Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability scanning and penetration testing should be an essential part of your cybersecurity strategy. This blog discusses the above methods in the context of securing your web applications, including the benefits, drawbacks, and compliance implications. Table of contents: What is a vulnerability scan? What is a penetration test? What are the drawbacks of the traditional pen test model? Should I only to pen tests, vulnerability scans, or both?

The HIPAA Security Rule requires healthcare organizations to perform regular security risk assessments to protect e-PHI. Penetration testing can help organizations with this requirement.

In light of recent password manager breaches, our experts have provided tips on how to protect your organization from compromised credentials. In recent weeks, cybersecurity has once again been thrust into the spotlight with the news that both LastPass and Norton LifeLock, two popular password management services, have been targeted in cyberattacks, resulting in the compromise of customer password manager accounts.

In this blog post, the KrakenLabs team will take a deep dive into a malware sample classified as LummaC2, an information stealer written in C language that has been sold in underground forums since December 2022. We assess LummaC2’s primary workflow, its different obfuscation techniques (like Windows API hashing and encoded strings) and how to overcome them to effectively analyze the malware with ease.

The Rising Threat of Traffers report, compiled by Outpost24’s Threat Intelligence team, KrakenLabs, provides a deep dive into the credential theft ecosystem, and encourages organizations to evaluate their security measures against these evolving threats. In recent years, the theft of credentials has evolved into a highly professionalized cybercriminal activity.

True to its theme ‘Cyber Resilience’, our recent cyber security gathering was able to dissect the fast-moving threat landscape with insights and information nuggets from a panel of security experts and practitioners on the shortcomings and the need for better use of threat intelligence. Here are five takeaways from the Cyber Resilience Day in Breda co-hosted with our customer CM.com and a panel of cybersecurity experts.

How an Account Takeover vulnerability, discovered during a routine customer engagement, became a candidate for responsible disclosure, via the Microsoft Security Research Center Researcher Portal.

On December 2022, a security researcher from the Outpost24 Ghost Labs team discovered a vulnerability on the ThingsBoard IoT platform, where a normal user’s privileges can be escalated, by doing a simple post with an additional header, and exploiting the associated flaws, to take control over the entire platform and related accounts. Upon reporting of the vulnerability to the vendor, it was quickly resolved.

Using an outdated jQuery library can open up your web application to vulnerabilities. Read more to find out how to find and fix jQuery vulnerabilities. jQuery is among the oldest JavaScript libraries available online. It simplifies your coding and is used by countless websites. But there is an inherent danger that lies with outdated jQuery libraries: they are vulnerable to risks such as cross-site scripting.

Our annual Ransomware Report shares the latest trends and developments of the most active threat groups, and their victims to help businesses better protect themselves.