Published: 2020-04-07
Mossé Security’s CSIRT has analysed the security vulnerabilities reported in Zoom between March 31st and April 7th, 2020. We are now sharing our professional opinion regarding the risk of “Zoom Bombing” attacks and discussing the weak encryption practices employed by Zoom.
Continue >Published: 2019-07-16
Mossé Security has been observing that some security solutions automatically upload emails to Virus Total that contain sensitive information (including attachments), without the knowledge or consent of the organisation.
Continue >Published: 2019-07-10
Mossé Security’s Advanced CSIRT Team have been urgently called to respond to an alarming number of email account compromises that have allowed threat actors such as CRIME CHARLIE and CRIME OSCAR to steal money from regional organisations. Vast collateral damages are doubtlessly ensuing to these companies’ reputations wit...
Continue >Published: 2019-07-02
Mossé Security CSIRT has recently successfully responded to several breaches into corporate networks where the initial point of entry was a malicious portable application that provided reverse-shell capabilities to the adversaries. Using Portable Applications as an indirect way to breach into computer networks is another...
Continue >Published: 2019-06-13
Mossé Security CSIRT observes signed malware used against Australian organisations daily. Enterprise security products and security analysts are advised not to automatically trust a file because it is signed. Digital certificates can be legitimately purchased for less than $100.00 USD. These certificates are either stole...
Continue >