Blog (FR)

What is DORA? How to prepare your business for compliance

30.mai.2023

Designed to support the digital resiliency of financial institutions in the EU and UK, the Digital Operational Resilience Act is set to go in effect in January 2025. In this blog, we take a deep dive into what organizations must do in order to be compliant with this new legislation.

KrakenLabs' Threat Actors Naming Convention

09.mai.2023

Borja Rodriguez - Threat Hunting Team Lead at Outpost24

KrakenLabs has developed a new naming convention that uses poisonous plants to represent the origin and criminal activities of threat actors. This approach provides a creative way to classify different types of threat actors, allowing security professionals to quickly understand the nature and behavior of the threat actor, which is helpful for identifying and mitigating threats effectively.

What’s the difference: Vulnerability scanning vs Penetration testing

27.avr.2023

Vulnerability scanning and penetration testing should be an essential part of your cybersecurity strategy. This blog discusses the above methods in the context of securing your web applications, including the benefits, drawbacks, and compliance implications.

Outpost24 Expands Leadership Team by Appointing Brendan Hogan as Chief Strategy Officer

24.avr.2023

Outpost24, a leading innovator in cyber risk management, today announced it has appointed Brendan Hogan as Chief Strategy Officer (CSO). Hogan is responsible for spearheading M&A Strategy, Corporate Development and Alliance strategy for the company.

Does HIPAA require penetration testing?

14.avr.2023

The HIPAA Security Rule requires healthcare organizations to perform regular security risk assessments to protect e-PHI. Penetration testing can help organizations with this requirement.

Everything you need to know about the LummaC2 stealer: Leveraging IDA Python and Unicorn to deobfuscate Windows API Hashing

05.avr.2023

Alberto Marín, KrakenLabs Malware Sandbox Lead

In this blog post, the KrakenLabs team will take a deep dive into a malware sample classified as LummaC2, an information stealer written in C language that has been sold in underground forums since December 2022. We assess LummaC2’s primary workflow, its different obfuscation techniques (like Windows API hashing and encoded strings) and how to overcome them to effectively analyze the malware with ease. We will also analyze how networking communications with the C2 work and summarize LummaC2’s MITRE Adversarial Tactics, Techniques and Common Knowledge.

Another Password Manager Breach: Practical Tips to Protect Stolen Credentials

05.avr.2023

In light of recent password manager breaches, our experts have provided tips on how to protect your organization from compromised credentials.

Traffers and the growing threat against credentials

28.Mar.2023

Beatriz Pimenta and Jacobo Blancas, KrakenLabs team

The Rising Threat of Traffers report, compiled by Outpost24’s Threat Intelligence team, KrakenLabs, provides a deep dive into the credential theft ecosystem, and encourages organizations to evaluate their security measures against these evolving threats.

Five key takeaways from Outpost24’s Cyber Resilience Day

09.Mar.2023

True to its theme ‘Cyber Resilience’, our recent cyber security gathering was able to dissect the fast-moving threat landscape with insights and information nuggets from a panel of security experts and practitioners on the shortcomings and the need for better use of threat intelligence.

Account Takeover Vulnerability in Azure’s API Management Developer Portal

08.Mar.2023

Tom Stacey, Application Security Auditor

How an Account Takeover vulnerability, discovered during a routine customer engagement, became a candidate for responsible disclosure, via the Microsoft Security Research Center Researcher Portal.