Keep Aware

New post: Defining the Techniques of Browser-Based Attacks The once-overlooked 'stepchild' in security strategies has become the modern attacker's go-to battleground. Your browser presents unique risks - running arbitrary code while providing direct user access to anyone on the web. It's no longer just a window to the internet—it's where attackers focus their efforts. Erin Kuffel-Flato has abstracted attacker procedures into higher-level classifications—Tactics and Techniques—aligning with MITRE's ATT&CK framework but specifically tailored to the browser context. Learn more: https://lnkd.in/gSqFHUwK #CyberSecurity #BrowserSecurity #ThreatProtection

Browsers have become the #1 battleground for cybersecurity. While we've fortified networks, endpoints, and email, attackers have simply shifted to where we spend most of our workday - our browsers. This latest post by Ryan Boerner breaks down three critical browser-based threats: - "Fileless" malware that reassembles inside the browser tab - Multi-step phishing campaigns hiding behind trusted platforms - The massive, unmonitored risk of browser extensions Traditional security tools are completely blind to these threats. Without Browser Detection & Response (BDR) capabilities, organizations are leaving their front door wide open. Read the full blog to discover why the browser is no longer just a productivity tool—it's now your primary attack surface. https://lnkd.in/gG8MwENx #CyberSecurity #BrowserSecurity #ThreatDetection #InfoSec

Did you know that in 2024, browser-based malware became the primary attack vector, accounting for 70% of all observed malware cases, while traditional email-based delivery plummeted to just 15%? ?? If you've haven't checked out our most recent report, download it now for a deeper dive on security challenges like Threat Detection and Response, Gen-AI Usage and Monitoring, Browser-based DLP, Extension Management and Protection, and Shadow IT. Read the report: https://lnkd.in/g5cKEi2X #CyberSecurity #BrowserSecurity #ThreatIntelligence #SecurityReport

We are excited to be a sponsor of the 9th Edition of the Seattle Cybersecurity Summit on Thursday, March 13. Use code CSS25-KeepAware to receive Free Admission to join us! https://lnkd.in/eGeVtMh9 #BrowserSecurity #CybersecuritySummit #SecureEnterprise #ThreatPrevention #InfoSec

New: 2025 State of Browser Security Report The foundation of enterprise security has long relied on the concept of “known good”—trusted infrastructure, reputable domains, sanctioned SaaS applications, verified extensions, and approved authentication methods. But today, attackers are systematically exploiting these very trust models as primary attack vectors. Our recent research found: ? Over 70% of multi-step phishing attempts involve fake Microsoft logins ? As much as 10% of AI prompts involve sensitive data ? 10% of installed browser extensions are identified as high/critical risk And more. Want to stay ahead of emerging threats? Download our comprehensive report here: https://lnkd.in/gKHfticp #CyberSecurity #InfoSec #BrowserSecurity

?? ???????? ?????? ?????????????????????? - ?? ???????? ???????????? ?????????? ?????????????? ???????????????? ???? ???????? What's really happening in browser security right now, from Ryan Boerner's latest insights: ? ?????????????? ?????????? ?????? ?????? ?????? ???????????? ????????????: Attackers aren't fighting our defenses—they're using authorized tools like Google Drive and Microsoft 365 to launch attacks. Traditional good vs. bad filtering is obsolete. ? ???? ???????? ?? ?????????????? ?????????? ????????: Security teams lack a proper data model for browsers, even though they've become our primary work environment. Network security tools have zero visibility into critical DOM-level threats. ? ?????? ????????????????????/???????????????? ?????? ???????????? ???? ????????: SaaS has erased the line between personal and professional tools. Binary allow/deny policies don't work when the same app (like ChatGPT) serves both purposes. ? ???????????????? ?????? ?????? ?????? ???????????????? ????????????????: From authentication tokens to MFA, everything that proves who you are lives in the browser. Yet we're still treating authentication as a one-time event rather than an ongoing risk The takeaway? Traditional Secure Web Gateways (SWGs) were built for a different era. We need a fundamental shift in how we approach browser security—one that prioritizes behavioral analysis, continuous monitoring, and context-aware protection. Read the entire blog here: https://lnkd.in/g_k7EnnK #CyberSecurity #BrowserSecurity #InfoSec #TechTrends

We are beyond thrilled to have had the opportunity to sponsor such an incredible event filled with passionate, talented cybersecurity professionals! It was amazing to see so many experts come together to share knowledge, insights, and ideas on how to tackle the ever-evolving challenges in the world of cybersecurity. From thought-provoking discussions to innovative solutions, we couldn’t be more proud to be a part of this fantastic community! ??

?3 weeks after the Cyberhaven browser extension incident, Ryan Boerner's analysis and overview continues to draw significant attention on the Keep Aware website daily. The sustained interest in this post highlights a critical reality: browser-based attacks are becoming an increasingly prominent threat vector. As organizations rely more heavily on web-based tools and applications, protecting your workforce from these sophisticated threats isn't just an option – it's a necessity. Want to understand the implications and learn how to protect your organization? Check out Ryan's in-depth analysis below ?? #cybersecurity #browsersecurity #infosec #security #riskmanagement

How Hackers Slipped Into Your Browser ?? In 2024, the browser continued to be a prime target for third-party risk, highlighting threat actors’ abuse of the increasingly complex web infrastructure and the lack of client-side protections. However, it still remains as an underserved application in most organizations' security strategies. Erin Kuffel-Flato highlights 3 noteworthy supply chain attacks observed in 2024 in the browser ecosystem: trusted browser extension compromise, JavaScript library takeover on legitimate sites, and consent phishing via trusted identity providers. Take a look at this recent blog post to learn more: https://lnkd.in/gjd_PTYc #SecurityAwareness #BrowserSecurity #SupplyChain #ConsentPhishing

Check out this recent blog post?from Keep Aware CEO Ryan Boerner regarding the Cyberhaven browser extension compromise: