📊 2023 OpenText Cybersecurity Threat Report
Everything you need to know about being a community member.
Experts share their insights on cyber threats and evolving security risks
Archive for all of our Threat Reports
A place for all things Cryptocurrency
This program enables approved testers to preview builds before official release
Library of monthly updates for Webroot and Carbonite
Is anyone else having problems with WiFi Security regularly disconnecting and connecting?Up until about 6 months ago, the VPN has stayed connected constantly but lately it’s constantly disconnecting and reconnecting.Does anyone know what’s going on?
A previously unknown compression side channel in GPUs can expose images thought to be private. DAN GOODIN - 9/26/2023 GPUs from all six of the major suppliers are vulnerable to a newly discovered attack that allows malicious websites to read the usernames, passwords, and other sensitive visual data displayed by other websites, researchers have demonstrated in a paper published Tuesday.The cross-origin attack allows a malicious website from one domain—say, example.com—to effectively read the pixels displayed by a website from example.org, or another different domain. Attackers can then reconstruct them in a way that allows them to view the words or images displayed by the latter site. This leakage violates a critical security principle that forms one of the most fundamental security boundaries safeguarding the Internet. Known as the same origin policy, it mandates that content hosted on one website domain be isolated from all other website domains. >> Full Article <<
September 26, 2023 By Bill Toulas A new APT hacking group named 'AtlasCross' targets organizations with phishing lures impersonating the American Red Cross to deliver backdoor malware.Cybersecurity firm NSFocus identified two previously undocumented trojans, DangerAds and AtlasAgent, associated with attacks by the new APT group.NSFocus reports that the AtlasCross hackers are sophisticated and evasive, preventing the researchers from determining their origin."After an in-depth study of the attack process, NSFOCUS Security Labs found that this APT attacker is quite different from known attacker characteristics in terms of execution flow, attack technology stack, attack tools, implementation details, attack objectives, behavior tendency and other main attribution indicators," explains NSFocus."The technical level and cautious attitude shown by this attacker during this activity are also worthy of attention." >> Full Article <<
September 25, 2023 By Bill Toulas The Better Outcomes Registry & Network (BORN), a healthcare organization funded by the government of Ontario, has announced that it is among the victims of Clop ransomware's MOVEit hacking spree.BORN is a perinatal and child registry that collects, interprets, shares and protects critical data about pregnancy, birth and childhood in the province of Ontario.MOVEit attacks leveraged a zero-day vulnerability (CVE-2023-34362) in the Progress MOVEit Transfer software to compromise and steal data from thousands of organizations worldwide.BORN first became aware of the security breach on May 31 and posted a public notice on its site while simultaneously notifying the relevant authorities (Privacy Commissioner of Ontario). >> Full Article <<
September 26, 2023 By Sergiu Gatlan Google has assigned a new CVE ID (CVE-2023-5129) to a libwebp security vulnerability exploited as a zero-day in attacks and patched two weeks ago.The company initially disclosed the flaw as a Chrome weakness, tracked as CVE-2023-4863, rather than assigning it to the open-source libwebp library used to encode and decode images in WebP format.This zero-day bug was jointly reported by Apple Security Engineering and Architecture (SEAR) and the Citizen Lab at The University of Toronto's Munk School on Wednesday, September 6, and fixed by Google less than a week later....New maximum severity CVEHowever, it has now assigned another CVE ID, CVE-2023-5129, marking it as a critical issue in libwebp with a maximum 10/10 severity rating. This change has significant implications for other projects using the libwebp open-source library.Now officially recognized as a libwebp flaw, it involves a heap buffer overflow in WebP, impacting Google Chrome versions precedin
CISO churn is a hidden cybersecurity threat. Major security initiatives or implementations can take longer than the residency of a single CISO, and constant churn can leave cracks or gaps in security. September 26, 2023 By Kevin Townsend The average tenure of a Chief Information Security Officer said to sit between 18 to 24 months. This is barely enough time to get feet under the table, never mind a meaningful seat at the table. Two questions arise: why is there such volatile churn in this space; and how does it affect enterprise cybersecurity?Reasons for CISO churn Cause #1: the scapegoat effectThe potential for CISOs to be used as scapegoats for security incidents is widely accepted and potentially growing. It can simply be internal: ‘We got breached under your watch, so we’ll blame you and let you go.’ But it can equally be a complex external issue ultimately caused by a lack of legal clarity in the Computer Fraud and Misuse Act (CFAA), a lack of clarity on bounty hunting and secur
