Newsroom

In The News

MFA fatigue attacks: Users tricked into allowing device access due to overload of push notifications

Malicious hackers are targeting Office 365 users with a spare of ‘MFA fatigue attacks’, bombarding victims with 2FA push notifications to trick them into authenticating their login attempts.

This is according to researchers from GoSecure, who have warned that there is an increase in attacks that are exploiting human behavior to gain access to devices.

Multi-factor authentication (MFA) fatigue is the name given to a technique used by adversaries to flood a user’s authentication app with push notifications in the hope they will accept and therefore enable an attacker to gain entry to an account or device.

In a blog posted earlier this week, GoSecure described the attack as “simple”, given that “it only requires the attacker to manually, or even automatically, send repeated push notifications while trying to log into the victim’s account”.

View Article Here

AWS patches bug that left its WAF customers exposed to SQL injection

SC Media LogoResearchers reported this week that they found a bug in MySQL that left AWS Web Application Firewall (WAF) customers exposed to an SQL injection.

In a blog post, GoSecure’s ethical hackers also confirmed that upon further testing, ModSecurity, a popular WAF for Apache and nginx, were also exposed to an SQL injection.

The researchers said the bug, which they trace back to a Black Hat presentation in 2013, was fixed by AWS on Oct. 1, with public disclosure coming on Wednesday.

View Article Here

How digital ‘drifters,’ eager to turn an easy profit online, fuel the malware marketplace

README LogoNew research presented during Black Hat 2021 in Las Vegas on Wednesday reveals the important role of amateur, and amateurish, players in sustaining the cybercrime ecosystem.

The cybercrime underground is often portrayed as driven by a small number of highly motivated and capable actors with criminal intent — bot herders, ransomware masterminds and spy chiefs. But new research suggests it is sustained by a huge penumbra of individuals simply trying to earn a living off the internet — a portion of whom over time drift into criminal activity.

“What we conclude from our analysis is that there is a large informal workforce evolving at the periphery of the malware industry that is necessary to its operation,” Masarah Paquet-Clouston, a security researcher for GoSecure, told a virtual session at the Black Hat security conference in Las Vegas Wednesday.

She compared these “drifters,” moving from the informal economy to the cybercrime ecosystem, to the street level dealers and enforcers — often drug addicts themselves — who make the operations of transnational drug cartels possible. “They’re not the masterminds behind … the cartels. But if we take them off the streets, maybe we can tackle the [drug] problem differently,” she said.

View Article Here

Press Releases

GoSecure Appoints David DeRuff as Chief Financial Officer

GoSecure announced the appointment of David DeRuff as Chief Financial Officer. DeRuff brings with him an extensive background of investment banking experience focused on growth companies in industries where technology plays a transformative role.

GoSecure Appoints Jeff Schmidt as Chief Technology Officer

GoSecure announced the appointment of Jeff Schmidt as Chief Technology Officer, effective July 1. Schmidt previously held the role of VP of Cyber and Trustworthiness at GoSecure. In his new role, he will be responsible for overall technology strategy and helping drive the product roadmaps. Schmidt also will lead a team of solution architects as well as GoSecure Titan Labs, which comprises threat intelligence professionals and security researchers.

GoSecure and TPx Launch Managed Inbox Detection and Response Service

GoSecure and TPx today announced the launch of Managed Inbox Detection and Response (IDR) services. As a part of TPx’s Endpoints offering, the new Managed IDR service helps IT and security teams take advantage of GoSecure’s advanced technology and expert human analysis to prevent suspicious emails from turning into potential security breaches.

GoSecure Titan® Managed Extended Detection & Response (MXDR)​

GoSecure Titan® Managed Extended Detection & Response (MXDR)​ Foundation

GoSecure Titan® Vulnerability Management as a Service (VMaaS)

GoSecure Titan® Managed Security Information & Event Monitoring (SIEM)

GoSecure Titan® Managed Perimeter Defense​ (MPD)

GoSecure Titan® Inbox Detection and Response (IDR)

GoSecure Titan® Secure Email Gateway (SEG)

GoSecure Titan® Threat Modeler

GoSecure Titan® Identity

GoSecure Titan® Platform

GoSecure Professional Security Services

Incident Response Services

Security Maturity Assessment

Privacy Services

PCI DSS Services

Penetration Testing Services​

Security Operations

MicrosoftLogo

GoSecure MXDR for Microsoft

Comprehensive visibility and response within your Microsoft security environment

USE CASES

Cyber Risks

Risk-Based Security Measures

Sensitive Data Security

Safeguard sensitive information

Private Equity Firms

Make informed decisions

Cybersecurity Compliance

Fulfill regulatory obligations

Cyber Insurance

A valuable risk management strategy

Ransomware

Combat ransomware with innovative security

Zero-Day Attacks

Halt zero-day exploits with advanced protection

Consolidate, Evolve & Thrive

Get ahead and win the race with the GoSecure Titan® Platform

24/7 MXDR FOUNDATION

GoSecure Titan® Endpoint Detection and Response (EDR)

GoSecure Titan® Next Generation Antivirus (NGAV)

GoSecure Titan® Network Detection and Response (NDR)

GoSecure Titan® Inbox Detection and Reponse (IDR)

GoSecure Titan® Intelligence

ABOUT GOSECURE

GoSecure is a recognized cybersecurity leader and innovator, pioneering the integration of endpoint, network, and email threat detection into a single Managed Extended Detection and Response (MXDR) service. For over 20 years, GoSecure has been helping customers better understand their security gaps and improve their organizational risk and security maturity through MXDR and Professional Services solutions delivered by one of the most trusted and skilled teams in the industry.

EVENT CALENDAR

May 21 ITSec

LATEST PRESS RELEASE

SECURITY ADVISORIES

No Results Found

The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.

 24/7 Emergency – (888)-287-5858