GoSecure https://gosecure.ai/ Wed, 13 Mar 2024 13:24:55 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.3 https://gosecure.ai/wp-content/uploads/2019/10/cropped-favicon-32x32.png GoSecure https://gosecure.ai/ 32 32 Hack to the future: The Attack Surface of GPS Signals https://gosecure.ai/blog/2024/03/11/hack-to-the-future-the-attack-surface-of-gps-signals/ Vianney Gall Mon, 11 Mar 2024 22:04:48 +0000 Hackers GNSS GPS Hacking Penetration Testing Pentest <p><img class="size-medium wp-image-8536 alignright" src="https://gosecure.ai/wp-content/uploads/GPSSignals-300x300.jpg" alt="" width="300" height="300" />In an era where our critical infrastructures increasingly rely on precise time and space, security implications of GPS systems have become a concerning aspect of their stability.</p> <p>The post <a href="https://gosecure.ai/blog/2024/03/11/hack-to-the-future-the-attack-surface-of-gps-signals/">Hack to the future: The Attack Surface of GPS Signals</a> appeared first on <a href="https://gosecure.ai">GoSecure</a>.</p> Phishing may have just become a lot harder to detect… https://gosecure.ai/blog/2024/02/20/phishing-may-have-just-become-a-lot-harder-to-detect/ Paul Neuman Tue, 20 Feb 2024 22:19:21 +0000 Artificial Intelligence Email Email Security IDR Phishing Security ai llm SEG <p><img class="wp-image-8004 alignright" src="https://gosecure.ai/wp-content/uploads/SOCIAL-MEDIA-TEMPLATE.png" alt="" width="371" height="194" />We are on the upward trajectory of AI. AI can be used to write anything from a blog post to a news story, even a thesis. It’s an incredibly useful tool that will save hours of time and make writing anything an essentially seamless task. However, with anything good, someone always seems to ruin it…Enter the bad guy!</p> <p>The post <a href="https://gosecure.ai/blog/2024/02/20/phishing-may-have-just-become-a-lot-harder-to-detect/">Phishing may have just become a lot harder to detect…</a> appeared first on <a href="https://gosecure.ai">GoSecure</a>.</p> Beyond the Script: Attacker’s Sleep Schedule and Strategies Behind Automated Attacks https://gosecure.ai/blog/2024/02/07/beyond-the-script-attackers-sleep-schedule-and-strategies-behind-automated-attacks/ Andréanne Bergeron Wed, 07 Feb 2024 14:29:42 +0000 RDP Brute Force calendar Hackers heatmap <p><img class=" wp-image-8016 alignright" src="https://gosecure.ai/wp-content/uploads/Designer-6.png" alt="" width="175" height="175" />Examining the brute-forcing attack patterns on our Remote Desktop Protocol (RDP) honeypot systems reveals the discernible behavior of automated scripts. Yet, upon closer inspection of the temporal patterns associated with these attacks, subtle nuances indicative of human behavior begins to emerge.</p> <p>The post <a href="https://gosecure.ai/blog/2024/02/07/beyond-the-script-attackers-sleep-schedule-and-strategies-behind-automated-attacks/">Beyond the Script: Attacker’s Sleep Schedule and Strategies Behind Automated Attacks</a> appeared first on <a href="https://gosecure.ai">GoSecure</a>.</p> Merry and Secure: Unwrapping the Truth Around Malicious Hackers Activities During Holiday Season https://gosecure.ai/blog/2023/12/21/malicious-hackers-activities-during-holiday-season/ Andréanne Bergeron Thu, 21 Dec 2023 15:59:36 +0000 Christmas Cybersecurity Cybersecurity Risk Honeypot RDP Uncategorized Hackers Holidays Myths <p><img class="size-medium wp-image-4609 alignright" src="/wp-content/uploads/russian_dolls_grinch-300x300.png" alt="Russian Dolls Grinch Themed" width="300" height="300" />As the Holiday season upon us, a persistent narrative echo through the corridors of cybersecurity, emphasizing the critical need for organizations to heighten their vigilance and proactively shield their digital assets. While the chorus of caution is undeniable, let's take a moment to challenge this prevailing notion. Is the Holiday season truly a breeding ground for malicious actors, preying on potential vulnerabilities left in the wake of understaffed security teams? In this blog post, we embark on a journey to scrutinize, question, and demystify the conventional wisdom that surrounds the nexus between festive cheer and cybersecurity concerns.</p> <p>The post <a href="https://gosecure.ai/blog/2023/12/21/malicious-hackers-activities-during-holiday-season/">Merry and Secure: Unwrapping the Truth Around Malicious Hackers Activities During Holiday Season</a> appeared first on <a href="https://gosecure.ai">GoSecure</a>.