Latest news with #Ontinue
Phone Arena
20-07-2025
- Phone Arena
This attack could give criminals control of your mobile or desktop browser
A JavaScript-based redirect attack is serious because it can force your browser (mobile or desktop) to navigate to another website without your consent or even your knowledge. The concern is that your browser could be sent to malicious websites. This attack injects or manipulates JavaScript code on a legitimate webpage. Before you know it, the browser on your phone (or even your desktop computer) makes you the victim of a phishing scam, spyware, keyloggers (recording your keystrokes), and trojans. The goal of this is to obtain the passwords you use, which would allow attackers to access your banking and financial apps. The JavaScript-based redirect attacks are being delivered via Scalable Vector Graphics (SVG) files. These are treated mostly as harmless image files but they can be embedded with script elements design to redirect mobile and desktop browsers to dangerous websites. The destinations of the redirects are determined by the attackers. Example of credentials phishing with the name of the company used by the attackers edited. | Image credit-Ontinue According to Ontinue, the emails use weak or ineffectual email authentication domains. This allows the attackers to get potential victims to open the emails they send by pretending that they were sent by a trusted brands or an individual. The email includes "a call to action" which is an attempt to get the victim to open the image file or preview it on a mobile or desktop browser. Once the image is rendered, the SVG executes the embedded JavaScript silently. The JavaScript execution is achieved and the browser is then redirected without any user interaction. -Ontinue Watch out for emails that get downright pushy about having you view an image file immediately. If an email looks as though it was sent from a company you do business with, look for spelling errors or call the company using a phone number that you find online. You can't trust all business numbers you get from Google since some are crowd-sourced and are open to manipulation by bad actors.
Forbes
19-07-2025
- Forbes
Delete Any Emails That Include These Images On Your Phone Or PC
You will not see this attack. getty Republished on July 19 with new analysis into this dangerous image email attack. Here we go again. There's a fast growing threat in your inbox that's hard to detect — even for security software on your PC. This has 'seemingly come out of nowhere,' but you need to be aware. And it means deleting a raft of incoming emails. The new warning comes courtesy of Ontinue , which says 'threat actors are increasingly leveraging Scalable Vector Graphics (SVG) files as a delivery vector for JavaScript-based redirect attacks.' Plenty of these images, 'commonly treated as harmless' contain 'embedded script elements' that lead to browser redirects. And that's a huge risk. While these images might be .SVG attachments, as we have seen before, they could also be links to external images pulled into the email. And the campaign also relies on spoofed domains and email lures to trick users into opening and engaging. Forbes Apple's Next iPhone Upgrade May Be Bad News For Google By Zak Doffman As Sophos explains, the SVG file format 'is designed as a method to draw resizable, vector-based images on a computer. By default, SVG files open in the default browser on Windows computers. But SVG files are not just composed of binary data, like the more familiar JPEG, PNG, or BMP file formats. SVG files contain text instructions in an XML format for drawing their pictures in a browser window.' VIPRE warns that 'up until this point, SVGs have been recognized by email security tools as generally benign image files, which is why attackers are now having so much success hiding their nefarious exploits in them.' Looking at these latest attacks, SlashNext's J Stephen Kowski told me 'when you open or preview these 'images,' they can secretly redirect your browser to dangerous websites without you knowing.' That means you need to be 'extra careful' with images. Because these attackers leverage spoofed domains and senders to trick you, it isn't as easy as just avoiding emails from unknown senders. Instead, you should delete any email with an .SVG attachment unless you're expecting it. And you should allow your browser to block external images until you're certain of their origin. Kowski says these emails will also likely be 'pushy about viewing the image right away,' and while 'your email provider's built-in security features, such as spam filtering and safe attachments, can help, they're not perfect against these newer tricks.' Jason Soroko from Sectigo goes even further, warning security teams to 'treat every inbound SVG as a potential executable,' as the surge in such attacks continues. The real threat though lies in user complacency. SVG attacks, VIPRE says, are now tussling with PDFs to become 'attackers' favorite attachments of choice.' These are only images, most users assume, and so no click-throughs, no harm. Forbes Apple Warning—Do Not Make These Calls On Your iPhone By Zak Doffman Bambenek Consulting's John Bambenek says this is 'a fresh spin on the technique of using image files for delivering suspect content, in this case, malicious PDFs. The attackers have to rely on complacency ('it's only an image, it doesn't execute code') to lull organizations into accepting this content and getting it on the inside of a network.' Ontinue says 'the observed targets of this campaign fall into B2B Service Providers, including the ones handling valuable Corporate Data regularly, including Financial and Employee data, Utilities, Software-as-a-Service providers that are great social engineering targets as they expect to receive a high volume of emails.' The payload itself 'is delivered via an .SVG file that contains a JavaScript block hidden within a CDATA section. The embedded code uses a static XOR key to decrypt a secondary payload at runtime. This decoded script reconstructs and executes a redirect command using the Function() constructor.' And the team warns 'this technique demonstrates how adversaries are shifting away from executable payloads and towards smuggling (HTML and now SVG) techniques. By embedding script logic into image formats and using trusted browser functions, the attack chain avoids triggering traditional behavioral or signature-based alerts.' The emails containing the attachments or links will be simple, 'using a minimal format to avoid detection and provoke curiosity or interaction.' Hijacking poorly protected domains or spoofing others with special characters enhances the lure. 