Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Outpost 24

Nine IT shortcuts that could cost you millions

Finding savings and efficiencies is part of an IT leader’s role. But sacrificing security for the sake of convenience is almost always asking for trouble later down the line. There are IT security shortcuts that might be well-intentioned and seem sensible at the time, that could have serious and unintended negative consequences. We’ll run through nine common IT security shortcuts that can end up costing organizations millions.

Unlocking admin privileges via application-wide XSS delivery

During a recent customer assessment, our pen testers discovered a critical vulnerability that exemplifies the importance of manual and continuous pen testing. The issue involved a feature intended for administrators, allowing them to send messages to a “broadcast” endpoint, which would then be displayed in a modal pop-up box for all logged-in users of the web application. However, our pen testers found that this functionality was accessible to any user, regardless of their role.

Addressing the active exploitation of Ivanti VPN vulnerabilities (urgent advisory)

A recent advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA) has shed light on vulnerabilities in Ivanti VPNs that are currently being actively exploited by malicious actors. Ivanti VPN solutions, widely utilized for their robust security features and efficient network management capabilities, have recently been identified as containing critical vulnerabilities.

Cross-site scripting attacks in action and how to protect against them

Cross-Site Scripting (XSS) attacks pose a significant security threat by infiltrating an application’s input fields with malicious code snippets. When users access the affected pages, this code is executed in their browsers, putting their sensitive information at risk. The malicious content injected into the web browser can take various forms, including JavaScript, HTML, Flash, or any other executable code.

How to master pen testing in an agile environment

Problems arise when teams are too siloed. In the past, organizations ran into trouble when Development teams would hand over finished code with security problems to IT Operations to deploy and manage. They realized it was faster and more effective to work together throughout the product lifecycle in a DevOps model, picking up on issues and resolving them as they went in an agile way of working.

Akira Ransomware-as-a-Service (RaaS) targeting Swedish organizations

Recent ransomware attacks on European organizations have attracted significant attention, primarily due to the involvement of threat actors with Russian connections or origins. Of particular concern is the latest attack on an IT service provider, which has had a profound impact on Swedish companies, government agencies, and municipalities.

Protecting your business against impersonation attacks

Companies grow through mergers and acquisitions. Marketing teams promote new products. New products spawn new web domains. As brand names, URLs, and cloud IT infrastructure proliferate, so do enterprises’ vulnerability to online attacks. At the same time, security professionals working with limited resources find it increasingly challenging to maintain oversight of their online assets.