</p> From Spraying and Praying to Custom Attacks: Different Playbooks for the Different Types of Malicious Actors Targeting RDP https://gosecure.ai/blog/2023/12/06/profile-of-attackers-strategies-to-brute-force-rdp/ Andréanne Bergeron Wed, 06 Dec 2023 20:24:24 +0000 Brute Force PYRDP RDP Research Threat Uncategorized attackers' behavior <p><img class="size-medium wp-image-4386 alignright" style="text-align: right;" src="/wp-content/uploads/ryoji-iwata-X53e51WfjlE-unsplash-200x300.jpg" alt="People crossing the street" width="200" height="300" /></p> <p style="text-align: left;">Characterizing attackers gets us closer to reveal who they are. Our study categorizes the behavior of Remote Desktop Protocol (RDP) attackers. Based on 3.4 million login attempts, we reveal five different clusters of brute force attacks strategies.</p> <p>The post <a href="https://gosecure.ai/blog/2023/12/06/profile-of-attackers-strategies-to-brute-force-rdp/">From Spraying and Praying to Custom Attacks: Different Playbooks for the Different Types of Malicious Actors Targeting RDP</a> appeared first on <a href="https://gosecure.ai">GoSecure</a>.</p> Enhancing Cyber Risk Dialogue: Lessons from SEC’s Recent Action https://gosecure.ai/blog/2023/11/03/enhancing-cyber-risk-dialogue-lessons-from-secs-recent-action/ Troy Vennon Fri, 03 Nov 2023 13:30:21 +0000 Advisory Services Cybersecurity Risk Fraud Security Advisory Threat <p><img class="size-medium wp-image-4561 alignright" src="https://www.gosecure.ai/wp-content/uploads/tingey-injury-law-firm-yCdPU73kGSc-unsplash-300x200.jpg" alt="" width="300" height="200" /></p> <p>As a reaction to a number of major corporate and accounting scandals (namely Enron and WorldCom), twenty years ago the Sarbanes-Oxley Act (SOX) was enacted. The law is almost certainly present in the day-to-day professional lives of every public company CFO and CEO.</p> <p>The post <a href="https://gosecure.ai/blog/2023/11/03/enhancing-cyber-risk-dialogue-lessons-from-secs-recent-action/">Enhancing Cyber Risk Dialogue: Lessons from SEC&#8217;s Recent Action</a> appeared first on <a href="https://gosecure.ai">GoSecure</a>.</p> International Collaboration for Darkweb-Related Investigations https://gosecure.ai/blog/2023/10/24/international-collaboration-for-darkweb-related-investigations/ Marie-Pier Villeneuve-Dubuc Tue, 24 Oct 2023 18:37:39 +0000 Criminology Collaboration Law Enforcement <p><span class="TextRun SCXW137683635 BCX0" lang="EN-US" xml:lang="EN-US" data-contrast="none"><span class="NormalTextRun SCXW137683635 BCX0" data-ccp-charstyle="normaltextrun" data-ccp-charstyle-defn="{&#34;ObjectId&#34;:&#34;7636f18f-53eb-4446-97bf-f5a692083b22&#124;66&#34;,&#34;ClassId&#34;:1073872969,&#34;Properties&#34;:[469775450,&#34;normaltextrun&#34;,201340122,&#34;1&#34;,134233614,&#34;true&#34;,469778129,&#34;normaltextrun&#34;,335572020,&#34;1&#34;,469778324,&#34;Default Paragraph Font&#34;]}"><img class="size-medium wp-image-4535 alignright" src="https://www.gosecure.ai/wp-content/uploads/Darkweb-Investigation-Blog-October-2023-1-300x157.png" alt="Police Officer at Desk" width="300" height="157" /></span></span><span data-contrast="none">In April 2023, the most recent meeting of the United Nations Office on Drugs and Crime took place on the potential </span><a href="https://www.unodc.org/unodc/en/cybercrime/ad_hoc_committee/home"><span data-contrast="none">Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes</span></a><span data-contrast="none">. This meeting focused on international cooperation to unite countries to address the constant increase in cybercrimes worldwide. However, as exposed in the </span><a href="https://www.euractiv.com/section/law-enforcement/news/west-clashes-with-china-russia-over-un-cybercrime-convention/"><span data-contrast="none">press</span></a><span data-contrast="none">, it is arduous to obtain the unanimous agreement of the member countries on subjects as legally and culturally complex as personal data transfer, judicial extradition, joint police investigations, access to cross-border data and special investigations techniques. </span><span data-contrast="none"> </span><span data-ccp-props="{&#34;134233117&#34;:false,&#34;134233118&#34;:false,&#34;201341983&#34;:0,&#34;335551550&#34;:6,&#34;335551620&#34;:6,&#34;335559738&#34;:0,&#34;335559739&#34;:0,&#34;335559740&#34;:240}"> </span><!--more--></p> <p>The post <a href="https://gosecure.ai/blog/2023/10/24/international-collaboration-for-darkweb-related-investigations/">International Collaboration for Darkweb-Related Investigations</a> appeared first on <a href="https://gosecure.ai">GoSecure</a>.