'While this report and research is valuable to enterprises,' Bambenek says, 'and the search valuable for hunt teams, organizations without a security staff or end consumers will remain vulnerable to conventional cybercrime with this technique.' 'This SVG attack vector is exactly what we've been tracking,' Kowski warns. 'Attackers have exhausted much of the text-based social engineering playbook over the last ten years and are now getting creative with content payloads to execute malicious code.' And this is easily done because 'attackers can easily spoof trusted senders, making recipients more likely to open what appears to be an innocent image file.' Forbes Do Not Use This WiFi Setting On Your iPhone Or Android Phone By Zak Doffman 'The beauty of SVG files from an attacker's perspective,' he told me, 'is that they look like harmless images but can contain embedded JavaScript that runs the moment someone opens the file in a browser, bypassing traditional email security that focuses on executable attachments.' Which means users need a new defensive playbook. And so the advice is just as simple. If you're not expecting an email which includes image links or .SVG attachments, delete them from your inbox. 'This campaign highlights a creative pivot in attacker methodology,' the team says, 'using benign file formats to hide malicious logic and evade established detection controls.' Which is another way of saying that you're your own best defense.
Forbes
16-07-2025
- Forbes
Delete Any Emails On Your Phone Or PC That Include These Images
These images are dangerous. Here we go again. There's a fast growing threat in your inbox that's hard to detect — even for security software on your PC. This has 'seemingly come out of nowhere,' but you need to be aware. And it means deleting a raft of incoming emails. The new warning comes courtesy of Ontinue, which says 'threat actors are increasingly leveraging Scalable Vector Graphics (SVG) files as a delivery vector for JavaScript-based redirect attacks.' Plenty of these images, 'commonly treated as harmless' contain 'embedded script elements' that lead to browser redirects. And that's a huge risk. While these images might be .SVG attachments, as we have seen before, they could also be links to external images pulled into the email. And the campaign also relies on spoofed domains and email lures to trick users into opening and engaging. VIPRE warns that 'up until this point, SVGs have been recognized by email security tools as generally benign image files, which is why attackers are now having so much success hiding their nefarious exploits in them.' Looking at this latest warning, SlashNext's J Stephen Kowski told me 'when you open or preview these 'images,' they can secretly redirect your browser to dangerous websites without you knowing.' That means you need to be 'extra careful' with images. Because the latest attacks leverage spoofed domains and senders to trick you, it isn't as easy as just avoiding emails from unknown senders. Instead, you should delete any email with an .SVG attachment unless you're expecting it. And you should allow your browser to block external images until you're certain of their origin. Kowski says these emails will also likely be 'pushy about viewing the image right away,' and while 'your email provider's built-in security features, such as spam filtering and safe attachments, can help, they're not perfect against these newer tricks.' Jason Soroko from Sectigo goes even further, warning security teams to 'treat every inbound SVG as a potential executable,' as the surge in such attacks continues. The real threat though lies in user complacency. SVG attacks, VIPRE says, are now tussling with PDFs to become 'attackers' favorite attachments of choice.' These are only images, most users assume, and so no click-throughs, no harm. Ontinue says 'the observed targets of this campaign fall into B2B Service Providers, including the ones handling valuable Corporate Data regularly, including Financial and Employee data, Utilities, Software-as-a-Service providers that are great social engineering targets as they expect to receive a high volume of emails.' And the team warns 'this technique demonstrates how adversaries are shifting away from executable payloads and towards smuggling (HTML and now SVG) techniques. By embedding script logic into image formats and using trusted browser functions, the attack chain avoids triggering traditional behavioral or signature-based alerts.' The emails containing the attachments or links will be simple, 'using a minimal format to avoid detection and provoke curiosity or interaction.' Hijacking poorly protected domains or spoofing others with special characters enhances the lure. The advice is just as simple. If you're not expecting an email which includes image links or .SVG attachments, delete them from your inbox. 'This campaign highlights a creative pivot in attacker methodology,' the team says, 'using benign file formats to hide malicious logic and evade established detection controls.' Which is another way of saying that you're your own best defense.
