While doing research on Microsoft SQL (MSSQL) Server, a GoSecure ethical hacker found an unorthodox design choice that ultimately led to a web application firewall (WAF) bypass.
Barracuda, a cybersecurity firm, has recently disclosed a critical vulnerability in their Email Security Gateway (ESG) appliances that has been actively exploited by threat actors in the wild since at least October 2022. This vulnerability, known as a remote command injection flaw, specifically targets a subset of devices running versions 5.1.3.001-9.2.0.006. The firm has identified that the vulnerability resides within a module responsible for conducting initial scans on attachments within incoming emails. Whilst initially addressable via a patch, the vendor is now urging its customers to replace the hardware appliances as they are unfixable.
In this article, we will demonstrate why connecting using the Remote Desktop Protocol (RDP) must be avoided on untrusted networks like in hotels, conferences, or public Wi-Fi. Protecting the connection with a VPN or a Remote Desktop Gateway is the only safe alternative.
Even automated attacks are driven by humans, but the level of engagement we observed may surprise you! When the human or an organization behind an automated attack shows higher levels of innovation and sophistication in their attack tactics, the danger increases dramatically as they are no longer simply employing an opportunistic “spray and pray” strategy, but rather more highly evolved strategies that are closer to a so-called targeted attack.
Cyber Resiliency is the ability to anticipate, protect against, withstand, and recover from adverse conditions, stresses, attacks, and compromises of cyber-enabled business.
If one of your 2023 security goals is to become more cyber resilient, it’s time to consider a cybersecurity assessment if you’re not already conducting one. Regardless of your goals or priorities, regular cybersecurity assessments should be on every organization’s radar because of the value they provide to security teams.
We spoke with Eric Rochette, Senior VP of GoSecure’s Global Services who has helped hundreds of organizations better understand their security risk and maturity through assessments and asked him to share his insights and experiences in a Q&A session.