Dans l’actualité

GoSecure Named to JMP Securities Elite 80 List of Hottest Privately Held Companies

JMP Securities has released its eighth annual JMP Securities Elite 80 report where they highlight the most interesting and strategically positioned private companies in the Cybersecurity and IT Infrastructure industries. The Elite 80 represents not only a compendium of the technology leaders in their respective markets but the future titans of the IT infrastructure and cybersecurity markets.

GoSecure is honored to be listed for the fourth year in a row.

View Report Here

MFA fatigue attacks: Users tricked into allowing device access due to overload of push notifications

Malicious hackers are targeting Office 365 users with a spare of ‘MFA fatigue attacks’, bombarding victims with 2FA push notifications to trick them into authenticating their login attempts.

This is according to researchers from GoSecure, who have warned that there is an increase in attacks that are exploiting human behavior to gain access to devices.

Multi-factor authentication (MFA) fatigue is the name given to a technique used by adversaries to flood a user’s authentication app with push notifications in the hope they will accept and therefore enable an attacker to gain entry to an account or device.

In a blog posted earlier this week, GoSecure described the attack as “simple”, given that “it only requires the attacker to manually, or even automatically, send repeated push notifications while trying to log into the victim’s account”.

View Article Here

AWS patches bug that left its WAF customers exposed to SQL injection

SC Media LogoResearchers reported this week that they found a bug in MySQL that left AWS Web Application Firewall (WAF) customers exposed to an SQL injection.

In a blog post, GoSecure’s ethical hackers also confirmed that upon further testing, ModSecurity, a popular WAF for Apache and nginx, were also exposed to an SQL injection.

The researchers said the bug, which they trace back to a Black Hat presentation in 2013, was fixed by AWS on Oct. 1, with public disclosure coming on Wednesday.

View Article Here

How digital ‘drifters,’ eager to turn an easy profit online, fuel the malware marketplace

README LogoNew research presented during Black Hat 2021 in Las Vegas on Wednesday reveals the important role of amateur, and amateurish, players in sustaining the cybercrime ecosystem.

The cybercrime underground is often portrayed as driven by a small number of highly motivated and capable actors with criminal intent — bot herders, ransomware masterminds and spy chiefs. But new research suggests it is sustained by a huge penumbra of individuals simply trying to earn a living off the internet — a portion of whom over time drift into criminal activity.

“What we conclude from our analysis is that there is a large informal workforce evolving at the periphery of the malware industry that is necessary to its operation,” Masarah Paquet-Clouston, a security researcher for GoSecure, told a virtual session at the Black Hat security conference in Las Vegas Wednesday.

She compared these “drifters,” moving from the informal economy to the cybercrime ecosystem, to the street level dealers and enforcers — often drug addicts themselves — who make the operations of transnational drug cartels possible. “They’re not the masterminds behind … the cartels. But if we take them off the streets, maybe we can tackle the [drug] problem differently,” she said.

View Article Here

Researchers turn the spotlight on the hidden workers of the cybercrime world

ZDNet LogoPhishing schemes, malware campaigns and other operations involve an array of workers beyond the criminal masterminds. Could giving them better opportunities for legitimate work help cut crime?

Security researchers have put the spotlight on a little-known but growing group of people who make up a significant part of the cyber-criminal ecosystem, even though some of them may not even be aware that they’re actually taking part in illegal activities.

A collaborative research project by Czech Technical University in Prague, plus cybersecurity companies GoSecure and SecureWorks, analyzed the activities of people on the fringes of cybercrime, those behind projects like building the websites that end up being used for phishing attacks, affiliate schemes to drive traffic towards compromised or fake websites or writing the code that ends up in malware.

The people behind these projects are doing it because it’s an easy way to make money. But by doing this work, they’re laying the foundations for cyber criminals to carry out malicious campaigns

View Article Here

Détection et réponse gérées Titan
Antivirus de nouvelle génération
Détection et réponse sur les terminaux
Détection et réponse sur le réseau
Détection et réponse sur les boîtes de messagerie
Détection et réponse face aux menaces internes
Gestion des pare-feu
Gestion des SIEM
La gestion des vulnérabilités en tant que service
GoSecure Titan
Logiciel Titan
Sécurité de la messagerie
Sécurité Web
Boîte à outils «Responder PRO Forensics»
Services professionnels
Services de préparation aux brèches
Évaluation de la cybersécurité
Services de réponse aux incidents
Services des équipes « Red & Purple »
Services de tests d'intrusion
Services de conformité et d'audit
Évaluation de la compromission de la sécurité
Technologies tierces

Pin It on Pinterest