Security Blog

Vera Vulnerable to Authenticated Remote Code Execution (CVE-2019-15123)

Jun 11, 2020

An Authenticated Remote Code Execution (RCE) vulnerability was discovered on Vera, a platform for digital asset management used in the printing industry. The application allows an authenticated user to change the logo on the Website. An attacker can use this feature to upload a malicious (.aspx) file and gain remote code execution on the server.

read more

Privacy concerns in working from home during COVID-19

Apr 7, 2020

IT security specialists deal with threats everyday, this is part of their daily work in an ever-growing business. But with the recent, unprecedented move to employees working from home, are security teams focusing enough on the potential issues that employees can create while working remotely during this heath crisis? Specifically, are privacy issues being sufficiently reviewed before new technology is implemented?

read more

Bypassing Xamarin Certificate Pinning on Android

Apr 6, 2020

Xamarin is a popular open-source and cross-platform mobile application development framework owned by Microsoft with more than 13M total downloads. This post describes how we analyzed an Android application developed in Xamarin that performed HTTP certificate pinning in managed .NET code. It documents the method we used to understand the framework and the Frida script we developed to bypass the protections to man-in-the-middle (MITM) the application. The script’s source code, as well as a sample Xamarin application, are provided for testing and further research.

read more

Impact of COVID-19 on PCI DSS compliance

Mar 25, 2020

Following recent developments in the spread of COVID-19, many companies and organizations are facing exceptional logistic challenges that can go as far as invoking their business continuity plan.

Such measures can potentially cause security and compliance elements to be put on hold for reasons of understaffing, the need to stabilize the IT infrastructure, or logistical difficulties related to the lack of mobility of key personnel.

read more

Phishing for COVID-19

Mar 17, 2020

It should come as no surprise that cybercriminals are using the COVID-19 pandemic as a phishing lure. Popular media events always result in new attacks. But with the heightened level of awareness (panic?), end-users are likely more susceptible than usual. GoSecure Inbox Detection and Response (IDR) has blocked several new variants, each with varying levels of complexity to the phishing lure but almost all looking to install a remote access trojan.

read more

Categories

SOLUTIONS
Titan Managed Detection & Response
Advisory Services
Security Technology
Managed Security Services
WHY GOSECURE?
Why MDR vs MSSP?
GoSecure Titan Platform
Threat Intelligence
Industry Validation
RESOURCES
In The News
Press Releases
Events
Security Blog
COMPANY
Leadership
Board of Directors
Careers
Follow Us:   
SOLUTIONS
Titan Managed Detection & Response
Advisory Services
Security Technology
Managed Security Services
WHY GOSECURE?
Why MDR vs MSSP?
GoSecure Titan Platform
Threat Intelligence
Industry Validation
RESOURCES
In The News
Press Releases
Events
Security Blog
COMPANY
Leadership
Board of Directors
Careers
Follow Us:   
Titan Managed Detection & Response
Next-Generation Antivirus
Endpoint Detection & Response
Network Detection & Response
Inbox Detection & Response
Insider Threat Detection & Response
Managed Firewall
Managed SIEM
Endpoint Security Lifecycle
GoSecure Titan
Titan Software
Email Security
Web Security
ResponderPRO Forensics Toolkit
Advisory Services
Cybersecurity Assessment
Security Compromise Assessment
Ethical Hacking
Incident Response & Forensics
Compliance & Audit
3rd Party Technology

Pin It on Pinterest