GoSecure Blog
How Unparalleled RDP Monitoring Reveal Attackers’ Tradecraft
With our RDP interception tool, we managed to collect a great deal of information (screen, keyboard, mouse, metadata) about opportunistic attackers, and have it on video. An engineer and a crime data scientist partner to deliver an epic story, presented at BlackHat USA titled “I Watched You Roll the Die: Unparalleled RDP Monitoring Reveal Attackers’ Tradecraft” for the first time, which includes luring, understanding and characterizing attackers, allowing to collectively focus our attention on more sophisticated threats.
AWS WAF Clients Left Vulnerable to SQL Injection Due to Unorthodox MSSQL Design Choice
While doing research on Microsoft SQL (MSSQL) Server, a GoSecure ethical hacker found an unorthodox design choice that ultimately led to a web application firewall (WAF) bypass.
Unraveling CVE-2023-2868: Understanding the Risks and Staying Secure
![Robotic fish](/wp-content/uploads/Barracuda-Blog.png")
Credit: Bing Image Creator
Barracuda, a cybersecurity firm, has recently disclosed a critical vulnerability in their Email Security Gateway (ESG) appliances that has been actively exploited by threat actors in the wild since at least October 2022. This vulnerability, known as a remote command injection flaw, specifically targets a subset of devices running versions 5.1.3.001-9.2.0.006. The firm has identified that the vulnerability resides within a module responsible for conducting initial scans on attachments within incoming emails. Whilst initially addressable via a patch, the vendor is now urging its customers to replace the hardware appliances as they are unfixable.
Never Connect to RDP Servers Over Untrusted Networks
In this article, we will demonstrate why connecting using the Remote Desktop Protocol (RDP) must be avoided on untrusted networks like in hotels, conferences, or public Wi-Fi. Protecting the connection with a VPN or a Remote Desktop Gateway is the only safe alternative.
The Level of Human Engagement Behind Automated Attacks
Even automated attacks are driven by humans, but the level of engagement we observed may surprise you! When the human or an organization behind an automated attack shows higher levels of innovation and sophistication in their attack tactics, the danger increases dramatically as they are no longer simply employing an opportunistic “spray and pray” strategy, but rather more highly evolved strategies that are closer to a so-called targeted attack.
