threat actors find a vulnerability, and, eventually, security vendors plug the hole. Attackers find another way into the network, and a patch is ...
Not your average Joe: An analysis of the XeGroup’s attack techniques
Disclaimer: Menlo Labs has informed the appropriate law enforcement agencies on the intelligence presented in this report. Executive Summary XeGroup is a hacking group that has been active since at least 2013 ...
Real-world examples of Highly Evasive Adaptive Threats (HEAT) in the news
Despite some good news from the recently released 2023 CyberEdge Cyberthreat Defense Report (CDR), high-profile breaches continue to plague the industry. From Rackspace to Twitter to GitHub, businesses, organizations and government agencies ...