Invisible malware is a type of Fileless malware that comes with zero footprint and is responsible for an increasing number of endpoint or zero-day attacks. It typically resides in memory, comes packaged as firmware or lives in your Basic Input/Output System (BIOS) – thus bypassing anti-virus software. It truly is invisible.
Cross-site scripting (XSS) is a technique in which malicious scripts are stored on and unknowingly retrieved from trusted websites by unsuspecting victims. Learn how to safeguard against this threat to your sensitive data.
Emotet — a banking trojan malware program that the Center for Internet Security (CIS) calls one of the “most costly and destructive malware” — is Spanning’s first spotlight in a new series titled “Malware of the Month.” Every month, Spanning will take a closer look at a new or existing malware that is making recent headlines. Emotet gets the honor for May 2019.
Cross-site forgery (CSRF) is a malicious technique designed to take advantage of unsuspecting users who are actively logged into web applications. Learn more about this threat to your data and how to safeguard against it.
Understanding open redirection vulnerabilities is key to detecting them and protecting your organization’s data. Without proper validation, attackers can redirect victims from trusted to malicious sites, or use forwards to access unauthorized pages.
Cybersecurity is a top priority for organizations. All it takes to infect a network or steal valuable data, is one wrong click by an employee. While employees seem to have good knowledge of basic cybersecurity practices, there are considerable security blind spots which leave the employee and organization vulnerable to breaches. Spanning helps to identify red flags and vulnerabilities in security awareness training for employees.
From hurricanes, errant employees, malware to even a rodent with an appetite for cables — the likelihood of an organization suffering data loss has never been greater. An organization’s best defense is to plan for business continuity and disaster recovery by using processes that guide organizations to possibly prevent and/or better manage an (unpredictable) disruptive event.
Phishing is a critical security issue that can trick even the most diligent, security-minded users. How do you protect your organization from being another phish in the sea? Let’s start by understanding how phishing works and then move on to practical pointers to avoiding biting the bait.