|
By Thomas Stacey
I’ve been working as an Application Security Auditor in Oupost24’s web application security testing team for almost three years now. Our team have shared several pieces of research over the past year, on topics including cross-site request forgery, cross-site scripting attacks, and weaponizing permissive Cross-Origin Resource Sharing (CORS) configurations.
|
By Stijn Vande Casteele
Making your organization’s attack surface lean and agile improves your cyber resilience and demotivates bad actors. The first step to avoid cyber attacks is to get your attack surface in order. The Sweepatic External Attack Surface Management (EASM) Platform is built to help you with building cyber resilience. It lists, structures and prioritizes observations by criticality. 67%
|
By Marcus White
When we carry out an assessment of an organization’s attack surface, it’s often SSL (Secure Sockets Layer) misconfigurations (and other encryption-related issues) that get the worst average scores. Research has estimated that 95% of applications have some kind of misconfiguration or vulnerability. These issues are often overlooked, but they shouldn’t be – their visibility to attackers make them an attack route that’s likely to be exploited.
|
By Lidia López Sanz
International cooperation has become crucial to disrupt the operations of malicious cybercrime actors. A prime example of this is ‘Operation Magnus’ which has showcased the effectiveness of global collaboration in tackling sophisticated threats. By dismantling their infrastructure and exposing key players, Operation Magnus not only delivered a significant blow to cybercriminals but also sent shockwaves throughout underground forums and dark web communities.
|
By KrakenLabs
Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team. Here’s what you need to know from October.
|
By Marcus White
Welcome to our blog series on Continuous Threat Exposure Management (CTEM), where we dig into the five essential stages of implementing a robust CTEM program. Coined by Gartner in 2022, CTEM is a powerful process that can help continuously manage cyber hygiene and risk across your environment. It’s also a lot to think about when you’re starting out, so it helps to break things down.
|
By Thomas Stacey
If you’re a pentester, or a consumer of application security pentest reports, you’ll probably have come across Cross-Origin Resource Sharing (CORS) and its commonly associated misconfigurations. In either case, you’ll likely have quickly dismissed the finding because it resulted in yet another “recommendation” (a vulnerability without any impact).
|
By KrakenLabs
Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team. Here’s what you need to know from September.
|
By Lidia López Sanz
Crystal Rans0m is a previously undocumented hybrid ransomware family developed in Rust programming language seen for the first time in the wild on September 2nd, 2023. Interestingly, it does not only encrypt victim’s files, demanding a ransom for their release, but also steals sensitive information from the infected systems. This dual-threat approach means that attackers can double their leverage over victims, potentially increasing their chances of monetizing their attacks.
|
By Marcus White
Increasing digitalization and connectivity mean the attack surfaces of most organizations are growing. This means more IT assets to track and manage, plus more potential attack routes for threat actors to target. The threat situation is constantly increasing, especially in the area of vulnerabilities – last year over 30,000 new vulnerabilities were published. So how can you get an accurate view of your attack surface and where it might be open to exploitation?
|
By Outpost 24
There’s a gap between the identification of vulnerabilities and the IT resource available to remediate them within the timeframe hackers operate. With Outscan NX and Farsight, the vulnerability risk management process becomes more streamlined and efficient, enabling organizations to proactively address the biggest risk first to optimize security resource.
|
By Outpost 24
Penetration testing is an effective way to detect flaws in your application before they turn into a serious threat, helping you better understand the applications attack surface. But in the always-on economy there comes a problem - traditional pen testing delivery takes weeks to set up and the results are point in time, which leaves critical application vulnerabilities exposed longer than it should - given the average time for a threat actor to weaponize a new vulnerability is only 7 days.
|
By Outpost 24
Ransomware has continued to grow in maturity throughout the first half of 2021. As businesses struggle to understand yet another major attack that hit the Kaseya supply chain, organizations are beginning to realize data backups and cyber insurance alone won’t save them.
|
By Outpost 24
APIs are a key part of modern web applications and a growing security challenge that isn’t well understood by developers and application security managers, leading to exposed APIs that give hackers access to sensitive data. Find out how to secure your APIs and prevent vulnerabilities from making it into production.
|
By Outpost 24
The sheer volume of vulnerabilities security professionals have to deal with everyday poses a significant challenge to resource and time to patch. Learn how to narrow down high risk CVEs by focusing on exploit availability and threat context beyond CVSS.
|
By Outpost 24
Demands for cybersecurity are growing. Are you providing the solutions customers seek and need to improve their security competence and prevent data breach? Find out how to differentiate from local competitors by partnering with Outpost24.
|
By Outpost 24
Added links in Outpost24 Scale DAST tool to Secure Code Warrior for findings with a CWE. Where an Appsec finding is linked to a CWE we have introduced direct links to Secure Code Warrior eLearning training platform. This gives users the ability to understand what the vulnerability is and more importantly how to address these findings within their development process. Customers do not have to be customers of Secure Code Warrior (SCW) to enjoy the learning modules presented, though customers who are SCW customers may get further insights as well as tracking scores and other metrics.
