Blogue GoSecure
Log4J 2.15 TOCTOU Vulnerability Illustrated by GoSecure Researchers
Log4J 2.15 vulnerabilities are now considered high severity (9.0). See how the initial mitigations for LDAP integration could have been bypassed with a TOCTOU.
Holiday Warning: Are you Ready for Shipping Phishing Scams?
During the holiday season, it is estimated that 800M packages are shipped via USPS between Thanksgiving and Christmas. Given these types of numbers, is it any wonder why scammers want to capitalize? With so many people expecting packages, a phishing attempt could easily work against an unsuspecting victim.
In one recent campaign identified by GoSecure Email Security Analysts, GoSecure Secure Email Security blocked almost a million phishing attempts against GoSecure clients. Here are a couple examples of recent attempts and how you can spot the scams.
Another Successful Hacktoberfest: See the Results from GoSecure Collaborations
For the fifth year, GoSecure encouraged everyone to join Hacktoberfest, an annual, month-long event that encourages contributions to open-source software. Each year, GoSecure tags several issues for collaboration and this blog post summarizes the work that was contributed to our repositories.
Status on Log4j Vulnerability in the GoSecure Portfolio
Due to the severity of the Log4Shell vulnerability (CVE-2021-45046), GoSecure is making available the status of the Log4Shell vulnerability across the GoSecure portfolio.
Get the Latest from GoSecure Titan Labs on Mitigation and Remediation for the Log4Shell Vulnerability
Updated on 12/15/2021 with the latest mitigation strategies for CVE-2021-44228 and CVE-2021-45046 including Log4J 1.2 status
GoSecure has been closely monitoring the Log4Shell vulnerability since it was discovered. Not only have we been proactively hunting across GoSecure TitanTM Managed Detection & Response (MDR), but we have also helped monitor and respond with patches for our clients through GoSecure Vulnerability Management as a Service (VMaaS) and supported clients with other managed security solutions.
So far, none of our GoSecure Titan MDR customers have been impacted by Log4Shell. The GoSecure Active Response Center (ARC) remains vigilant for any signs of breaches and new MDR detections have been added to increase the visibility of known Log4Shell activity.
To increase our detection and blocking capabilities, GoSecure Titan Labs performed extensive research on the vulnerability. The results of that work can be found in this blog, including some recommended mitigation and remediation actions.
CAS D'UTILISATION
Cyberrisques
Mesures de sécurité basées sur les risques
Sociétés de financement par capitaux propres
Prendre des décisions éclairées
Sécurité des données sensibles
Protéger les informations sensibles
Conformité en matière de cybersécurité
Respecter les obligations réglementaires
Cyberassurance
Une stratégie précieuse de gestion des risques
Rançongiciels
Combattre les rançongiciels grâce à une sécurité innovante
Attaques de type « zero-day »
Arrêter les exploits de type « zero-day » grâce à une protection avancée
Consolider, évoluer et prospérer
Prenez de l'avance et gagnez la course avec la Plateforme GoSecure TitanMC.
24/7 MXDR
Détection et réponse sur les terminaux GoSecure TitanMC (EDR)
Antivirus de nouvelle génération GoSecure TitanMC (NGAV)
Surveillance des événements liés aux informations de sécurité GoSecure TitanMC (SIEM)
Détection et réponse des boîtes de messagerie GoSecure TitanMC (IDR)
Intelligence GoSecure TitanMC
Notre SOC
Défense proactive, 24h/24, 7j/7