Security Blog

Evasive Phishing Techniques Threat Actors Use to Circumvent Defense Mechanisms

Evasive PhishingPhishing continues to be the number one threat faced by companies of all sizes, and one of the main entry points threat actors use to infiltrate networks. As defenses continue to evolve, so do the tactics threat actors use to circumvent those defenses. In this article, the GoSecure Titan® Inbox Detection & Response (IDR) team shares examples of tactics threat actors have used to bypass anti-phishing defenses.

read more

Don’t Get Fooled! Watch Out for These Top Tax Season Threats

Don’t Get Fooled! Watch Out for These Top Tax Season ThreatsTax season is upon us, and with it comes the annual increase in targeted threat tactics. While there are many steps you should take to protect yourself and your company, it starts with knowing what to look for. In this article, the GoSecure Titan Inbox Detection & Response (IDR) team shares insights about current tax-related phishing and malware threats, and what you should be on the lookout for. We’ll cover the top two tax season threats we’ve observed—attacks targeting tax preparers and attacks targeting individuals or businesses who are seeking professionals to prepare their taxes. We’ll also share examples and tips to combat these threats.

read more

6 Privacy Pitfalls for Developers to Avoid

6 Privacy Pitfalls for Developers to AvoidWhile tech-savvy people are very concerned about privacy, knowing where to find metadata leaks can be nebulous even for developers. In this blog post, we will explore examples of unexpected user information leakage. We hope that the information shared in this blog will help developers assess and address potential privacy issues with their applications, as well as educate end-users about potential risks to their privacy that can result from information leaks.

We picked six examples based on design flaws that are often overlooked. We recognize that common vulnerabilities such as SQL injection and memory corruption often lead to confidentiality and privacy issues as well. We feel that these issues also pose a significant risk to privacy and can compromise personal data if not addressed properly.

read more

What Does the Ukraine Invasion Mean for Cyber Warfare?

What Does the Ukraine Invasion Mean for Cyber Warfare?Cyber warfare is here to stay. The Russia/Ukraine conflict underscores the long-held fear that kinetic warfare can and would be combined with organized, sustained cyber warfare to be used asymmetrically against a militarized adversary and its’ country’s critical infrastructure.

read more

Current MFA Fatigue Attack Campaign Targeting Microsoft Office 365 Users

Current MFA Fatigue Attack Campaign Targeting Microsoft Office 365 UsersMulti-factor Authentication or MFA (sometimes referred as 2FA) is an excellent way to protect your Office 365 accounts from attackers trying to gain access to them. As a second form of protection, along with passwords, it supplies another step in the process to verify the real identity of the user trying to log in. There are many MFA options including SMS, One Time Passwords (OTP) and push notifications from an app. And while the intent of these methods is to provide extra protection, attackers have also begun to look for ways to compromise what should be a security enhancing practice. In this case, we are examining MFA Fatigue by focusing on a current attack vector—Push Notification Spamming. We’ll describe what MFA fatigue is, how it is carried out and detail the steps for IT professionals to detect and mitigate it within their organizations.

GoSecure Titan Labs identified new threat vectors using MFA Fatigue attacks based on recent investigations. Our team has also observed a significant increase in the number of attacks performed using this technique.

read more

Categories

Titan Managed Detection & Response
Next-Generation Antivirus
Endpoint Detection & Response
Network Detection & Response
Inbox Detection & Response
Insider Threat Detection & Response
Managed Firewall
Managed SIEM
Vulnerability Management as a Service
GoSecure Titan
Titan Software
Secure Email Gateway
Web Security
ResponderPRO Forensics Toolkit
Advisory Services
Breach Readiness Services
Custom Cybersecurity Consulting Services
Cybersecurity Assessment
Incident Response Services
Red & Purple Team Services
Penetration Testing Services
Privacy & Compliance Services
Security Compromise Assessment
3rd Party Technology

Pin It on Pinterest