The post Malvertising and Google Ads: Protecting High Net-Worth Individuals and Executives appeared first on BlackCloak | Protect Your Digital Life™.

The post Malvertising and Google Ads: Protecting High Net-Worth Individuals and Executives appeared first on Security Boulevard.

Broadcom today at the VMware Explore 2024 conference extended its VMware vDefend portfolio to include generative artificial intelligence (AI) capabilities in addition to extending its software-defined edge computing portfolio to provide deeper integrations with networking and security platforms that its VMware business unit provides.

The post Broadcom Extends VMware Cybersecurity Portfolio appeared first on Security Boulevard.

At DEF CON 32, SquareX presented groundbreaking research curating vulnerabilities in Secure Web Gateways (SWGs) that leave organizations vulnerable to threats that these tools fail to detect. These traditional defenses, once considered the gold standard for enterprise security, can now be easily bypassed through client-side web attacks that they simply cannot protect against. Collectively, these attacks are called ‘Last Mile Reassembly Attacks’.

WebAssembly, a boon and a bane

Among the most concerning of these threats is the use of WebAssembly (WASM), a powerful web technology that can deliver malware directly to a user’s browser, evading SWG detection entirely. This binary instruction format allows high-performance execution of code in web browsers, enabling complex applications to run with near-native speed. However, its power and flexibility also make it an attractive vector for cyberattacks, particularly in environments where Secure Web Gateways (SWGs) are the primary line of defense.

WebAssembly is designed to work alongside JavaScript, allowing developers to execute code with higher efficiency and performance. It’s widely adopted by organizations to enhance web applications. SWGs, which are traditionally focused on inspecting network traffic at the layer of HTML, CSS, and JavaScript, are often blind to the intricacies of WebAssembly modules.

The problem lies in the fact that SWGs, operating at the network layer, do not perform the necessary dynamic analysis on WebAssembly code. This lack of visibility means that malicious actors can embed malware within WASM modules, which can then be extracted directly on the browser, bypassing the SWG’s detection mechanisms entirely.

For instance, an attacker could conceal malicious payloads within a WebAssembly module and distribute it through a compromised or even a legitimate website. Since SWGs lack the capability to analyze WebAssembly files, the malicious content slips through the network defenses undetected. The malware is assembled on the client-side and downloaded to the victim’s endpoint.

This threat is exacerbated by the fact that there is currently a lack of industry-standard security frameworks specifically designed to analyze and protect against malicious WebAssembly code. As a result, many enterprises remain vulnerable to this method of attack, relying on outdated SWGs that were never designed to handle such complex threats.

The need for a browser-native security approach

The implications of this vulnerability are clear: enterprises can no longer depend solely on network-layer defenses like SWGs to protect against the full spectrum of modern web threats. A more effective approach involves adopting browser-native security solutions, which operate directly within the browser and can analyze WebAssembly modules in real-time. These solutions provide the necessary visibility and control to detect and neutralize threats before they can cause damage.

As WebAssembly continues to gain traction in the development of web applications, enterprises must recognize the limitations Secure Web Gateways and take proactive steps to protect their environments with solutions designed to handle the complexities of today’s web technologies.

Assess your Secure Web Gateway

Similar to smuggling malware through WebAssembly modules, there are more than 30 attacks that bypass all Secure Web Gateways. Check if your enterprise is vulnerable to them at https://browser.security/

WebAssembly: The Fly on the Wall Delivering Malware Past Secure Web Gateways was originally published in SquareX Labs on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post WebAssembly: The Fly on the Wall Delivering Malware Past Secure Web Gateways appeared first on Security Boulevard.

Recently identified PyPI packages called "netfetcher" and "pyfetcher" impersonate open source libraries and target Windows users with malicious executables that have a zero detection rate among leading antivirus engines. Furthermore, some of these executables are called "node.exe" and even bear the NodeJS icon and metadata, making them evasive and easily mistaken for legitimate libraries.

The post ‘Netfetcher’ package drops illicit ‘node’ binary on Windows appeared first on Security Boulevard.

Redmond reboot redux: “Something has gone seriously wrong.” You can say that again, Microsoft.

The post Patch Tuesday not Done ’til LINUX Won’t Run? appeared first on Security Boulevard.

Two U.S. lawmakers are asking the Commerce Department to investigate whether the Wi-Fi routers built by Chinese company TP-Link could be used by Chinese-sponsored threat groups to infiltrate U.S. government and private networks, posing a security risk to the country.

The post Lawmakers Ask for Probe of Chinese Router Maker TP-Link appeared first on Security Boulevard.

ReliaQuest ranked LummaC2 and SocGholish among the top malware seen in Q2 and rounded out the top five list with AsyncRat, Oyster, and the growing numbers of info-stealers that were built using the Rust programming language.

The post ReliaQuest: Watch Out for Info-Stealers and RATs appeared first on Security Boulevard.

The post Hackers Use BingoMod Android RAT For Fraudulent Transactions appeared first on TuxCare.

The post Hackers Use BingoMod Android RAT For Fraudulent Transactions appeared first on Security Boulevard.

The FBI and law enforcement agencies from the UK and Germany seized servers and domains belonging to the Dispossessor ransomware gang, which had emerged into the spotlight following a similar operation against the notorious LockBit gang in February.

The post FBI Disrupts Operations of the Dispossessor Ransomware Group appeared first on Security Boulevard.

North Korean army of remote IT workers enabled by Matthew Isaac Knoot, alleges DoJ.

The post WTH? DPRK WFH Ransomware Redux: 3rd Person Charged appeared first on Security Boulevard.