Outpost24 expands platform for data & social threat defense
Outpost24 has announced the integration of two new Digital Risk Protection modules into its External Attack Surface Management platform.
The new Social Media and Data Leakage modules are offered alongside the existing Leaked Credentials and Dark Web modules. The company said these modules are designed to enhance customer insights into the entire attack surface, supporting organisations as they aim to identify threats across a broader range of digital channels.
According to Outpost24, the Social Media DRP module enables organisations to monitor their social media profiles as part of their attack surface. This module tracks social media impersonation, external breaches, and internal leaks in real-time, providing security teams with earlier visibility into threats originating from such platforms.
Meanwhile, the Data Leakage DRP module is built to detect potentially leaked documents and source code. By promptly bringing these exposures to security teams' attention, the module aims to provide companies enough time to respond and mitigate potential consequences before sensitive information is misused.
The company highlighted that these modules leverage access to private and exclusive sources, strong automation capabilities, and advanced threat intelligence to give organisations a more comprehensive view of their external threats and risks. Outpost24 said this broader overview is intended to empower security teams to be more proactive and better prioritise their response efforts.
"Organisations often forget that threat actors use the information on public social media profiles to launch targeted attacks or even to impersonate executive leadership. But they absolutely do, and it's extremely important that security teams track this. We've built our DRP modules for Social Media and Data Leakage based on rich threat intel and accelerated automation so that organisations can get the full context behind each new alert," Omri Kelter, Chief Product Officer at Outpost24, said, explaining the capabilities of the new modules.
Outpost24 stated that by employing these monitoring modules, companies may be able to respond faster to threats emerging on social media, detect and address leaked documents or code before they become problematic, protect their reputations, and reduce the risks of phishing or fraud. Early detection is positioned as a preventive measure to stop confidential information from spreading.
The company noted that threat actors have increasingly been using information from social media profiles to plot attacks against companies of all sizes. Monitoring these activities, it said, supports organisations in maintaining timely awareness of new or emerging risk vectors that might not be addressed with traditional security approaches.
The inclusion of these modules extends the capabilities of Outpost24's EASM platform, which now covers additional facets of the attack surface and potentially enables customers to gain earlier warnings and more context for security incidents involving external-facing assets.
Follow us on:
Share on:
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
4 days ago
- Techday NZ
Bitdefender unveils EASM for proactive attack surface security
Bitdefender has launched a solution designed to provide managed service providers, businesses, and their customers with comprehensive oversight of internet-facing assets and related vulnerabilities. The release of GravityZone External Attack Surface Management (EASM) comes amid growing focus on attack surface reduction, a strategic priority identified by cybersecurity experts and highlighted in recent industry research. Gartner forecasts suggest that, through 2029, over 60% of security incidents will be linked to misconfigured technical security controls. A recent survey of 1,200 cybersecurity professionals also places attack surface reduction at the forefront of their operational concerns. The evolving digital landscape, fuelled by ongoing digital transformation, widespread cloud adoption, remote work trends, and increased integration with third-party infrastructure, is expanding the range of potential entry points that adversaries could exploit. Bitdefender pointed out that, without effective oversight, assets such as abandoned domains, improperly configured cloud resources, and expired digital certificates may go unnoticed, potentially leaving organisations exposed to attackers who habitually probe the internet for vulnerabilities. The EASM module is designed to work without requiring deployment on endpoints, providing a proactive mechanism for identifying and assessing external risks while aiming to minimise the scope of possible attack vectors. By continually discovering, mapping, and analysing internet-exposed assets from the same perspective as potential attackers, organisations are positioned to assess risk, identify vulnerabilities, and take remedial actions before any potential exploitation. GravityZone EASM is provided as an add-on to Bitdefender GravityZone, which is the company's platform for endpoint protection, endpoint detection and response, extended detection and response, and cloud-native security. The system scans a wide range of asset categories, such as IPv4 and IPv6 addresses, IP blocks, email addresses, and domains. Comprehensive asset discovery is achieved by identifying public IPs, alerting to expiring or expired certificates, highlighting vulnerable public services, and recognising open network ports. This asset review process is intended to ensure that all relevant systems are accounted for in centralised monitoring and management. Features Bitdefender highlighted that GravityZone EASM delivers rapid discovery and visibility by scanning and mapping all internet-facing assets—including devices, domains, subdomains, applications, certificates, connections to third parties, and instances of shadow IT—within as little as 30 minutes. Organisations are provided with a full view of their attack surface, extending even to assets that are unmanaged or no longer in regular use. The solution incorporates continuous vulnerability monitoring and alerting. It detects vulnerabilities and misconfigurations across both internal and external systems, including assets managed by external partners, customers, and entities within the supply chain. Immediate, context-rich alerts for exposed systems, expired certificates, and high-risk threats are generated. Alerting is prioritised according to severity, such as CVE scores, to optimise the response processes and remediation actions. GravityZone EASM forms part of a unified approach for security, risk management, and compliance within the GravityZone platform. By integrating these functionalities, both security analysts and administrators can leverage the solution for use cases such as threat analysis, vulnerability prioritisation, policy enforcement, and configuration of access controls. All operations are managed within a single platform. "Security teams across businesses and MSPs face increasing pressure to keep pace with expanding attack surfaces, driven by digital transformation and complex third-party ecosystems," said Andrei Florescu, President and General Manager at Bitdefender Business Solutions Group. "Effective defence-in-depth security starts by reducing the attack surface as much as possible before threats reach the detection and response layers. GravityZone EASM is a critical part of our vision for unified security, risk management, and compliance, enabling proactive discovery and control of internet-facing assets that could serve as potential entry points for attackers." Bitdefender GravityZone EASM is available as an option to select license tiers of GravityZone and for use in conjunction with the company's managed detection and response services.
