During a recent customer assessment, our pen testers discovered a critical vulnerability that exemplifies the importance of manual and continuous pen testing. The issue involved a feature intended for administrators, allowing them to send messages to a "broadcast" endpoint, which would then be displayed in a modal pop-up box for...

A recent advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA) has shed light on vulnerabilities in Ivanti VPNs that are currently being actively exploited by malicious actors.   Ivanti VPN solutions, widely utilized for their robust security features and efficient network management capabilities, have recently been identified as containing...

Web applications are an integral part of our daily lives, used for everything from banking and shopping to social networking and business operations. However, this widespread reliance on web technology has also made it a prime target for cyberattacks. One of the most common and dangerous threats is Cross-Site Scripting...

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news, and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team.  Threat actor of the month: Cactus Ransomware group  “Cactus Group" is a ransomware group that has been active since at...

Getting a complete and accurate overview of all your online assets is key to protect your external attack surface from bad actors. Knowing what you have exposed online is always the first step. Wildcard domains can pose a challenge to External Attack Surface Management (EASM) solutions in this regard. But...

Problems arise when teams are too siloed. In the past, organizations ran into trouble when Development teams would hand over finished code with security problems to IT Operations to deploy and manage. They realized it was faster and more effective to work together throughout the product lifecycle in a DevOps...

Reduce the Risk Passwords Pose with Specops Software’s Password Suite  Specops Software protects your business data by blocking weak passwords and securing user authentication. With a complete portfolio of solutions natively integrated with Active Directory, Specops ensures sensitive data is stored on-premises and in your control.   Specops Password Policy Strengthen password...

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news, and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team.  Spotlight threat: X (Twitter) accounts hacked  Over the past few weeks there has been an uptick of compromises on the...

Recent ransomware attacks on European organizations have attracted significant attention, primarily due to the involvement of threat actors with Russian connections or origins. Of particular concern is the latest attack on an IT service provider, which has had a profound impact on Swedish companies, government agencies, and municipalities.  About the...

Companies grow through mergers and acquisitions. Marketing teams promote new products. New products spawn new web domains. As brand names, URLs, and cloud IT infrastructure proliferate, so does an organization's vulnerability to impersonation attacks. Impersonation attacks are a fast-growing form of cybercrime where attackers impersonate contacts or organizations to steal...