Authentic8 Blog Category: Cloud Browser

JavaScript Template Attacks: How Browsers Give Away the Store

Did you know? Attackers use  your locally installed browser base and JavaScript to draw up intricate exploit roadmaps for targeted attacks on your organization. Listen to our interview with security researcher Michael Schwarz to learn how JavaScript template attacks work and how to prevent them.

*

“Free” browsers boast features and extensions that supposedly enhance security and privacy online. The same settings or plugins, it turns out, can be used by adversaries to achieve precisely the opposite effect.

That’s just one of the eye-opening findings reported in the research paper JavaScript Template Attacks: Automatically Inferring Host Information for Targeted Exploits.

The paper was authored by security researchers Michael Schwarz, Florian Lackner and Daniel Gruss of Graz University in Austria. They describe how JavaScript template attacks help attackers prepare pinpointed zero-day or side-channel attacks against large organizations, by exploiting the ubiquitous data leaks in “free” browsers and their extensions.

The researchers found an abundance of environment-dependent properties in Firefox, Chrome, Edge, and mobile

The Gift of Access

I have spent the bulk of my Navy career working to inspire transformational change both at the unit and enterprise levels. Though my navy career is over, I remain committed to helping others do the same. I recently read Greg Satell’s Cascades: How to Create a Movement that Drives Transformational Change, and was once again reminded that driving change within an organization is both art and science.

Many people think Authentic8’s Silo platform is a browser for the zero trust web. It most certainly is that and so much more.

After serving within the core of the Department of Defense for years, the new collaboration tools I had at my disposal as a member of the Defense Innovation Unit blew my mind. I say ‘new’ not because they were new, as they were the very tools that the private sector has been using for years - webmail, video conferencing, file sharing, and work management platforms. They were ‘new’ to me

GDPR: A Letter from Elizabeth Denham

Elizabeth Denham.

If your company is doing business in Europe, put that name on top of the list of people you’ll not want to hear from in their official capacity.

Just ask BA (British Airways) or Marriott International. Both encountered data breaches that put millions of their customers at risk. Now, they’ve both received notice from Ms. Denham that they’ll be fined the record amounts of $ 230 million and $ 125 million, respectively, under the European Union’s General Data Protection Regulation (GDPR).

Elizabeth Denham heads up the Information Commissioner's Office (ICO) of the United Kingdom. Yes, the recipients of her notice of intent may appeal the decision. And no, observers don’t expect the ICO to reduce these first GDPR penalties against major international corporations to the proverbial slap on the wrist.

To the contrary. GDPR applies to all companies, including in the US, that store or process data of EU citizens and residents. The EU’s privacy commissioners

Covert Online Investigation Tools: How Yesterday’s DIY Is Today’s Negative ROI

Security Officers, are your online researchers still relying on custom-made covert investigation solutions cobbled together from disparate tools to save money? New research proves that the opposite is happening: It costs you extra.

A few years ago, providing research teams with out-of-the-box capabilities to perform anonymous online research was crazy expensive. The task of enabling cyber threat hunting, without the risk of crippling the network, for example, needed a separate six-figure line item on the IT budget. It’s no wonder that there are so many organizations that rely on a patchwork of make-do and DIY tools and methods.  

Today though, the DIY approach to enabling sensitive research on the open, deep, or dark web is unnecessary, as well as out of sync with the demands of our rapidly changing internet threatscape.

A new comparative analysis by Authentic8 shows how DIY costs leaps and bounds more money than the new, low maintenance, SaaS alternative available today.  

Covert Online Research Costs: DIY Approach vs. Silo Research Toolbox by Authentic8

Source (excerpt): Authentic8 Whitepaper

In a

TRON and Transition

As those of us who have served in the military for a significant period of time can attest, we begin to take certain things for granted. The sense of belonging, the pride of being part of something much bigger than ourselves, and the ability to impact the lives of many were among my greatest gratifications as a military officer.

As I navigated my transition after 27 years of service, the potential of feeling a void in any of those areas was not acceptable. Fortunately, I was able to find a team that allows me to experience a similar sense of fulfillment and gratification. Two short years ago, I was serving as Commanding Officer of a team that remains customers of the team of which I am now a part. The path from customer to Authentic8er was not foreseen but it makes perfect sense now that I am here.

We stumbled across Authentic8’s Silo platform in 2016 when we decided we wanted