Scoop
4 days ago
- Scoop
Bitdefender Launches Powerful External Attack Surface Management Solution For Businesses And Managed Service Providers
Bitdefender, a global cybersecurity leader, today announced Bitdefender GravityZone External Attack Surface Management (EASM), a new solution that gives businesses, managed service providers (MSPs) and their customers comprehensive visibility into their internet-facing assets and associated vulnerabilities. GravityZone EASM dramatically reduces threat exposure and strengthens security operations through centralised discovery, monitoring, and management of expanding attack surfaces. The attack surface, encompassing all potential entry points for adversaries, is rapidly expanding due to digital transformation, cloud adoption, remote work, and increased connectivity with third-party infrastructure, including partners and customers. Without centralised oversight, assets such as unused domains, misconfigured cloud instances, and expired certificates often go unnoticed – leaving organisations vulnerable to attackers who continuously scan the internet for exposed systems. According to Gartner®, 'Through 2029, more than 60% of security incidents will be traced to misconfigured technical security controls.'¹ Additionally, a recent survey of 1,200 cybersecurity professionals found that reducing the attack surface is a top priority in their security operations. Bitdefender GravityZone EASM is agentless, requiring no endpoint deployment, and delivers a powerful, proactive approach to identifying and understanding external risks while reducing the attack surface. It continuously discovers, maps, and analyses internet-exposed assets from an attacker's perspective, enabling organisations to quickly assess risk, identify vulnerabilities, and take action before they are exploited. The solution is available as an add-on to Bitdefender GravityZone, the company's unified security, risk analytics, and compliance platform that delivers advanced endpoint protection (EPP), endpoint detection and response (EDR), extended detection and response (XDR), and cloud-native security. GravityZone EASM scans a wide range of asset types, including IPv4 and IPv6 addresses, IP blocks, email addresses, and domains. From these scans, it delivers comprehensive asset discovery by detecting publicly exposed IPs, expiring or expired certificates, vulnerable public services, open ports, and more – ensuring no asset is overlooked. Key Benefits of Bitdefender GravityZone External Attack Surface Management: Fast internet-facing asset discovery – GravityZone EASM scans and maps all internet-facing assets including devices, domains, subdomains, applications, certificates, third-party connections, shadow IT, and more – in as little as 30 minutes. It delivers comprehensive visibility into a business's attack surface, even for unmanaged or forgotten assets. Continuous vulnerability monitoring, alerting, and prioritisation – GravityZone EASM continuously monitors and detects vulnerabilities and misconfigurations across internal and external assets, including those managed by partners, customers, and supply chain vendors. It delivers immediate, context-rich alerts for exposed systems, expired certificates, and high-risk threats. Alerts are prioritised by severity (e.g., CVE scores) to streamline response and remediation. Unified security, risk management, and compliance – Seamlessly integrated with Bitdefender GravityZone, combining security, risk analytics, and compliance – GravityZone EASM supports both strategic and operational use cases. Security analysts can leverage it for threat analysis and vulnerability prioritisation, while administrators benefit from broader security management capabilities such as policy enforcement and access control configuration – all within a single platform. 'Security teams across businesses and MSPs face increasing pressure to keep pace with expanding attack surfaces, driven by digital transformation and complex third-party ecosystems,' said Andrei Florescu, president and general manager at Bitdefender Business Solutions Group. 'Effective defence-in-depth security starts by reducing the attack surface as much as possible before threats reach the detection and response layers. GravityZone EASM is a critical part of our vision for unified security, risk management, and compliance, enabling proactive discovery and control of internet-facing assets that could serve as potential entry points for attackers.'