</p> Password Managers are the panacea? Maybe not, but better than nothing https://gosecure.ai/blog/2023/09/12/password-managers-are-the-panacea-maybe-not-but-better-than-nothing/ Olivier Bilodeau Tue, 12 Sep 2023 22:00:02 +0000 Cybersecurity Password password hygiene password managers password strength <p><img class="wp-image-4507 size-medium alignright" src="https://www.gosecure.ai/wp-content/uploads/MicrosoftTeams-image-117-300x300.jpg" alt="Stock photo" width="300" height="300" />In January, we published a <a href="https://www.gosecure.ai/blog/2023/01/31/password-nightmare-explained/">blog</a> explaining why it is important to have strong passwords and provided advice to increase their robustness. Little did we know that this blog’s writing would create a commotion among the research team as different opinions on password managers emerged. Our last blog explained why password managers might not be as popular as the InfoSec community wishes. In this blog we will refute some of the arguments made, accept the limitations of password managers’ adoption, and propose strategies to address that.</p> <p>The post <a href="https://gosecure.ai/blog/2023/09/12/password-managers-are-the-panacea-maybe-not-but-better-than-nothing/">Password Managers are the panacea? Maybe not, but better than nothing</a> appeared first on <a href="https://gosecure.ai">GoSecure</a>.</p> Password Managers are the panacea? Not! https://gosecure.ai/blog/2023/09/11/password-managers-are-the-panacea-not/ Andréanne Bergeron Mon, 11 Sep 2023 22:00:18 +0000 Cybersecurity Password password hygiene password managers password strength <p><img class="wp-image-4508 size-medium alignright" src="https://www.gosecure.ai/wp-content/uploads/MicrosoftTeams-image-116-300x300.png" alt="Stock photo" width="300" height="300" /><span data-contrast="auto">In January, we published a </span><a href="https://www.gosecure.ai/blog/2023/01/31/password-nightmare-explained/"><span data-contrast="none">blog</span></a><span data-contrast="auto"> explaining why it is important to have strong passwords, and provided some advice to increase their robustness. Little did we know that this blog’s writing would create a commotion among the research team as different opinions on password managers emerged. The next two blog posts will cover password managers. The first one aims to explain why it might not be as popular as the InfoSec community wishes, while the second one attempts to nuance that anything is better than the status quo. </span><span data-ccp-props="{&#34;201341983&#34;:0,&#34;335559739&#34;:200,&#34;335559740&#34;:240}"> </span></p> <p>The post <a href="https://gosecure.ai/blog/2023/09/11/password-managers-are-the-panacea-not/">Password Managers are the panacea? Not!</a> appeared first on <a href="https://gosecure.ai">GoSecure</a>.</p> How Unparalleled RDP Monitoring Reveal Attackers’ Tradecraft https://gosecure.ai/blog/2023/08/09/how-unparalleled-rdp-monitoring-reveal-attackers-tradecraft/ Andréanne Bergeron Wed, 09 Aug 2023 16:00:15 +0000 PYRDP RDP Tool Penetration Testing Red Team <p><span data-ccp-props="{&#34;134233117&#34;:false,&#34;134233118&#34;:false,&#34;201341983&#34;:0,&#34;335559738&#34;:0,&#34;335559739&#34;:0,&#34;335559740&#34;:240}"><span data-contrast="none"><img class="wp-image-4504 size-medium alignright" src="https://www.gosecure.ai/wp-content/uploads/DnD-All-1-300x169.jpeg" alt="" width="300" height="169" />With </span><a href="https://github.com/gosecure/pyrdp"><span data-contrast="none">our RDP interception tool</span></a><span data-contrast="none">, we managed to collect a great de</span></span><span data-contrast="none">al of information (screen, keyboard, mouse, metadata) about opportunistic attackers, and have it on video. </span><span data-contrast="auto">An engineer and a crime data scientist partner to deliver an epic story, presented </span><a href="https://www.blackhat.com/us-23/briefings/schedule/index.html#i-watched-you-roll-the-die-unparalleled-rdp-monitoring-reveal-attackers-tradecraft-33110"><span data-contrast="none">at BlackHat USA</span></a><span data-contrast="auto"> titled “I Watched You Roll the Die: Unparalleled RDP Monitoring Reveal Attackers’ Tradecraft” for the first time, which includes luring, </span><span data-contrast="none">understanding and characterizing attackers, allowing to collectively focus our attention on more sophisticated threats. </span><span data-ccp-props="{&#34;134233117&#34;:false,&#34;134233118&#34;:false,&#34;201341983&#34;:0,&#34;335559738&#34;:0,&#34;335559739&#34;:0,&#34;335559740&#34;:240}"> </span></p> <p>The post <a href="https://gosecure.ai/blog/2023/08/09/how-unparalleled-rdp-monitoring-reveal-attackers-tradecraft/">How Unparalleled RDP Monitoring Reveal Attackers’ Tradecraft</a> appeared first on <a href="https://gosecure.ai">GoSecure</a>.</p>