GoSecure Blog
Email Threats of the Second Quarter of 2022
Rampant inflation is driving an increase in email-based threats – both as threat actors feeling the pinch find it harder to pay their bills and as desperate recipients experiencing financial hardships of their own fall prey to their tactics. Learn what to watch for to protect yourself from these “too-good-to-be-true” schemes.
The Mass Effect: Opportunistic Workers Drift into Cybercrime
This blog post summarizes the results of a study that sheds light on ordinary workers conducting benign IT tasks, such as developing websites or translating texts, that contribute to cybercrime activities. The researchers from multiple organizations, including the GoSecure Titan Labs team, conducted a thematic analysis and used machine learning, as well as statistical tests on several datasets, to extract a general understanding of these workers and their mass effect.
Tableau Server Leaks Sensitive Information From Reflected XSS
GoSecure Titan Labs has identified a vulnerability within the Tableau Server that could allow malicious actors to extract sensitive data from the application. Tableau Server is an analytics platform owned by Salesforce used to see and understand data. This application is often hosted on premises to explore sensitive data in a trusted environment. According to a Shodan search which returned more than 18,000 results for this product, this application is widely used by companies to analyze data.
Did You Know Your Browser’s Autofill Credentials Could Be Stolen via Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS) is a well-known vulnerability that has been around for a long time and can be used to steal sessions, create fake logins, and carry out actions as someone else, etc.
XSS Vulnerability in IBM Content Navigator (CVE-2020-4757)
GoSecure Titan Labs discovered a stored cross-site scripting (XSS) vulnerability in IBM Content Navigator. Users are strongly advised to upgrade to version 3.0.9 or above. This blog post details the vulnerability, its impact and provides a proof of concept for exploitation.