|
By Outpost 24
We don’t think it’s fair that businesses are targets of cybercriminals. That's why we’ve created the most complete security assessment platform to help our customers tighten their 'full stack' security exposure before their business can be disrupted.
|
By Outpost 24
As zero trust moves higher up on the CISOs security agenda we’re hosting a webinar to discuss the pros and cons of adopting this new approach and how it can impact your team’s ability to remain agile, whilst protecting your business. As a recent study demonstrates, 34% of security breaches involved insiders in 2019 meaning CISOs are becoming more likely to consider zero trust and it should come as no surprise that many organizations are now eager to adopt a zero-trust security policy.
|
By Outpost 24
Join Outpost24 and 360 Trust Services experts to learn how you can tackle the growing cybersecurity threats, and secure your high availability operations and satisfied customers. Save your spot for a comprehensive webinar, as we will be presenting the latest security products and services offerings, based on 20 years’ experience and accumulated expertise in cybersecurity, from vulnerability management, risk prioritization to driving a remediation culture.
|
By Outpost 24
Web app attacks remain the #1 vector exploited in successful breaches. With agile development, apps run the risk of creating new vulnerabilities or perpetuating old ones on a weekly, daily, even hourly basis, security and risk managers need to step up a programmatic response. Fortunately there's a new, collaborative model for Appsec that organizations can operate in a mostly automated manner. Download our useful DevOps guide and learn how best to operationalize security testing in an agile process.
|
By Outpost 24
More and more companies choose to migrate to a Cloud infrastructure to take advantage of new resources, an elastic storage power and agile deployment, nevertheless IT professionals are not always trained to secure these new technologies. Like traditional infrastructures, a public Cloud infrastructure services requires the implementation of security measures and controls by their users. Enterprises must adapt their security policy to these new technologies to reap the Cloud benefits without increasing their cyberattacks exposure area.
|
By Outpost 24
We surveyed over 200 security professionals at the 2020 RSA conference to delve deeper into the dangers of rogue access points and understand how security professionals are tackling wireless security. Our data highlights their main concerns and the key trends from IT and network security professionals on the wireless security frontline. Key findings in the 2020 Internet of Evil Things report: Download the 2020 IoET Report to uncover valuable wireless security insights to help protect your organization's network airspace in the future.
|
By Outpost 24
Cloud is the new fact of life for providing enterprise IT services. However, security professionals are left feeling unclear about the complexities surrounding cloud, shared responsibility and understanding where the cloud provider security tools from AWS, Azure and Google Cloud Platform are falling short.
|
By Outpost 24
Are you struggling to triage through tons of findings to identify the greatest threats and patch more effectively? You are not alone! With speed being the biggest challenge to effectively patch, this whitepaper looks at how existing prioritization works with CVSS scoring and how a risk based approach with machine learning can be applied to align corporate risk appetite and drive better decision making for optimal efficiency.
- November 2024 (4)
- October 2024 (3)
- September 2024 (3)
- August 2024 (5)
- July 2024 (5)
- June 2024 (5)
- May 2024 (4)
- April 2024 (5)
- March 2024 (4)
- February 2024 (3)
- January 2024 (6)
- December 2023 (2)
- November 2023 (4)
- October 2023 (5)
- September 2023 (3)
- August 2023 (3)
- July 2023 (7)
- June 2023 (4)
- May 2023 (2)
- April 2023 (4)
- March 2023 (3)
- February 2023 (3)
- January 2023 (2)
- December 2022 (2)
- November 2022 (2)
- October 2022 (4)
- September 2022 (2)
- August 2022 (2)
- July 2022 (5)
- June 2022 (2)
- May 2022 (5)
- April 2022 (1)
- March 2022 (5)
- February 2022 (4)
- January 2022 (1)
- December 2021 (2)
- November 2021 (2)
- October 2021 (1)
- September 2021 (1)
- August 2021 (3)
- July 2021 (2)
- June 2021 (3)
- May 2021 (4)
- April 2021 (2)
- March 2021 (3)
- February 2021 (8)
- January 2021 (1)
- December 2020 (6)
- November 2020 (9)
- October 2020 (8)
- September 2020 (7)
- August 2020 (2)
- July 2020 (5)
- June 2020 (4)
- May 2020 (9)
Effortlessly automate identification of web application, network infrastructure, wireless and cloud vulnerabilities with a risk based approach for fast remediation.
Over 2,000 customers worldwide trust Outpost24 to assess their devices, networks, applications, cloud and container environments and report compliance status. We serve leading organizations across a wide range of segments including financial services, government, healthcare, retail, telecommunications, technology, and manufacturing.
Full stack security scanning and penetration testing:
- Single Platform, Total Coverage: Servers, endpoints, devices, switches, apps, clouds and containers. We got you covered in a single UI with risk based insights.
- Developed by Ethical Hackers: It takes a hacker to stop a hacker. We built years of ethical hacking experience into our products and services for best vulnerabitity results.
- Continuous Security Testing: Our tools work around the clock to automate scans and orchestrate security controls to protect you on a continual basis.
Complete vulnerability and security assessment.