Threat & Vulnerability Management

Open web directories have long been a target of hackers looking for cheap wins in the search for sensitive data. Today, open S3 buckets are becoming a new favorite source for discovering data sitting on the public internet.

Revelations of a massive breach of Google+, a largely defunct challenger to Facebook, suggests that the data of hundreds of thousands of users was compromised over a period from 2015 to March 2018.

With network perimeters becoming more hardened, phishing is an ever-popular way for attackers to gain a foothold into a company network. VerSprite’s own experience with phishing engagements show us just how effective and easy it is to run successful phishing campaigns.

A critical security flaw in Apache Struts2 makes it possible for a cyber attacker to remotely execute code on the vulnerable server and can provide and entry point into your network. Proof of Concept code is already available online for hackers to use and modify to initiate attacks.

VerSprite’s Managing Consultant for DFIR provides an adaptive, heuristic approach that has been successfully used to identify compromised assets, rogue accounts, unauthorized software, organizational policy violations and poor security practices.

As of the latest release of Chrome, sites not using TLS encryption are being called out in the address bar. Users will now see a “Not Secure” label when visiting sites over plain HTTP, even if the site does not transmit sensitive information.