The Cyber Scoop Newsletter

WELCOME TO THE SEPTEMBER 2025 NEWSLETTER

Cyber Scoop is KeyStone Solutions monthly newsletter about the latest trends, topics, and articles relating to cybersecurity. As a Managed Service Security Provider (MSSP), KeyStone’s expert team helps small to medium sized businesses with IT services including virtual Chief Information Security Officer (vCISO), cybersecurity, help desk support, Governance, Risk, and Compliance (GRC), cloud solutions, and KeyStone’s signature service, IT Team as a Service (ITTaaS) which is an all-encompass solution.

From The Desk of the CISO

Vendor Risks for Small and Medium-Sized Businesses

By Rob Ashcraft, CISO at KeyStone Solutions

Third-party risk management diagram

Small and medium-sized businesses (SMBs) are increasingly reliant on third-party vendors to support critical operations, from IT services and cloud platforms to financial management and operational tools. Subsequently, this reliance introduces multiple risks that many SMBs are ill-equipped to manage. Unlike large enterprises with dedicated vendor risk teams, SMBs often lack the resources, experience and appropriate frameworks to assess, monitor, and mitigate third-party risks effectively. Naturally, this gap makes SMBs and their “upstream vendors” attractive targets for cybercriminals, especially when vendors have access to sensitive data or internal systems. A single vulnerability in a vendor’s environment can cascade into a full-blown breach, disrupting operations and damaging customer trust.

Read The Full Article

What Does This Mean for Your Business?

Commentary by KeyStone’s Rob Ashcraft

Laptop showing a browser with a skull and malware

As enterprises increasingly rely on browsers like Chrome, Edge, and Firefox for daily operations, these platforms have become prime targets for cyberattacks. This month, I wanted to highlight an article about web browser attacks as it shines light on the rise of a prolific threat by actors know as, “Scattered Spider” (aka UNC3944, Octo Tempest, or Muddled Libra). According to this article in The Hacker News, the threat actor is renowned for exploiting web browsers to steal sensitive data. Unlike traditional cybercriminals, “Scattered Spider” uses precision targeting and advanced techniques such as session token theft, malicious extensions, and JavaScript injection to bypass security controls like MFA and EDR. This shift in attack strategy underscores the need for businesses to elevate browser security from a secondary concern to a central defense priority.

The article also outlines a strategic blueprint for browser-layer security, urging organizations to adopt multi-layered defenses. These include runtime script protection to prevent credential theft, monitoring for malicious extensions, and using web API controls to limit reconnaissance. The message in this article is crystal clear. Browser security must evolve to counter the increasingly sophisticated threats that are exploiting the very tools your employees use every day.

My key takeaways:

    • Browsers are now the primary attack surface with over 80% of security incidents originating from browser-based applications.
    • Scattered Spider (an international threat actor group) targets and exploits browser environments using advanced techniques and session tokens.
    • Traditional defensive security tools like endpoint detection and response (EDR) and multi-factor authentication (MFA) are being bypassed, making browser runtime protection essential.
    • Malicious extensions and malware injections are common payload delivery methods, often executed via drive-by attacks.
    • Business owners should engage experienced cyber leadership to assist in adopting a multi-layered browser security strategy, treating browser defense as a core component of enterprise cybersecurity.

Read the Article

Try Our 10-Second Instant Quote Estimate Tool

We’re excited to introduce our online 10-second quote tool, a quick and easy way to receive an estimated quote from KeyStone Solutions. In just a few clicks, you’ll get a fast snapshot of what our services might cost, giving you a helpful starting point as you explore your options.

Please note, this tool provides an estimate only. A detailed, customized proposal will follow after a full consultation with our team. Try it today and see how simple it is to get started!

Get Quote Estimate

View Live Cyber Threat Map From Check Point

Check Point Live Cyber Threat Map Jan 22, 2024