Attack Surface
The Android operating system and the mobile devices it runs on dominate the market in comparison to other device manufactures. Along with the market share, the Android ecosystem is heavily fragmented; that is to say many individuals are still using older versions of the Android operating system.
Read more
Versprite
Cybersecurity
In October 2018, it was revealed that there existed an authentication bypass vulnerability in the libSSH library. This immediately gained attention of the InfoSec media, which started throwing around wild speculations about its scope and impact.
Open web directories have long been a target of hackers looking for cheap wins in the search for sensitive data. Today, open S3 buckets are becoming a new favorite source for discovering data sitting on the public internet.
Zach Varnell
Enterprise Data Security
Revelations of a massive breach of Google+, a largely defunct challenger to Facebook, suggests that the data of hundreds of thousands of users was compromised over a period from 2015 to March 2018.
Milena Rodban
Phishing Attacks
With network perimeters becoming more hardened, phishing is an ever-popular way for attackers to gain a foothold into a company network. VerSprite’s own experience with phishing engagements show us just how effective and easy it is to run successful phishing campaigns.
Data Security Breach
A critical security flaw in Apache Struts2 makes it possible for a cyber attacker to remotely execute code on the vulnerable server and can provide and entry point into your network. Proof of Concept code is already available online for hackers to use and modify to initiate attacks.
Threat Hunting
VerSprite’s Managing Consultant for DFIR provides an adaptive, heuristic approach that has been successfully used to identify compromised assets, rogue accounts, unauthorized software, organizational policy violations and poor security practices.
Ray Strubinger
Secure Protocols
As of the latest release of Chrome, sites not using TLS encryption are being called out in the address bar. Users will now see a “Not Secure” label when visiting sites over plain HTTP, even if the site does not transmit sensitive information.
Backdoor Attack
Larry Cashdollar, a Senior Security Response Engineer at Akamai, publicly disclosed the details of a vulnerability in the jQuery File Upload plugin (CVE-2018-9206).
In October Bloomberg published a bombshell report on how the Chinese intelligence community has been backdooring the hardware of many big US businesses.
We are an international squad of professionals working as one.
Email
Phone
