Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and remediating threats to prevent lateral spread.
Investigation and enhanced threat detection across multi-cloud or hybrid environments.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
Join Kurtis Armour, Director, Product Management for a briefing with Cloud…
Join eSentire for an evening of axe throwing at Bury the Hatchet in New…
Join eSentire in the November Banking and Finance Digital Best Practice…
On June 18th, 2019, Mozilla released a critical advisory (CVE-2019-11707) for a 'type confusion' vulnerability that is being actively exploited in the wild . If successful, exploitation enables remote malicious actors to take full control of any vulnerable system(s).
The researcher that discovered this flaw indicates the bug can be exploited for UXSS (Universal Cross-Site Scripting) or RCE (Remote Code Execution) . While both methods are serious, it is worth noting RCE would require additional complexities for successful exploitation (e.g. sandbox escape), while UXSS is a type of attack that could necessitate the execution of malicious code via client-side vulnerabilities.
Mozilla has indicated the following versions are fixed and protected against this critical flaw: 67.0.3 and Firefox ESR 60.7.1 . It is highly recommended to apply the security patches after performing a business impact review, as attacks exploiting CVE-2019-11707 are already occurring.
What we’re doing about it
What you should do about it
Attacks in the wild are speculatively believed to be financially motivated and targeting cryptocurrency exchanges.