Associated Press
23-06-2025
- Business
- Associated Press
Proofpoint Appoints Tom Corn as Executive Vice President and General Manager, Threat Protection Group
SUNNYVALE, Calif.--(BUSINESS WIRE)--Jun 23, 2025-- Proofpoint, Inc., a leading cybersecurity and compliance company, today announced the appointment of Tom Corn as executive vice president and general manager of its Threat Protection business, effective immediately. This press release features multimedia. View the full release here: Tom Corn, Executive Vice President and General Manager, Threat Protection Group A seasoned cybersecurity executive, Mr. Corn brings over two decades of leadership experience in cloud, infrastructure, and platform security to Proofpoint. In his role, he will be responsible for driving Proofpoint's threat protection strategy, product innovation, and go-to-market execution, accelerating the company's mission to protect people and defend data in today's complex threat landscape. Prior to joining Proofpoint, Mr. Corn co-founded a startup focused on securing agentic-AI applications. He previously served as chief product officer at Ontinue, where he helped shape the company's AI-driven approach to managed extended detection and response (MXDR). He also held senior leadership positions at VMware and RSA, where he led major initiatives in cloud, endpoint, network, identity and data security product development, contributing to industry-leading advancements in cloud workload protection, micro-segmentation, and cyber risk analytics. 'We are delighted to welcome Tom to Proofpoint's executive team,' said Sumit Dhawan, CEO of Proofpoint. 'Tom's deep expertise in cloud and infrastructure security, combined with his visionary thinking around integrated platforms and the evolving role of GenAI to security, will be instrumental as we continue to deliver the most comprehensive and effective threat protection solutions to our customers. His leadership comes at a pivotal time in our mission to define the future of human-centric security, as organizations seek smarter, more scalable ways to defend against today's most advanced threats.' 'Proofpoint is uniquely positioned to lead human-centric security, and I'm excited to be part of a company that's committed to innovation, customer impact, and a platform-centric approach,' said Tom Corn. 'I look forward to working with this team to further build our market-leading threat protection capabilities and deliver meaningful security outcomes for our customers.' Darren Lee, who previously led Proofpoint's Threat Protection Group, will assume the newly created role of executive vice president of strategic projects, reporting directly to Proofpoint CEO Sumit Dhawan. About Proofpoint, Inc. Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organizations' greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organizations of all sizes, including 85 percent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at Connect with Proofpoint on source version on CONTACT: PROOFPOINT MEDIA CONTACT: Estelle Derouet Proofpoint, Inc. [email protected] KEYWORD: UNITED STATES NORTH AMERICA CALIFORNIA INDUSTRY KEYWORD: SOFTWARE DATA ANALYTICS INTERNET ARTIFICIAL INTELLIGENCE DATA MANAGEMENT PROFESSIONAL SERVICES TECHNOLOGY SECURITY SOURCE: Proofpoint, Inc. Copyright Business Wire 2025. PUB: 06/23/2025 01:00 PM/DISC: 06/23/2025 12:59 PM
Yahoo
20-05-2025
- Business
- Yahoo
ACR Scales Securely Through M&As with Ontinue's AI-Powered MXDR
Five Years of Partnership: How Ontinue's Microsoft Expertise Helped ACR Accelerate Integration and Reduce Risk REDWOOD CITY, Calif., May 20, 2025 /PRNewswire/ -- Ontinue, a leading provider of AI-powered managed extended detection and response (MXDR) services and winner of the 2023 Microsoft Security Services Innovator of the Year award, today announced it remains the MXDR provider of choice for ACR. As ACR accelerates its aggressive growth strategy—completing 10 acquisitions since 2016, the company has leaned on strategic technology partners to ensure its operations remain secure, agile, and efficient. Central to this approach is Ontinue supporting ACR's 24/7 managed security operations to help the organization scale confidently. ACR has been an Ontinue customer for 5 years—a testament to the consistent value and high level of service the team at Ontinue delivers. With a product portfolio that spans more than 6,000 items for the food service and hospitality industries, ACR depends on a reliable and secure supply chain. As the pace of mergers and acquisitions accelerates, integrating new companies with different systems and risk profiles has become increasingly complex. In response, ACR has elevated cybersecurity as a core business enabler—embedding it across M&A, supply chain resilience, and digital innovation. This enterprise-wide focus is led strategically by Thai Vong, the company's top technology executive, who serves as Vice President of Technology and Acting CIO, overseeing ACR's full technology portfolio—spanning cybersecurity, architecture, data and analytics, application delivery, and enterprise support functions. "Ontinue