Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Stolen credentials are the easiest route into your organization for a hacker. Verizon’s 2023 Data Breach Investigation Report found that threat actors used stolen credentials in 49% of attempts to gain unauthorized access to organizations. The problem IT teams face is knowing when credentials have been stolen or leaked in a breach – otherwise you’re waiting to respond to a security issue rather than handling it proactively.

The threat group USDoD posted on a dark web forum on July 24th to claim they’ve got hold of a large database of threat actors compiled by CrowdStrike. So far, the threat actor has released only a small sample of the data, but the forum post below claims that over 250 million records have been exposed. This could provide information on the aliases, recent activities, origins, and motivations of various cybercriminal groups and state-sponsored actors.

In November 2023, while conducting a security assessment on a client’s instance of the Oracle Integration Cloud Platform, I discovered a medium severity vulnerability nestled within the handling of the “consumer_url” URL parameter. This flaw unveiled a Cross-Site Scripting (XSS) vector that could be exploited by a user with malicious intent.

Every month, we bring you some of the key findings from Outpost24’s Threat Intelligence team, KrakenLabs. Here’s what you need to know from July.

Held in Breda, Netherlands, this year’s Cyber Resilience Day convened industry leaders and cybersecurity experts to address the topic of supply chain attacks and the latest digital threats. The event showcased a series of keynote speeches, panel discussions, and interactive workshops, equipping attendees with valuable insights and actionable strategies to strengthen their organizations’ cyber resilience.

While reviewing common TTPs in malware campaigns used last year Outpost24’s Cyber Threat Intelligence team, KrakenLabs, came across several reports and articles describing a novel infection technique being used to distribute various types of malware not necessarily related to each other. For example, this article analyzing Amadey and this one talking about Redline.

AI risk and security management is unsurprisingly Gartner’s number one strategic technology trend for 2024. But you might be less familiar with number two: Continuous Threat Exposure Management (CTEM). Coined by Gartner in 2022, CTEM isn’t just another buzzy acronym – it’s a powerful process that can help continuously manage cyber hygiene and risk across your online environment.

It had already been a challenging few weeks for Live Nation Entertainment, Inc. as they faced down a lawsuit from The Justice Department regarding anti-competitive practices. Things got worse at the end of May when a cybercriminal known as “SpidermanData” claimed to have breached a huge database of 560 million records (including personal and financial data) belonging to TicketMaster Entertainment, LLC – a Live Nation company.

Today, Outpost24 introduced its exposure management platform alongside plans for its future. The Outpost24 Exposure Management Platform is a single platform for all of the exposure management offerings Outpost24 has today and will add tomorrow. With The Outpost24 Exposure Management Platform, organizations can: The Outpost24 Exposure Management platform is built to be tailored to what matters most to a specific organization. Powerful protection without the bloat offered with some other platforms,