Blog

Fix now: High risk vulnerabilities at large, June 2020 part 2

17.Jun.2020

Simon Roe, Product Manager Outpost24

In the world of vulnerabilities, we have seen a few interesting ones released in the last couple of weeks since our last Farsight risk based vulnerability management blog covering the CERT Top 10. Read on for more information on how to prioritize these vulnerabilities for patching to mitigate risk.

Social distancing times are social engineering times

12.Jun.2020

Martin Jartelius, CSO, Outpost24

Recently, we encountered an attacker who had taken efficient spear-phishing to an interesting and increased level of consistency and automation. We’ve also seen firsthand the speed at which this attacker learned from some initial mistakes to launch their successful attack which we identify in the examples in this blog.

Fix now: High risk vulnerabilities at large, June 2020

01.Jun.2020

Simon Roe, Product Manager Outpost24

On May 12, 2020 CERT released an alert entitled top 10 routinely exploited vulnerabilities identified by U.S Government, we put them through our predictive risk based vulnerability prioritization tool Farsight to provide more context into the risk.

Spring 2020 Product Release

28.May.2020

We’ve delivered some major new product features in our spring release to help you manage vulnerabilities more effectively and maintain security hygiene across the full technology stack. At a glance we have seven new features and enhancements to highlight to customers

DBIR 2020 – Lessons learned from the misfortune of the collective

21.May.2020

Martin Jartelius, CSO at Outpost24

From hacking, malware to error, the 2020 Data Breach Investigation Report (DBIR) by Verizon reveals the top attack vectors and most common culprits for data breaches, you guessed it – substandard cyber hygiene. Here our security expert provides a quick summary of the report findings and practical advice for preventing hacker pivots and lifting cyber hygiene.

A guide for meeting wireless PCI compliance

19.May.2020

John Stock, Wireless Security Manager Outpost24

PCI compliance is critical to any business processing cardholder information. Every day we hear about massive data breaches involving consumer cardholder information impacting big brand retailers, banks, and businesses with public-facing ecommerce/payment servers. So what is the PCI compliance standard and how can organizations protect point-of-sale data over wireless networks

Fix now: High risk vulnerabilities at large, May 2020

12.May.2020

Simon Roe, Product Manager Outpost24

In the world of vulnerabilities, we have seen a few interesting ones released in the last couple of weeks since our last Farsight risk based vulnerability management blog. Various countries cyber security departments are warning citizen’s and business of the increase in phishing attack targeting people’s natural curiosity and fear surrounding COVID-19.

Responsible disclosure: Multiple stored XSS vulnerabilities discovered in ServiceNow ITSM by Outpost24

05.May.2020

Hugo van den Toorn, Manager Offensive Security at Outpost24

During a web application pentest by our Ghost Labs OffSec team in March last year, we discovered multiple stored cross-site scripting vulnerabilities on the widely popular ServiceNow IT Service Management software. After informing our customers, we reached out to the vendor (ServiceNow). In collaboration with them, the vulnerabilities are quickly triaged and remediated in later versions of the product. To remediate we urge users of the ServiceNow platform to upgrade to the latest stable version. We would like to thank ServiceNow’s security team for their swift and adequate response.

Fix now: High risk vulnerabilities at large, April 2020

22.Apr.2020

Simon Roe, Product Manager Outpost24

With much of the world in lockdown, and many of us on enforced work from home measures due to COVID-19, keeping on top of the latest vulnerabilities may have fallen off your radar. But as the pandemic has unleashed a wave of cyber attacks to exploit remote workers and scam anxious customers, strengthening your cyber hygiene should be a priority.

A CISO’s guide to boosting security awareness and morale in turbulent times

01.Apr.2020

Charlie Eriksen, CTO Adversary

During uncertain times, it’s more important than ever for businesses to install trust amongst their employees to ensure they are maintaining the same strict levels of security as the pandemic has become a hotbed for cyberattacks. CISOs and business leaders are having to scale back staff amidst an outbreak when moving to different working patterns and they’re looking to their existing teams to fly the security flag for their wider businesses.

So what can CISOs do to get the best from their staff during this outbreak to ensure security standards are maintained and we can start hiring again?