has helped us build a secure foundation that protects our environment around the clock," said Vong. "Their team feels like an extension of ours—proactive, responsive, and deeply embedded in our operations. That trust allows us to shift focus to broader business priorities like integrating acquisitions, optimizing the supply chain operations, and driving growth, without constantly worrying about what might be lurking in our environment." "The ability to scale without sacrificing security has become a competitive advantage for us," said Tom Boyles Jr., Director of Infrastructure and Security at ACR. "Ontinue's 24/7 monitoring, AI-driven capabilities, and deep integration with Microsoft tools like Defender and Sentinel ensure our environments remain secure—while freeing up our internal team to focus on high-impact projects. ACR values innovation in its partners, and Ontinue's use of AI is a hallmark of the kind of forward-thinking approach we look for. Their AI-powered capabilities, combined with Thai's strategic leadership, helped us take our cybersecurity program to the next level." Future-Ready Security Investment: Managed SecOps Built to Scale Ontinue's ION MXDR service sets a new standard for MDR by going further to investigate and resolve every incident without customer involvement. This empowers CISOs and their teams to shift focus from day-to-day security tasks to more strategic initiatives. Ontinue has pioneered several key innovations to reimagine how managed security is delivered – combining collaboration, intelligent automation, AI and human expertise. Ontinue launched the industry's first Microsoft Teams-based collaboration model that enables real-time, direct engagement between customers and the Ontinue Cyber Defense Center for faster communication and decision-making during incident management. Smart Response further tailors the service to each organization by automating customized rules of engagement and escalation paths that allow the ION MXDR service to seamlessly integrate into a customer's desired operational model. Additionally, to accelerate investigations at scale, Ontinue introduced autonomous investigations powered by agentic AI. Every incident escalated to the Ontinue Cyber Defense Center is automatically investigated by ION IQ, the AI at the core of the ION MXDR service, before being passed to a human for further analysis. For each incident ION IQ uses agentic AI to gather contextual information from disparate systems, form a hypothesis, develop an action plan for testing the hypothesis, conduct the investigation, and provide a detailed summary for review by one of Ontinue's Cyber Defenders – all in a matter of minutes. Together, these capabilities have led to a 50% decrease in the meantime to investigate (MTTI) incidents in ACR's environment, despite the fact that the ACR environment has grown larger and more complex over time. "Our mission is to deliver nonstop security that enables our customers to stay focused on what matters most to their business," said Geoff Haydon, CEO at Ontinue. "As attack surfaces and new threats emerge faster than ever before, CISOs and their teams face mounting pressure. From the beginning, Ontinue has always viewed AI — especially GenAI and agentic AI — as a critical technology, a force multiplier for overcoming scale and speed limitations that legacy MDRs simply can't address. For the first time ever, we are able to leverage human reasoning and problem solving at machine speed and scale. We're incredibly proud to be a trusted partner to ACR as they scale their business through rapid growth." By selecting Ontinue, ACR also found a partner to improve its security posture and reduce enterprise risk. Ontinue's proprietary Security Posture Improvement Framework has helped ACR improve their Microsoft Secure Score (a common metric for measuring security posture health) to 68, 70% higher than the industry average. As part of the ION MXDR service, the ACR team works with their designated Cyber Advisor to identify, prioritize, and implement tactics and controls that systematically reduce the attack surface, even while the ACR environment continues to grow with each new acquisition. ACR is now better equipped to integrate newly acquired companies swiftly and safely, often within a two-month window. "As we integrate acquisitions and expand our digital landscape," added Vong, "we've prioritized building a unified security architecture that doesn't just protect but adapts in real time. Ontinue's Managed SOC services have allowed us to extend Microsoft Defender and Sentinel across our hybrid infrastructure—giving us centralized visibility, standardized controls, and streamlined incident response across every business unit. That consistency is critical when onboarding new companies, especially at the pace we're growing." "With the addition of a dedicated cybersecurity analyst, we accelerated the implementation of the NIST Cybersecurity Framework, improved our CIS benchmarks, and began our journey into NIST's AI Risk Management Framework—all while strengthening enterprise risk and business