In Episode 363 of The 443 Podcast, Corey Nachreiner speaks with Kristen Yang, Cybersecurity Analyst & Investigations Lead, about the threats security teams should be paying closest attention to right now. The conversation reinforces an uncomfortable truth for defenders: many successful attacks still…
WatchGuard telemetry identified some malicious files being downloaded by victims, and almost all of them originated in Venezuela, indicating a possible malicious campaign targeting companies in this country. The malicious files are distributed via phishing emails that have a SVG file with a filename…
The cybersecurity landscape is shifting quickly. In Episode 361 of The443 Podcast, Marc Laliberte and Corey Nachreiner discuss three emerging issues shaping modern security: A critical authentication bypass in a popular JSON Web Token (JWT) library An autonomous AI bot exploiting GitHub repositories…
Three stories, one theme: control planes, supply chains, and human workflows remain high-leverage targets. This Secplicity blog follows the sequence and details covered by Marc Laliberte and Corey Nachreiner in The443 Podcast Episode 360. 1) Cisco Catalyst SD-WAN 0-Day (CVSS 10): What happened Cisco…
Introduction At the turn of the year, we were alerted to a doppelganger domain impersonating WatchGuard’s Mobile VPN with SSL, delivering a malicious spoofed client to steal credentials. Navigating directly to the doppelganger domain resulted in a benign informational WatchGuard VPN page. However…
The UK has taken one of the most decisive steps yet in the global fight against ransomware. Following a summer of attacks that disrupted healthcare, retail, and legal services, the government has confirmed that a targeted ban on ransom payments and a universal reporting requirement will become law…
WatchGuard has recently received reports of a cyber crime campaign underway where a weaponized version of a free PDF editor software “AppSuite PDF Editor” has been distributed to multiple sites for users to unknowingly download and run on their systems. It has been made aware of that the threat…
Sometimes supposedly small things make a huge difference. This can also be true in cyber security configurations. In recent weeks, multiple partners described very similar cyber attacks their customers faced, and in some cases, the criminals were unfortunately even successful in compromising…
What is Encrypted Client Hello? Encrypted Client Hello (ECH) is a TLS protocol extension that encrypts the initial "Client Hello" message in the TLS handshake, concealing the domain name a user is trying to access from network observers, enhancing privacy and security. This article explains this TLS protocol extension and the impact it has on the content filtering settings on your network security devices.
At the beginning of April, WatchGuard received a report from a customer in the hospitality business describing a new phishing campaign targeting their staff. The attack starts with the threat actor opening a reservation request with the hotel, which they then cancel by email, citing a bad review for…