The IT Nerd

Outpost24 researchers have published an analysis on the recent developments surrounding the Salesforce data breach. The breach has continued to escalate, with Qantas and Vietnam Airlines data now being leaked on the dark web. 

The analysis dives into the exact timeline of events, the amount of data being leaked, the broader risk of these events, and how the threat actors behind this, Scattered Lapsus$ Hunters, typically run their attacks. The researchers determined that this incident highlights two critical realities. 

One, that an organization’s security perimeter is no longer just the firewall, but all third party platforms that have access to company data and software. And two, that threat actors are increasingly targeting individuals to bypass technical controls. By exploiting insider employees, Scattered Lapsus$ and many other groups, are leveraging major data leaks. All because of effective social engineering. 

For full details, the analysis can be read at this link: https://outpost24.com/blog/salesforce-breach-qantas-vietnam-airlines/

Outpost24, a leader in exposure management and identity security, today announced the appointment of Liz Drysdale as Chief Marketing Officer (CMO). Liz brings over 25 years of international marketing experience, including a decade in cybersecurity, to drive Outpost24’s next phase of growth and global brand expansion.

Recognized by The Enterprise World Magazine as one of the “Most Influential Business Leaders to Watch in 2024,” Liz has a proven track record of building and scaling high-performing, multi-disciplinary teams. Her deep specialization lies in ensuring marketing functions are strategically aligned with sales and product engineering to accelerate business growth across global markets. Prior to joining Outpost24, she held senior leadership roles at market-defining cybersecurity pioneers, including SentinelOne, BeyondTrust, and CyberArk, where she drove successful go-to-market strategies for complex security portfolios.

At Outpost24, Liz will lead global marketing strategy, focusing on scaling brand impact and expanding market reach to reinforce the company’s position as a trusted partner in exposure management and identity security. Her mission involves overseeing all aspects of brand strategy, demand generation, product and channel marketing, specifically by translating Outpost24’s advanced technical capabilities into compelling value propositions that ensure customers and partners can effectively operationalize modern risk reduction practices.

Liz’s appointment follows several key executive hires, including a new Chief Information Security Officer (CISO), Chief Technology Officer (CTO), and Chief Corporate Development Officer (CCDO), reinforcing Outpost24’s commitment to advancing its technology leadership, operational excellence, and strategic growth.

Backed by a dynamic executive team and a strong European presence, Outpost24 continues to solidify its position as a trusted partner for thousands of customers worldwide seeking to operationalize modern Exposure Management and Continuous Threat Exposure Management (CTEM) practices.

Outpost24 today announced the appointment of Martin Roth as Chief Technology Officer (CTO). Martin brings over 25 years of experience in software development, with a proven record of building and transforming technology organizations. His background combines deep technical expertise in product innovation and enterprise solution delivery with the ability to lead large, distributed teams in complex, security-sensitive environments. 

Before joining Outpost24, Martin held pivotal leadership roles at groundbreaking companies, such as Learnster, Viaplay, and Snow Software (now part of Flexera). In these roles, he was instrumental in scaling global Research & Development organizations through periods of rapid growth, establishing modern engineering and DevOps practices, and driving initiatives that dramatically strengthened delivery, innovation, and security across large enterprise software platforms.

At Outpost24, Martin will lead the company’s global engineering and technology strategy, shaping architecture, delivery, and development practices to drive agility and performance. Under his leadership, the company will accelerate its transition to cloud-native technologies, focusing on AI-driven solutions that will help its customers improve operational efficiency and their cybersecurity posture. He will drive a unified technical vision to enhance the delivery of the full-stack security platform—spanning continuous threat exposure management (CTEM), digital risk protection, cyber threat intelligence, and compliance—by building scalable systems and empowered teams that enable the company to innovate quickly and securely.

The appointment comes at a critical time for the cybersecurity industry, where proactive defence and a shift-left security approach are paramount. As threats become more sophisticated and regulatory pressures intensify, Outpost24 recognizes that world-class engineering is the foundation for delivering trusted, scalable security solutions. Martin’s expertise in building robust, high-availability enterprise platforms will be immediately leveraged to meet these escalating market demands.

