Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Outpost 24

Crystal Rans0m: Emerging hybrid ransomware with stealer capabilities

Crystal Rans0m is a previously undocumented hybrid ransomware family developed in Rust programming language seen for the first time in the wild on September 2nd, 2023. Interestingly, it does not only encrypt victim’s files, demanding a ransom for their release, but also steals sensitive information from the infected systems. This dual-threat approach means that attackers can double their leverage over victims, potentially increasing their chances of monetizing their attacks.

What security lessons can you learn from your attack surface score?

Increasing digitalization and connectivity mean the attack surfaces of most organizations are growing. This means more IT assets to track and manage, plus more potential attack routes for threat actors to target. The threat situation is constantly increasing, especially in the area of vulnerabilities – last year over 30,000 new vulnerabilities were published. So how can you get an accurate view of your attack surface and where it might be open to exploitation?

CTEM step-by-step guide | Stage one: Scoping

Welcome to our blog series on Continuous Threat Exposure Management (CTEM), where we dig into the five essential stages of implementing a robust CTEM program. Coined by Gartner in 2022, CTEM is a powerful process that can help continuously manage cyber hygiene and risk across your online environment. It’s also a lot to think about when you’re starting out, so it helps to break things down. Our series begins with the crucial first stage: Scoping.

Threat Context monthly: Executive intelligence briefing for August 2024

Welcome to the Threat Context monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news and threat information from KrakenLabs, Outpost24’s cyber Threat Intelligence team. Here’s what you need to know from August.

CSRF simplified: A no-nonsense guide to Cross-Site Request Forgery

Cross-Site Request Forgery (CSRF) is a serious web security vulnerability that allows attackers to exploit active sessions of targeted users to perform privileged actions on their behalf. Depending on the relevancy of the action and the permissions of the targeted user, a successful CSRF attack may result in anything from minor integrity impacts to a complete compromise of the application.

Supercharge domain discovery with AI-powered External Attack Surface Management (EASM)

Modern organizations have sprawling attacks surfaces of known and unknown assets that grow each day. This means understanding and managing your external attack surface is more crucial than ever. But with the vast number of digital assets that organizations need to monitor, accurately identifying every component of your attack surface can seem overwhelming – which is why many turn to External Attack Surface Management (EASM).

How to tell if your organization's credentials have been involved in a breach

Stolen credentials are the easiest route into your organization for a hacker. Verizon’s 2023 Data Breach Investigation Report found that threat actors used stolen credentials in 49% of attempts to gain unauthorized access to organizations. The problem IT teams face is knowing when credentials have been stolen or leaked in a breach – otherwise you’re waiting to respond to a security issue rather than handling it proactively.

Outpost24 Launches AI Domain Discovery in External Attack Surface Management

Outpost24 is pleased to announce the integration of a new Artificial Intelligence (AI) assistant into its Exposure Management Platform. This groundbreaking AI Domain Discovery feature enables Outpost24 customers to effortlessly identify domains belonging to their organization, significantly improving the speed and accuracy of domain ownership and classification.

Threat group USDoD claims to leak CrowdStrike threat actor database

The threat group USDoD posted on a dark web forum on July 24th to claim they’ve got hold of a large database of threat actors compiled by CrowdStrike. So far, the threat actor has released only a small sample of the data, but the forum post below claims that over 250 million records have been exposed. This could provide information on the aliases, recent activities, origins, and motivations of various cybercriminal groups and state-sponsored actors.

Cross-site scripting vulnerability found in Oracle Integration Cloud

In November 2023, while conducting a security assessment on a client’s instance of the Oracle Integration Cloud Platform, I discovered a medium severity vulnerability nestled within the handling of the “consumer_url” URL parameter. This flaw unveiled a Cross-Site Scripting (XSS) vector that could be exploited by a user with malicious intent.