Blog

Responsible disclosure: Multiple stored XSS vulnerabilities discovered in ServiceNow ITSM by Outpost24

05.May.2020

Hugo van den Toorn, Manager Offensive Security at Outpost24

During a web application pentest by our Ghost Labs OffSec team in March last year, we discovered multiple stored cross-site scripting vulnerabilities on the widely popular ServiceNow IT Service Management software. After informing our customers, we reached out to the vendor (ServiceNow). In collaboration with them, the vulnerabilities are quickly triaged and remediated in later versions of the product. To remediate we urge users of the ServiceNow platform to upgrade to the latest stable version. We would like to thank ServiceNow’s security team for their swift and adequate response.

Fix now: High risk vulnerabilities at large, April 2020

22.Apr.2020

Simon Roe, Product Manager Outpost24

With much of the world in lockdown, and many of us on enforced work from home measures due to COVID-19, keeping on top of the latest vulnerabilities may have fallen off your radar. But as the pandemic has unleashed a wave of cyber attacks to exploit remote workers and scam anxious customers, strengthening your cyber hygiene should be a priority.

A CISO’s guide to boosting security awareness and morale in turbulent times

01.Apr.2020

Charlie Eriksen, CTO Adversary

During uncertain times, it’s more important than ever for businesses to install trust amongst their employees to ensure they are maintaining the same strict levels of security as the pandemic has become a hotbed for cyberattacks. CISOs and business leaders are having to scale back staff amidst an outbreak when moving to different working patterns and they’re looking to their existing teams to fly the security flag for their wider businesses.

So what can CISOs do to get the best from their staff during this outbreak to ensure security standards are maintained and we can start hiring again?

Cybersecurity tips to keep your employees and business safe amid Coronavirus outbreak

24.Mar.2020

Outpost24 cyber security experts have shared their practical tips for businesses and employees whilst we come to terms with this global health emergency, coronavirus. Whilst dealing with this unforeseen tragedy and trying to maintain a ‘business as usual’ methodology we want to help security professionals to effectively facilitate working from home patterns and sharing of information safely which could affect your security exposure during these uncertain times.

Risk based vulnerability management: reduce and prioritize remediation efforts with likelihood of an actual attack

23.Mar.2020

Simon Roe, Product Manager Outpost24

With too many vulnerabilities to deal with and too little time (and resource) all you need is perspective. As Gartner put it nicely ‘a vulnerability is only as bad as the threat exploiting it and the impact on the organization’, the trick here is to prioritize remediations with a framework that focus on likelihood of an actual attack rather than perceived risk

What’s in a risk score? Implementing a Risk based remediation strategy using machine learning

17.Mar.2020

Simon Roe, Product Manager Outpost24

The biggest challenge for vulnerability management today lies in prioritization. With organizations being pressured on time and resources to effectively remediate vulnerabilities, it’s important to turn to a risk based remediation strategy. With Outpost24 Farsight we provide organizations the ability to do just that.

Predicting the future: Will this vulnerability be exploited in the wild?

10.Mar.2020

Simon Roe, Product Manager Outpost24

Remember If only 10% of all vulnerabilities have exploits released, and of those, not all go onto being exploited in the wild, risk based vulnerability prioritization provides a risk indicator of those vulnerabilities that are likely to be exploited in the future. The value it brings to security teams is huge – they will not only save time and effort in patching vulnerabilities that aren’t real, they will also reduce the time to patch for truly high risk vulnerabilities and prevent their business from potential attacks.

Winter 2020 Product Release

06.Mar.2020

We’ve delivered some major new product features in our winter release to help you manage vulnerabilities more effectively and maintain security hygiene across the full technology stack. At a glance we have five new features to highlight to customers:

Risk Based Vulnerability Management – starting with the why

02.Mar.2020

Simon Roe, Product Manager Outpost24

In 2019 we saw a total of 12,174 new vulnerabilities being released. To put that into perspective, this equates to just over 33 new vulnerabilities being released EVERY SINGLE DAY of 2019. And this number was down on the year before (2018 – 16,556). This demonstrates the sheer volume of vulnerabilities security professionals have to deal with everyday which poses a significant challenge to say the least! How can machine learning be used to help us focus on the biggest risks?

When we dive deeper into those numbers, - 1,118 vulnerabilities had a CVSS score of greater than 8, and over half (7,197) had CVSS scores of greater than 5.

What Is A Botnet & How Does It Work?

26.Feb.2020

Pwnie Express, an Outpost24 company

In this article, we’ll discuss what these armies are capable of and how they are usually used. We’ll also explain how botnets and cybercriminals can carry out DDoS attacks, the most “famous” botnet attacks and how to decrease the potential of botnet attacks. But first, it’s important to understand the basic reasons why botnets are concerning.