Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Welcome to the Future of SD-WAN - The Next Gen SASE Branch

It’s been a long journey toward securing and optimizing the enterprise branch, from the days of rigid MPLS networks to the agile era of SD-WAN. Now comes the next stage of that journey: Secure access service edge (SASE), which, when architected correctly, converges the most important network and security capabilities into a single cloud-delivered service. Before we talk about how, though, let’s examine why SASE’s moment is now.

Can a Single Pane of Glass Ever be Discovered for Cybersecurity?

In the ever-evolving landscape of cybersecurity, the concept of a ”single pane of glass” has long been the Holy Grail for many organisations. The idea is simple: consolidate all your cybersecurity tools and data onto a single dashboard for improved visibility and control.

New DarkGate Variant Uses a New Loading Approach

In the past month, the Netskope Threat Labs team observed a considerable increase of SharePoint usage to deliver malware caused by an attack campaign abusing Microsoft Teams and SharePoint to deliver a malware named DarkGate. DarkGate (also known as MehCrypter) is a malware that was first reported by enSilo (now Fortinet) in 2018 and has been used in multiple campaigns in the past months.

Cyber Hygiene, Phishing, & Password Sharing: Tips from Cybersecurity Awareness Month 2023

As Cybersecurity Awareness Month 2023 draws to a close, we wanted to highlight some tips to keep in mind for the rest of the year, and beyond. In case you’ve missed it, we’ve been running a series of videos on our LinkedIn page throughout the month of October highlighting tips from members of our internal security team on topics like password sharing, keeping personal identifiable information safe, and maintaining good cyber hygiene.

Cloud Threats Memo: Multiple DarkGate Loader Campaigns Exploiting Legitimate Cloud Services

DarkGate Loader is a commodity malware loader with multiple features including the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. Its distribution mechanism also makes use of legitimate AutoIt files to inject the malicious payload.

Amazon-themed PDF Phishing, Abusing LinkedIn and Twitter, Targets Microsoft Live Outlook Users

In August 2023, Netskope Threat Labs highlighted an increase in downloads of PDF phishing attachments in Microsoft Live Outlook, caused by a series of phishing campaigns targeting users of the email service. We took a closer look and found that these campaigns are mostly Amazon-themed scams with a few Apple and IRS-themed phishing attempts sprinkled throughout. Just like in our previously reported phishing blog posts, attackers are abusing free services in these campaigns.

Netskope Threat Coverage: Menorah

In October 2023, Netskope analyzed a malicious Word document and the malware it contained, dubbed “Menorah.” The malware was attributed to an advanced persistent threat group APT34, and was reported to be distributed via spear-phishing. The malicious Office file uses dispersed and obfuscated VBA code to evade detection. The advanced persistent threat group targets users of outdated versions of Microsoft Office, since it does not attempt to bypass the mark of the web security check.

Accelerate Cloud Transformation with Netskope Borderless SD-WAN and AWS Cloud WAN

Navigating complex cloud networks with multiple clouds while ensuring secure and reliable access to workloads can be daunting. That’s why Netskope and AWS have teamed up to simplify this journey and make it a lot easier. Through the integration of Netskope Borderless SD-WAN with AWS Cloud WAN, teams can automate workload access from any remote site and user laptop, deliver a secure, reliable, flexible, and highly available middle-mile network service leveraging the AWS global network.

Navigating the Complex AI Regulatory Landscape - Transparency, Data, and Ethics

Ahead of the upcoming AI Safety Summit to be held at the UK’s famous Bletchley Park in November, I wanted to outline three areas that I would like to see the summit address, to help simplify the complex AI regulatory landscape. When we start any conversation about the risks and potential use cases for an artificial intelligence (AI) or machine learning (ML) technology, we must be able to answer three key questions.