Techday NZ
20-06-2025
- Techday NZ
Outpost24 identifies key OAuth risks & best practice solutions
An analysis by Outpost24 has examined seven of the most common vulnerabilities present in OAuth implementations and outlined recommended measures organisations can take to mitigate these risks. OAuth, short for Open Authorization, is a widely used industry protocol that allows users to grant access to their data on one site to another site, without sharing their credentials directly. This delegation of authority involves issuing tokens that provide time-limited and scoped permissions to client applications on behalf of users. Underlying complexity Although OAuth helps reduce direct exposure of user credentials and supports fine-grained access control, its broad flexibility also creates significant opportunities for errors during implementation. The protocol's reliance on strict validation of parameters, endpoints and tokens, as well as correct management of application state, means that mistakes or oversights can introduce vulnerabilities that attackers can exploit. Outpost24's analysis notes that OAuth is not inherently weak, but that its "power (delegated, token-based access) relies on numerous checks and balances. However, OAuth vulnerabilities often arise when developers or architects skip steps, like byte-for-byte URI validation, state verification, or signature checks on ID tokens. These oversights create exploitable gaps that attackers can target. So, OAuth itself isn't inherently 'weak'—but its flexibility and the proliferation of optional parameters and flows make it easy to misconfigure in ways that lead to real-world vulnerabilities." Common vulnerabilities The analysis identifies seven main areas where OAuth vulnerabilities commonly occur: 1. Open redirect and redirect URI manipulation: If the system does not strictly validate redirect URIs, attackers can manipulate authorisation flows to direct tokens or codes to endpoints they control, resulting in unauthorised access to user data. 2. Missing or weak Cross-Site Request Forgery (CSRF)/state protections: Failing to include a robust state parameter tied to each user's session enables attackers to trick users into completing authorisation requests that generate tokens for attacker-controlled clients. 3. Implicit flow and lack of Proof Key for Code Exchange (PKCE): The use of implicit flow, where access tokens are delivered directly via the browser, exposes tokens to interception. Without PKCE, even the more secure code flow can be susceptible if an attacker can access intermediate codes. 4. Inadequate scope validation and overly broad permissions: Applications may request excessive permissions, which can lead to abuse if an attacker acquires the access token. Users can be misled into granting high-privilege access. 5. Token leakage via insecure storage or transport: Storing tokens in browser storage areas accessible to client-side scripts, or transmitting them over insecure channels, can lead to theft through network compromise or browser vulnerabilities. 6. Missing or ineffective token revocation: Without appropriate means to revoke tokens, attackers or malicious clients may retain access indefinitely, even after a user believes they have rescinded authorisation. 7. Homegrown or outdated OAuth implementations: Custom or obsolete libraries may omit essential security checks, such as validating signature fields or all necessary request parameters, making exploitation feasible through replay or impersonation attacks. Mitigation strategies The analysis offers concrete recommendations to address each identified risk. For redirect URI threats, strict, exact matching of registered URIs is advised, along with enforcement of HTTPS. To defend against CSRF threats, the report urges clients to "generate a cryptographically random state value, store it in the user's session, and include it in the request. Strictly validate state on callback," and to make use of SameSite cookie attributes. The deprecation of the implicit flow and the universal adoption of PKCE are recommended for public clients. The analysis recommends the "use of authorization code flow + PKCE for all public clients", which helps bind token requests to verified identifiers, limiting misuse. Limiting scope requests to the minimal set required, alongside server-side validation of access scope, are key principles for scope management. Regarding token storage and transport, the advice is to "use secure, HttpOnly cookies for storing tokens" and to "enforce TLS everywhere… All endpoints (authorization, token, resource) must enforce HTTPS with strong ciphers." Short token lifetimes and refresh token rotation are also recommended to reduce the exposure following a token compromise. For revocation, the report recommends implementing dedicated endpoints that can invalidate access and refresh tokens in accordance with relevant standards, with continuous verification at the resource server layer to ensure revoked tokens remain unusable. On the issue of custom or outdated OAuth implementations, the recommendation is to "adopt well-maintained libraries and frameworks" and to "stay current with RFCs and security advisories," underscored by regular code reviews, threat modelling and attention to emerging IETF best practices. Operational recommendations To build a resilient OAuth deployment, enforce strict validation of redirect URIs, state parameters, and token signatures; adopt PKCE for all public clients; and adhere to least‐privilege scope requests. Ensure secure storage and transmission of tokens (favouring HttpOnly cookies over local storage) and implement token revocation with continuous introspection. Use community‐trusted OAuth libraries, keep up with evolving IETF/OAuth 2.1 guidelines, and maintain robust logging/monitoring to catch misuse quickly. Outpost24's analysis points out that by addressing these common misconfigurations and implementation issues, organisations "significantly reduce the risk of credential theft, unauthorised API access, and large-scale data breaches arising from flawed OAuth integrations."
