GoSecure Blog
Privacy concerns in working from home during COVID-19
IT security specialists deal with threats everyday, this is part of their daily work in an ever-growing business. But with the recent, unprecedented move to employees working from home, are security teams focusing enough on the potential issues that employees can create while working remotely during this heath crisis? Specifically, are privacy issues being sufficiently reviewed before new technology is implemented?
Bypassing Xamarin Certificate Pinning on Android
Xamarin is a popular open-source and cross-platform mobile application development framework owned by Microsoft with more than 13M total downloads. This post describes how we analyzed an Android application developed in Xamarin that performed HTTP certificate pinning in managed .NET code. It documents the method we used to understand the framework and the Frida script we developed to bypass the protections to man-in-the-middle (MITM) the application. The script’s source code, as well as a sample Xamarin application, are provided for testing and further research.
Impact of COVID-19 on PCI DSS compliance
Following recent developments in the spread of COVID-19, many companies and organizations are facing exceptional logistic challenges that can go as far as invoking their business continuity plan.
Such measures can potentially cause security and compliance elements to be put on hold for reasons of understaffing, the need to stabilize the IT infrastructure, or logistical difficulties related to the lack of mobility of key personnel.
Phishing for COVID-19
It should come as no surprise that cybercriminals are using the COVID-19 pandemic as a phishing lure. Popular media events always result in new attacks. But with the heightened level of awareness (panic?), end-users are likely more susceptible than usual. GoSecure Inbox Detection and Response (IDR) has blocked several new variants, each with varying levels of complexity to the phishing lure but almost all looking to install a remote access trojan.
PyRDP on Autopilot – Unattended Credential Harvesting and Client-Side File Stealing
When we initially released PyRDP in late 2018, we familiarized ourselves with the Remote Desktop Protocol (RDP) relatively quickly. It became clear that our initial release couldn’t tackle all the opportunities that an active on-the-wire attacker could have. During my internship, one of my goal was to implement features taking advantage of these opportunities for both offensive use cases and malware research ones.
