Dans l’actualité

Researchers Discover New Obfuscation-As-a-Service Platform

Dark Reading LogoResearchers detail how a Android APK obfuscation service automates detection evasion for highly malicious apps.

A new obfuscation-as-a-service platform detailed by researchers today during the Botconf 2020 virtual conference offers yet another proof point of how robust the cybercriminal economy is at filling market needs for black hats. In this case, enterprising hackers developed a fully automated service platform for protecting mobile malware Android Packet Kits (APKs) from antivirus detection. Offered on a one-off basis or for a recurring monthly subscription, the service was available to mobile malware authors both in English and Russian for at least six months of 2020, potentially longer.

The service was found and examined by a collaborative team from three organizations: Masarah Paquet-Clouston from GoSecure, Vit Sembera from Trend Micro, and Maria Jose Erquiaga and Sebastian Garcia from the Stratosphere Laboratory. They initially got wind of the service — which they’ve chosen not to name to avoid tipping off the service operators — when they were analyzing activity surrounding the spread of the Geost Android banking Trojan botnet. They uncovered leaked chat logs between Geost botnet operators referring to an obfuscation service and started poking around to discover what was being discussed.

View Article Here

Gosecure Raises $14 Million, Bringing Series E To $35 Million USD

Betakit LogoMontreal-based GoSecure, which has developed a cybersecurity managed detection and response (MDR) software platform, has raised an additional $14 million USD for its Series E round, bringing the total round to $35 million USD.

The funding was led by W Investments Group, based in Montreal. John Randall, senior vice president of product management at GoSecure, told BetaKit there were other participants but did not disclose their names. Randall said the capital will be put towards sales, marketing and engineering.

GoSecure closed initial funding for its Series E investment in June. Though originally reported as $20 million USD, Randall told BetaKit GoSecure closed $21 million at that time. That investment was led by Yaletown Ventures. Other participants included Bank of Montreal and existing investors SAP/NS2 and Razor’s Edge.

View Article Here

Before you head off for the weekend, you have patched your Pulse Secure VPNs, right? Wouldn’t want you to be pwned via a phishing link

The Register LogoStop us if you’ve heard this one before: a remote-code execution vulnerability needs patching in Pulse Secure VPNs.

Professional code-probers at GoSecure uncovered a host of security flaws, including CVE-2020-8218, which it publicly disclosed this week after a patch was issued. The other holes are yet to be addressed, and so details on those remain under wraps for now.

View Article Here

Code-execution bug in Pulse Secure VPN threatens patch laggards everywhere

arstechnica logoIf you haven’t updated Pulse Secure VPN, now would be an excellent time to do so.

Organizations that have yet to install the latest version of the Pulse Secure VPN have a good reason to stop dithering—a code-execution vulnerability that allows attackers to take control of networks that use the product.

Tracked as CVE-2020-8218, the vulnerability requires an attacker to have administrative rights on the machine running the VPN. Researchers from GoSecure, the firm that discovered the flaw, found an easy way to clear that hurdle: trick an administrator into clicking on a malicious link embedded in an email or other type of message.

View Article Here

Détection et réponse gérées Titan
Antivirus de nouvelle génération
Détection et réponse sur les terminaux
Détection et réponse sur le réseau
Détection et réponse sur les boîtes de messagerie
Détection et réponse face aux menaces internes
Gestion des pare-feu
Gestion des SIEM
La gestion des vulnérabilités en tant que service
GoSecure Titan
Logiciel Titan
Sécurité de la messagerie
Sécurité Web
Boîte à outils «Responder PRO Forensics»
Services professionnels
Services de détection de brèches
Évaluation de la cybersécurité
Évaluation de la compromission de la sécurité
Piratage éthique
Réponse aux incidents et analyse de type «forensics»
Services de conformité et d’audit
Technologies fournies par des tiers

Pin It on Pinterest