GoSecure Blog
Another Successful Hacktoberfest: See the Results from GoSecure Collaborations
For the fifth year, GoSecure encouraged everyone to join Hacktoberfest, an annual, month-long event that encourages contributions to open-source software. Each year, GoSecure tags several issues for collaboration and this blog post summarizes the work that was contributed to our repositories.
Status on Log4j Vulnerability in the GoSecure Portfolio
Due to the severity of the Log4Shell vulnerability (CVE-2021-45046), GoSecure is making available the status of the Log4Shell vulnerability across the GoSecure portfolio.
Get the Latest from GoSecure Titan Labs on Mitigation and Remediation for the Log4Shell Vulnerability
Updated on 12/15/2021 with the latest mitigation strategies for CVE-2021-44228 and CVE-2021-45046 including Log4J 1.2 status
GoSecure has been closely monitoring the Log4Shell vulnerability since it was discovered. Not only have we been proactively hunting across GoSecure TitanTM Managed Detection & Response (MDR), but we have also helped monitor and respond with patches for our clients through GoSecure Vulnerability Management as a Service (VMaaS) and supported clients with other managed security solutions.
So far, none of our GoSecure Titan MDR customers have been impacted by Log4Shell. The GoSecure Active Response Center (ARC) remains vigilant for any signs of breaches and new MDR detections have been added to increase the visibility of known Log4Shell activity.
To increase our detection and blocking capabilities, GoSecure Titan Labs performed extensive research on the vulnerability. The results of that work can be found in this blog, including some recommended mitigation and remediation actions.
TrickBot Leverages Zoom Work from Home Interview Malspam, Heaven’s Gate and… Spamhaus?
The team of expert analysts at GoSecure Titan labs have reverse-engineered a new TrickBot cleverly hidden in a Zoom job interview email through a sample obtained from GoSecure Titan Inbox Detection and Response (IDR). The email message contained a shortcut (LNK) file entitled Interview_details.lnk and that LNK file downloads a loader which will be examined in this blog. GoSecure Titan Labs named the loader TrickGate because it uses the Heaven’s Gate technique to load TrickBot, one of the world’s most prevalent botnets.
GoSecure Investigates Abusing Windows Server Update Services (WSUS) to Enable NTLM Relaying Attacks
In part three of a series, GoSecure ethical hackers have found another way to exploit insecure Windows Server Update Services (WSUS) configurations. By taking advantage of the authentication provided by the Windows update client and relaying it to other domain services, we found this can lead to remote code execution. In this blog, we’ll share our findings and recommend mitigations.
