GoSecure Blog

6 Privacy Pitfalls for Developers to Avoid

6 Privacy Pitfalls for Developers to AvoidWhile tech-savvy people are very concerned about privacy, knowing where to find metadata leaks can be nebulous even for developers. In this blog post, we will explore examples of unexpected user information leakage. We hope that the information shared in this blog will help developers assess and address potential privacy issues with their applications, as well as educate end-users about potential risks to their privacy that can result from information leaks.

We picked six examples based on design flaws that are often overlooked. We recognize that common vulnerabilities such as SQL injection and memory corruption often lead to confidentiality and privacy issues as well. We feel that these issues also pose a significant risk to privacy and can compromise personal data if not addressed properly.

read more

What Does the Ukraine Invasion Mean for Cyber Warfare?

What Does the Ukraine Invasion Mean for Cyber Warfare?Cyber warfare is here to stay. The Russia/Ukraine conflict underscores the long-held fear that kinetic warfare can and would be combined with organized, sustained cyber warfare to be used asymmetrically against a militarized adversary and its’ country’s critical infrastructure.

read more

Current MFA Fatigue Attack Campaign Targeting Microsoft Office 365 Users

Current MFA Fatigue Attack Campaign Targeting Microsoft Office 365 UsersMulti-factor Authentication or MFA (sometimes referred as 2FA) is an excellent way to protect your Office 365 accounts from attackers trying to gain access to them. As a second form of protection, along with passwords, it supplies another step in the process to verify the real identity of the user trying to log in. There are many MFA options including SMS, One Time Passwords (OTP) and push notifications from an app. And while the intent of these methods is to provide extra protection, attackers have also begun to look for ways to compromise what should be a security enhancing practice. In this case, we are examining MFA Fatigue by focusing on a current attack vector—Push Notification Spamming. We’ll describe what MFA fatigue is, how it is carried out and detail the steps for IT professionals to detect and mitigate it within their organizations.

GoSecure Titan Labs identified new threat vectors using MFA Fatigue attacks based on recent investigations. Our team has also observed a significant increase in the number of attacks performed using this technique.

read more

Malicious Chrome Browser Extension Exposed: ChromeBack Leverages Silent Extension Loading

GoSecure Titan Labs received a malicious Chrome extension sample that we are calling ChromeBack (a4424f32a10770b7e486a38823f166ff ) from GoSecure’s Titan Managed Detection and Response (MDR) team. After creating a detection for GoSecure Titan Endpoint Detection & Response (EDR) to ensure that we can identify this threat for our clients, the GoSecure Titan Labs team is ready to spread the word and share how to address this serious issue that some users are already experiencing. The potential impact of ChromeBack is extensive, ranging from browser traffic hijacking and ad-redirection to deactivation of other extensions and even the activation of developer mode without the user’s knowledge.

read more

How CI/CD Enabled the GoSecure Titan Platform to Respond to Log4j Vulnerabilities

Photo by Brett Jordan on UnsplashLog4j was an eye opener for many here at GoSecure. Not from a technology or security perspective, we have that covered in spades; but just how quickly the GoSecure Titan team can respond and remediate a vulnerability in a dependency. We are starting to appreciate the speed CI/CD (continuous integration / continuous delivery) has brought to the normal development cycle for handling bugs and bringing new features to market.

Internally, we have been touting how great a full CI/CD pipeline is for increasing our development velocity, but no one had considered what it meant to vulnerability response times. It was an eye opener for the GoSecure Titan team, and in a good way! So, I would like to share our journey that led to this, which all culminated in a fast response to the Log4j vulnerabilities.

read more

Categories

GoSecure Titan® Managed Extended Detection & Response (MXDR)​

GoSecure Titan® Managed Extended Detection & Response (MXDR)​ Foundation

GoSecure Titan® Vulnerability Management as a Service (VMaaS)

GoSecure Titan® Managed Security Information & Event Monitoring (Managed SIEM)

GoSecure Titan® Managed Perimeter Defense​ (MPD)

GoSecure Titan® Inbox Detection and Response (IDR)

GoSecure Titan® Secure Email Gateway (SEG)

GoSecure Titan® Threat Modeler

GoSecure Titan® Identity

GoSecure Titan® Platform

GoSecure Professional Security Services

Incident Response Services

Security Maturity Assessment

Privacy Services

PCI DSS Services

Penetration Testing Services​

Security Operations

MicrosoftLogo

GoSecure MXDR for Microsoft

Comprehensive visibility and response within your Microsoft security environment

USE CASES

Cyber Risks

Risk-Based Security Measures

Sensitive Data Security

Safeguard sensitive information

Private Equity Firms

Make informed decisions

Cybersecurity Compliance

Fulfill regulatory obligations

Cyber Insurance

A valuable risk management strategy

Ransomware

Combat ransomware with innovative security

Zero-Day Attacks

Halt zero-day exploits with advanced protection

Consolidate, Evolve & Thrive

Get ahead and win the race with the GoSecure Titan® Platform

24/7 MXDR FOUNDATION

GoSecure Titan® Endpoint Detection and Response (EDR)

GoSecure Titan® Next Generation Antivirus (NGAV)

GoSecure Titan® Security Information & Event Monitoring (SIEM)

GoSecure Titan® Inbox Detection and Reponse (IDR)

GoSecure Titan® Intelligence

OUR SOC

Proactive Defense, 24/7

ABOUT GOSECURE

GoSecure is a recognized cybersecurity leader and innovator, pioneering the integration of endpoint, network, and email threat detection into a single Managed Extended Detection and Response (MXDR) service. For over 20 years, GoSecure has been helping customers better understand their security gaps and improve their organizational risk and security maturity through MXDR and Professional Services solutions delivered by one of the most trusted and skilled teams in the industry.

EVENT CALENDAR

LATEST PRESS RELEASE

GOSECURE BLOG

SECURITY ADVISORIES

No Results Found

The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.

 24/7 Emergency – (888)-287-5858