GoSecure Blog
Why you should consider Kotlin for Burp extension development
This small article is an opinion piece to explain why we find the Kotlin language interesting. Its benefits applied to Burp extension development. Security professionals might not be aware of Kotlin. However, it is becoming a trending language in the Android...
VMware Horizon (V4H/V4PA) desktop agent privilege escalation vulnerability (CVE-2017-4946)
As virtualization technology continues to become the corporate standard, the popularity of Virtual Desktop Infrastructure (VDI) in large enterprises has been increasing. These automated environments can provision desktops and applications from the internal and external network on top of virtualization technology without an IT administrator’s input.
Can We Trust Social Media Data? Social Network Manipulation by an IoT Botnet
New results related to our research about Linux/Moose, an IoT botnet that conducts social media fraud (SMF), were published in the scientific journal, Social Media & Society, last week. The article is open-source and available at: http://dl.acm.org/citation.cfm?id=3097301. However, if you don’t want to bother reading it, we have provided below a quick summary of the main findings. In general, the study assesses the market for social media fraud.
Building a Content Security Policy configuration with CSP Auditor
Content Security Policy – or CSP in short – is the latest milestone in browser XSS attack mitigation. Rather than relying on the browser’s anti-XSS filter solely, it is now possible to instruct browsers to apply additional restrictions on external resources like Javascript. This is enforced via the CSP HTTP Headers. The true adoption of this standard will probably not happen before auto-generated and transparent CSP configuration become built-in to web frameworks. At the moment, manual work is still needed in most cases.
Opinion: Petya, NotPetya and what’s wrong with our industry?
In the last few days, we closely followed the malicious software outbreak that took control of about 12,500 devices, mostly in Ukraine and Russia, demanding a $300 ransom from the infected device’s owner. Although this new attack is fascinating, we noticed that the associated stories quickly got out of hand.