We are very pleased to announce the launch of the DNS Leak Prevention Beta. This is an opportunity for us to share with you the feature we are about to release, as well as to solicit feedback, both from a technical and functionality perspective. Download the Beta Runner here.Documentation available here. What is DNS Leak Prevention? This is a new patent pending feature of the Webroot DNS Protection product. It is designed to provide control of DNS by blocking all alternate DNS resources aside from those configured in Webroot DNS Protection. This is done by locking down port 53 TCP and UDP (DNS), port 853 TCP (DNS over TLS), and port 443 TCP to known DoH providers. Why are we creating DNS Leak Prevention? As Webroot DNS Protection is a DNS filtering product, if we are not filtering every DNS request, it means that things are being missed. For example, if a web browser were to be configured to get DNS resolution directly from its own server, and disregard what was configured on the opera
Social Engineering is the editorial topic for this months release. Consisting of 31 different updates, this release empowers customers with content to use in their Autopilot and custom campaigns. Featuring a wide range of brands including Equifax, apple, google, and white label corporate templates, we are introducing Italian language course content in this release as well. Nine Italian courses are being released in evergreen security topics from Skillsoft. This language content is in addition to course and simulation content updates in existing languages across French, German and Spanish.The frequency, variety and quality of these continuing content updates set WSAT apart from similar size competitors.Customers can use this content to improve the outcome of their security awareness training initiatives.What is being released?Autopilot campaigns in support of National Cybersecurity Awareness MonthPhishing Simulation - Autopilot Baseline: Linkedin Business Invitation Training Campaign
My Yahoo account is being deleted but I would like to preserve participation in old Community threads.Per the following thread the method is to request a change. A PM was sent to Ssherjj, the moderator who helped at that time but it seems she may no longer be active. I tried via support at Webroot but they can’t help with this request.https://community.webroot.com/community-101-2/re-registering-on-community-320246My current, soon to be old, email address is If someone can help I would be happy to provide the new email address via email or private message. Thank you for even reading!
Hello Webroot Community,As Webroot users, we all know the importance of online security, especially in today's digital landscape. Webroot provides us with powerful tools to protect our devices and data, but there are also best practices and tips that can further enhance our security.I'm curious to hear from fellow Webroot users: What are your go-to strategies for maximizing your online security? Are there specific settings, features, or habits you rely on to keep your devices safe from threats? Do you have any recommendations for securing different types of devices or networks?For instance, I find that [mention your own security tip or practice, e.g., regularly updating my software, using strong and unique passwords with a password manager, or enabling two-factor authentication] has made a significant difference in my online security.Let's share our collective knowledge and experiences to help others make the most out of their Webroot protection. Your insights could be invaluable in cr
Hi Webroot Team, Newbie here. Can we audit device per sites if Web Threat Shield extension for Browser is enabled or disabled? Also, if the Web Threat Shield extension is disabled from a device with Webroot client program, does it mean that if the User accessed a malicious site, Webroot would not block it? Thank you.
The splash screen that indicates Webroot Secure Anywhere is active keeps reappearing. I’ve restarted PC several times. Still keeps happening. Any suggestions?\I would ignore it, but the splash screen becomes an active window and interrupts whatever I’m doing.. Thanks
I seem to be missing something. I assume I’m just blind.Where in the documentation is the new Business Admin Console documented? We’re now on version 6.7, yet all I can find is documentation for the traditional console.
This should be simple: we run a large multi-site network with a number of admins.I need to see the status of our Admins:Name and email, 2FA status, admin type (all on current console) Most recent login date Any login failure info you can provideI can’t see ANY way to discover which admins haven’t logged in. Not in the old or new console, not in API reporting. :(How to solve it?
I was really excited to see this Application, we use Rapid7 and there was no good way to get this data into IDR. My excitement was quickly diminished immediately after I installed this software. Why create a software that is to redirect logs, and in this case to a SIEM and not make it run as a service? I tested it, right after I set it up, I monitored the service running and as soon as I logged off my admin account the service stopped and I can only assume the logging stopped as well. Is there anyway to run this as a service? I really don’t need to see the Scrolling CLI, that feature is pretty much pointless.
Recently updated Webroot Solution last night in one of our Automate Servers as we have two, but our first instance now no longer displays the plugin menu popup when accessed from Tools in Automate.Has the update broken this?As on our Server 2, V220.127.116.11 works fine when trying to access the plugin menu.
I need to block all websites except for my competitor (limited website) that are allowed on the macos. This is a very locked down environment. I don’t see a way to block “ALL websites” and only allow just a handful.
Hello guys,Is there anyone here who knows how to change policy settings via cellphone, sometimes I'm in a condition where I can't open my laptop, but I have to change the policy settings, whereas via cellphone I can only create a new policy without making changes to it, even I can't change the user endpoint policy. Thanks