Blog

The most critical vulnerabilities right now

12.May.2021

Blueliv, an Outpost24 company

We may not yet be at the halfway point of 2021 but, over the course of the past 4 and a half months, We have already observed over 4,900 critical CVEs spanning widely used products from global vendors such as Panasonic, Cisco, Microsoft, and of course SolarWinds. It is clear that threat actors are still capitalizing on scattered, remote workforces, as evidenced in the platforms they are exploiting (Cisco Small Business, SAP Commerce Cloud).

An In-Depth analysis of the new Taurus Stealer

07.May.2021

Blueliv, an Outpost24 company

Most of the changes from earlier Taurus Stealer versions are related to the networking functionality of the malware, although other changes in the obfuscation methods have been made. In the following pages, we will analyze in-depth how this new Taurus Stealer version works and compare its main changes with previous implementations of the malware.

Debunking the web application attack surface for Credit Unions

14.Apr.2021

Nicolas Renard and Stephane Konarkowski, Security Consultant Outpost24

Financial services are big targets for cybercrime. As the world shifts from physical to online, credit unions are doubling down on web applications to improve access and ensure vital financial services for their members. But with that comes greater security risks. In this benchmark study, we analyze the Top US Credit Unions with our attack surface analysis tool to highlight security weaknesses they should watch out for.

Fast flux

08.Apr.2021

Blueliv, an Outpost24 company

In this post we want to share details about a study that we have carried out on a Fast Flux network operated by the creators of the Ursnif malware. Our main objective is to shed some light on this type of network and what kind of activities are developed within. The domains shown in this post belong to the Ursnif botnet, which at the time of writing is still active thanks to the use of Fast Flux.

SAST, DAST, SCA: What’s best for application security testing?

30.Mar.2021

Simon Roe, Application Security Product Manager Outpost24

With a 43% rise in data breaches tied to web application vulnerabilities according to Verizon, enterprise security teams are looking more closely at how security controls can be integrated to DevOps without impacting productivity. But with so many automated security testing tools (SAST, DAST, SCA) on the market, it’s important to understand the difference and when to use them to ensure robust Application Security.

4 ways Security and DevOps can collaborate to reduce application vulnerabilities

22.Mar.2021

Secure Code Warrior

A collaborative approach between SecOps and DevOps is key to any successful security integration - particularly as developers and security teams have different priorities from the get-go. In this blog we will share 4 tips for getting developers on board to enable true DevSecOps for your business

How to secure your cloud services with CSPM

09.Mar.2021

Sergio Loureiro, Cloud Security Product Director

As enterprises fast track cloud adoption plans without security considerations, we’ve seen the dangers of cloud misconfigurations and how it continues to cost millions in lost data and revenue for failure to comply. In this blog we’ll explain how to spot the telltale signs and secure your clouds with adequate Cloud Security Posture Management (CSPM).

Attackers collaborate to exploit CVE-2021-21972 and CVE-2021-21973

25.Feb.2021

Blueliv, an Outpost24 company

Last Tuesday, Feb. 23, 2021, VMWare disclosed two vulnerabilities affecting vCenter Server and Cloud Foundation. Before the publication of the vulnerabilities, the company published a workaround to protect the servers that are meant to be a temporary solution until updates with the security patch can be deployed. This was a surprisingly fast reaction from the company, though as they were working to quickly fix the issue so too were attackers racing to find new ways to profit from the vulnerabilities. These newly found vulnerabilities, known as CVE-2021-21972 and CVE-2021-21973, can be used by an attacker to disclose information and execute code through a vCenter Server plugin. The Blueliv Labs Team is actively investigating these vulnerabilities and finding new developments in the wild that we are sharing in this blog. More findings would come, we will update this blog accordingly to share relevant and fresh intelligence.

Enhanced exploit database with Farsight risk-based threat Intelligence

24.Feb.2021

Simon Roe, Product Manager Outpost24

Find out how the additions of threat intelligence-led exploit database will enhance and affect your vulnerability management findings in Outpost24.

State of Underground Card Shops in 2021

19.Feb.2021

Blueliv, an Outpost24 company

In this blog, Blueliv analysts investigate the current card shop ecosystem, from active shops that may grow in the vacuum left by Joker’s Stash’s withdrawal as well as other recently shuttered card shops.