GoSecure Blog
Security Advisory: Multiple Vulnerabilities Impact 3CX Phone System
GoSecure Titan Lab investigation found that 3CX phone system servers were vulnerable to two different attacks: authenticated command injection and privilege escalation. When combined with the 3CX cloud free trial, these vulnerabilities could allow an attacker to escape the restricted terminal and gain a “free” virtual server.
Evasive Phishing Techniques Threat Actors Use to Circumvent Defense Mechanisms
Phishing continues to be the number one threat faced by companies of all sizes, and one of the main entry points threat actors use to infiltrate networks. As defenses continue to evolve, so do the tactics threat actors use to circumvent those defenses. In this article, the GoSecure Titan® Inbox Detection & Response (IDR) team shares examples of tactics threat actors have used to bypass anti-phishing defenses.
Don’t Get Fooled! Watch Out for These Top Tax Season Threats
Tax season is upon us, and with it comes the annual increase in targeted threat tactics. While there are many steps you should take to protect yourself and your company, it starts with knowing what to look for. In this article, the GoSecure Titan Inbox Detection & Response (IDR) team shares insights about current tax-related phishing and malware threats, and what you should be on the lookout for. We’ll cover the top two tax season threats we’ve observed—attacks targeting tax preparers and attacks targeting individuals or businesses who are seeking professionals to prepare their taxes. We’ll also share examples and tips to combat these threats.
6 Privacy Pitfalls for Developers to Avoid
While tech-savvy people are very concerned about privacy, knowing where to find metadata leaks can be nebulous even for developers. In this blog post, we will explore examples of unexpected user information leakage. We hope that the information shared in this blog will help developers assess and address potential privacy issues with their applications, as well as educate end-users about potential risks to their privacy that can result from information leaks.
We picked six examples based on design flaws that are often overlooked. We recognize that common vulnerabilities such as SQL injection and memory corruption often lead to confidentiality and privacy issues as well. We feel that these issues also pose a significant risk to privacy and can compromise personal data if not addressed properly.
What Does the Ukraine Invasion Mean for Cyber Warfare?
Cyber warfare is here to stay. The Russia/Ukraine conflict underscores the long-held fear that kinetic warfare can and would be combined with organized, sustained cyber warfare to be used asymmetrically against a militarized adversary and its’ country’s critical infrastructure.
