Cross-Site Scripting (XSS) is a well-known vulnerability that has been around for a long time and can be used to steal sessions, create fake logins, and carry out actions as someone else, etc.
GoSecure Titan Labs discovered a stored cross-site scripting (XSS) vulnerability in IBM Content Navigator. Users are strongly advised to upgrade to version 3.0.9 or above. This blog post details the vulnerability, its impact and provides a proof of concept for exploitation.
GoSecure Titan Lab investigation found that 3CX phone system servers were vulnerable to two different attacks: authenticated command injection and privilege escalation. When combined with the 3CX cloud free trial, these vulnerabilities could allow an attacker to escape the restricted terminal and gain a “free” virtual server.
Phishing continues to be the number one threat faced by companies of all sizes, and one of the main entry points threat actors use to infiltrate networks. As defenses continue to evolve, so do the tactics threat actors use to circumvent those defenses. In this article, the GoSecure Titan® Inbox Detection & Response (IDR) team shares examples of tactics threat actors have used to bypass anti-phishing defenses.
Tax season is upon us, and with it comes the annual increase in targeted threat tactics. While there are many steps you should take to protect yourself and your company, it starts with knowing what to look for. In this article, the GoSecure Titan Inbox Detection & Response (IDR) team shares insights about current tax-related phishing and malware threats, and what you should be on the lookout for. We’ll cover the top two tax season threats we’ve observed—attacks targeting tax preparers and attacks targeting individuals or businesses who are seeking professionals to prepare their taxes. We’ll also share examples and tips to combat these threats.