Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Outpost 24

Top three cyber threats that will persist in 2025

As another year comes to an end, it’s not only Santa who brings presents for those on his nice list. These days, it’s quite common for well-known firms to publish their annual roundups of the most notable events that have taken place in the cybersecurity landscape, together with predictions of what can we expect in next twelve months.

New RBAC feature offers granularity and flexibility for Outpost24's EASM customers

A new role-based access control (RBAC) feature has been added to Outpost24’s external attack surface management (EASM) solution. This opens up new possibilities for Outpost24 customers, allowing them to be more granular when it comes to configuring permissions for different roles.

Threat Context monthly: Executive intelligence briefing for November 2024

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team. Here’s what you need to know from November.

Five strategies for uncovering vulnerabilities in web applications

I’ve been working as an Application Security Auditor in Oupost24’s web application security testing team for almost three years now. Our team have shared several pieces of research over the past year, on topics including cross-site request forgery, cross-site scripting attacks, and weaponizing permissive Cross-Origin Resource Sharing (CORS) configurations.

How to increase cyber resilience

Making your organization’s attack surface lean and agile improves your cyber resilience and demotivates bad actors. The first step to avoid cyber attacks is to get your attack surface in order. The Sweepatic External Attack Surface Management (EASM) Platform is built to help you with building cyber resilience. It lists, structures and prioritizes observations by criticality. 67%

How to shield your attack surface from SSL misconfigurations

When we carry out an assessment of an organization’s attack surface, it’s often SSL (Secure Sockets Layer) misconfigurations (and other encryption-related issues) that get the worst average scores. Research has estimated that 95% of applications have some kind of misconfiguration or vulnerability. These issues are often overlooked, but they shouldn’t be – their visibility to attackers make them an attack route that’s likely to be exploited.

Operation Magnus: Analyzing the cybercrime community reaction

International cooperation has become crucial to disrupt the operations of malicious cybercrime actors. A prime example of this is ‘Operation Magnus’ which has showcased the effectiveness of global collaboration in tackling sophisticated threats. By dismantling their infrastructure and exposing key players, Operation Magnus not only delivered a significant blow to cybercriminals but also sent shockwaves throughout underground forums and dark web communities.

Threat Context Monthly: Executive intelligence briefing for October 2024

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team. Here’s what you need to know from October.

CTEM step-by-step guide | Stage two: Discovery

Welcome to our blog series on Continuous Threat Exposure Management (CTEM), where we dig into the five essential stages of implementing a robust CTEM program. Coined by Gartner in 2022, CTEM is a powerful process that can help continuously manage cyber hygiene and risk across your environment. It’s also a lot to think about when you’re starting out, so it helps to break things down.

Exploiting trust: Weaponizing permissive CORS configurations

If you’re a pentester, or a consumer of application security pentest reports, you’ll probably have come across Cross-Origin Resource Sharing (CORS) and its commonly associated misconfigurations. In either case, you’ll likely have quickly dismissed the finding because it resulted in yet another “recommendation” (a vulnerability without any impact).