continuity planning," said Tom Boyles Jr., Director of Infrastructure and Security at ACR. "It reflects the shift we've made from reacting to threats to systematically building maturity across our security program." Rather than building an in-house security operations center (SOC), ACR leverages Ontinue's 24/7 SOC to deliver around-the-clock coverage while minimizing internal staff burnout. Ontinue's team acts as an extension of ACR's IT organization, helping them operationalize their Microsoft Defender and Sentinel solutions and maximize the return on these investments. As a result, ACR can scale its operations—both organically and through acquisition—without needing to scale its security team or implement additional tools at the same pace. Key Results of Partnership between ACR and Ontinue 30 hours of analyst time saved in the last 90 days, freeing up ACR's internal talent to focus on high-impact, enterprise-level initiatives rather than day-to-day security tasks. 50% reduction in mean time to investigation (MTTI), significantly accelerating threat detection and response. Increased Microsoft Secure Score to 68 (from 53 since November 2024), which is 70% above the industry average. 28% improvement in Microsoft Secure Score (from 53 to 68) since November 2024, reflecting stronger configuration hygiene and overall security posture. Zero security breaches in 2024, maintaining industry-best standards for proactive threat prevention. 5-year partnership milestone, underscoring the sustained value and trust ACR places in Ontinue's managed security services Innovation & Collaboration Builds Trust The partnership with Ontinue extends beyond technology. Embedded collaboration through Microsoft Teams enables seamless communication during incident response. Ontinue's high-touch approach fosters transparency, trust, and faster decision-making across both organizations. This close working relationship has also strengthened ACR's broader enterprise risk management and cybersecurity framework, supporting continuous improvement and resilience. "Cybersecurity is no longer just about defense, it's about enabling the business to move faster with confidence," said Thai Vong, Vice President of Technology and Acting CIO. "As we continue to scale through acquisitions and digital transformation, having a partner like Ontinue, who understands our pace, our architecture, and our priorities, has been invaluable. Their seamless integration with our Microsoft ecosystem and real-time responsiveness through Teams allow us to navigate complexity without slowing down. Together, we've strengthened our risk posture while creating space for continuous improvement and innovation." As ACR continues to evolve and expand, its partnership with Ontinue remains a critical enabler—ensuring every new acquisition, system upgrade, or operational change is underpinned by modern, resilient cybersecurity. While ACR accelerates its digital transformation and navigates an increasingly AI-driven threat landscape, the company remains focused on building a cybersecurity program that is both scalable and deeply integrated. In today's environment, adapting in real time—without slowing business momentum—is essential. "At ACR, cybersecurity is part of our business model, not just a defense mechanism," said Vong. "Modern cybersecurity is not a bolt-on. It's embedded in how we operate and grow. It's the foundation for every digital move we make, whether we're onboarding a new business, launching a new platform, or protecting the trust our customers place in us. Ontinue's approach gives us the clarity and assurance that our environment remains protected." Vong's leadership continues to define how ACR embeds cybersecurity into the fabric of its operation, aligning innovation, trust, and resilience at scale. For more information on how Ontinue helps organizations like ACR protect and scale their operations, visit About Ontinue: Nonstop SecOps As a leading provider of AI-powered managed extended detection and response (MXDR) service, Ontinue is on a mission to be the most trusted security partner that empowers customers to embrace and accelerate digital transformation by using AI to operate more at scale, and with less risk. The combination of AI and human expertise is essential for delivering effective managed security that is tailored to a customer's unique environment, operational constraints, and risks. Our MXDR service combines powerful proprietary AI with the industry's first collaboration with Microsoft Teams to continuously build a deep understanding of our customers' environments, informing how we prevent, detect, and respond to threats. Our Microsoft expertise allows customers to achieve these outcomes with the Microsoft Security tools they already own. The result is highly localized managed protection that empowers security teams to be faster, smarter, and more cost efficient than ever before. Continuous protection. AI-powered Nonstop SecOps. That's Ontinue. Ontinue PR Contacts: Alison Raymondaraymond@ ICR LuminaNathaniel HawthorneOntinue@ View original content to download multimedia: SOURCE Ontinue
