Blog

The IoT Attacks Everyone Should Know About

04.Feb.2020

Pwnie Express, an Outpost24 company

This piece is part 2 of our ongoing series on IoT and wireless security.

Rogue Device Spotlight: Wireless Printers

31.Jan.2020

Pwnie Express, an Outpost24 company

Wireless Printers are becoming more and more common around the world,
providing convenience in several different ways. However, this convenience comes
with a security cost. It is vital to understand the different wireless modes these
printers can be in, as well as the dangers of default configurations and how they
can be exploited by the bad guys when not properly configured.

Rogue Device Spotlight: MiniPwner

29.Jan.2020

Pwnie Express, an Outpost24 company

Originally created in 2012 by security researcher Kevin Bong, the MiniPwner leverages the incredibly flexible OpenWRT project to turn cheap consumer wireless routers into highly capable penetration testing devices. The initial iteration of the project was little more than stock OpenWRT running on the immensely popular TPLink MR703N, but that was enough to get the ball rolling, and the project has been steadily evolving since.

Rogue Device Spotlight: #r00tabaga MultiPwner

29.Jan.2020

Pwnie Express, an Outpost24 company

Building on the groundwork laid by the MiniPwner and WiFi Pineapple, ACE Hackware’s #r00tabaga MultiPwner combines the best traits of both devices into one exceptionally portable and capable tool.

Rogue Device Spotlight: WiFi Pineapple

29.Jan.2020

Pwnie Express, an Outpost24 company

Originally released back in 2008, the WiFi Pineapple from Hak5 is one of the oldest mass-market rogue devices, and has since inspired numerous clones and variations. Unlike some devices which have been shoehorned into their roles as penetration testing devices, the WiFi Pineapple was designed from the ground up for WiFi security work; with custom hardware, software, and intuitive web interface.

Rogue Device Spotlight: Reaver Pro II

29.Jan.2020

Pwnie Express, an Outpost24 company

Created by Reaver Systems, the Reaver Pro II is a WiFi penetration testing tool focused on networks with insecure WEP and WPA2 implementations. Requiring minimal configuration, and capable of being controlled entirely through a straightforward web interface, the Reaver Pro II is advertised as one of the easiest methods available to identify and breach vulnerable WiFi networks.

Website Security: Magecart and credit card skimming

14.Jan.2020

Simon Roe

Online payment skimming operations run by Magecart criminals continue to intensify and develop, reportedly compromising more than 2 million websites with the most infamous attack involving the breach of British Airways in 2018. Where credit card data of nearly 400,000 BA customers were compromised and resulted in a hefty fine of $230million and the moment the world stood up to take note of this new and dominant threat.

Rogue Access Point: The Ghostly Attack Surface That You Are Missing

17.Dec.2019

Gaining visibility of the wireless airspace is something many organizations and security teams have struggled due to the volume and capabilities being restricted to network teams. However, as we see reports of successful wireless attacks increasing, annual pen testing of wireless for compliance will become redundant.

Cyber Security in 2020 and beyond

04.Dec.2019

Outpost24 product managers

As digital transformation continues to take hold, enterprises across industries are under mainstream pressure to tighten their cyber defense as they evolve to cloud and become more application centric. Despite many boards boosting security resources and increasing spend in 2019, more than 3,800 data breaches have hit organizations with dire consequence. In the spirit of the holiday season we have compiled a list of 2020 predictions from our in-house security experts on the key trends and threats that should be high on any CISO’s agenda to deliver greater cyber hygiene and multi-layered defense.

Why shifting left will be key to securing your business in 2020

21.Nov.2019

Charlie Eriksen, CTO Adversary

Increasingly, boardrooms are starting to recognize a simple fact: Being hacked is a question of if, not when. It’s no secret that most companies have experienced some type of data breach, often without their own knowledge. This all adds up to estimates that a cyber-attack occurs every 39 seconds, if you believe such statistics. That puts huge pressure on organizations to decrease the likelihood of not only adding to this statistic, but also fulfilling their data privacy duty they have towards their users, employees and customers.