Martin’s appointment follows recent additions to Outpost24’s leadership team, including a new Chief Information Security Officer (CISO) and Chief Corporate Development Officer (CCDO) — reinforcing the company’s commitment to innovation, technical excellence, and global expansion.

With a strong European presence and thousands of customers worldwide, Outpost24 continues to build the technological backbone for modern Exposure Management and Continuous Threat Exposure Management (CTEM), helping organizations proactively identify, prioritize, and remediate cyber risks across both digital and human attack surfaces.

Outpost24, a leading provider of exposure management solutions, today announced the launch of new pen test reporting, giving customers a consolidated view of all penetration testing results within a single platform. This eliminates the need to manage multiple reports from different sources, saving time and improving operational efficiency. Security teams can now view, schedule, and download reports directly, with actionable insights from certified pen testers.

According to Gartner, enterprises often take up to three months to identify and address vulnerabilities. The rise of GenAI apps has added complexity, making it harder for security teams to prioritize testing and act quickly on findings. Outpost24’s new reporting capability addresses these challenges by streamlining how organizations run engagements and access results, reducing time to remediation and ensuring direct access to its expert pen testing team.

In addition, Outpost24 is expanding its pen testing services with new packaged pen tests for mobile and API endpoints. These packages enable security teams to proactively identify and manage vulnerabilities in mobile apps and APIs in a cost-effective manner. By leveraging these new packages, organizations can strengthen their security posture and boost return on investment.

Outpost24’s latest release brings significant enhancements to your pen testing experience, including:

• Comprehensive reporting: View all pen testing results in one platform to accelerate turnaround times, and drive results from every engagement
• Enhanced visibility and verification: In-depth analysis on discovered vulnerabilities from expert pen testers, providing enhanced visibility and fix verification
• Flexible reporting: Easily export and schedule reports in multiple formats and frequencies, with optional compression and password protection
• Simplified planning: Greater transparency of pen testing costs and timelines to enable effective planning throughout your subscription
• Comprehensive security: Detailed analysis for API endpoints and mobile apps, ensuring thorough testing throughout the SDLC

These new reporting enhancements and packages work together to provide more streamlined, efficient, and effective pen testing experience.

To learn more about Outpost24’s pen testing services click here or contact the Outpost24 team today.

Outpost24 today announced the promotion of Olivia Brännlund to Chief Information Security Officer (CISO) from her prior role as Deputy CISO.

Brännlund joined Outpost24 in 2022 as a technical coordinator and was later promoted to technical architect responsible for the platform team. In each of these roles, she has been a driving force behind numerous security initiatives, including designing the security architecture for the orchestration platform. 

Prior to Outpost24, she worked as a security architect at Ericsson where she was responsible for security work within the 5G field. Earlier in her career, she was a security architect at telecommunications firm Qvantel, where she helped secure the Business Support Solution.

Outpost24 today announced the appointment of Ariel Katz as Chief Corporate Development Officer. Katz will be responsible for driving strategic growth, and identifying and executing inorganic opportunities to strengthen the company’s position as a leader in the cybersecurity market.

Katz is a seasoned executive with a diverse background spanning more than 20 years in finance and technology. He began his career in financial audit at PwC, then specializing in investment and M&A transactions at Deloitte and KPMG. He later transitioned into the tech sector, where he invested in a range of startups, including those in the cybersecurity space. After this, he worked in a Corporate Development role at Visa where he managed M&A and strategic initiatives across Europe.

Most recently, he has held senior finance and strategy roles within high-growth startups including EverC and Payset, navigating the fast-paced and dynamic environment of emerging technology companies.  Now, Ariel brings his unique blend of financial acumen and tech industry experience to Outpost24.

Outpost24 today launched its Outpost24 Credential Checker, a free tool that provides organizations with a sneak peek into exposed credentials leaked on the dark web.

Timely visibility into credential exposure can mean the difference between a contained incident and a full-scale data breach for organizations of all sizes. The Outpost24 Credential Checker helps solve this serious issue by checking whether an organization’s email domain is linked to any credentials leaked on the dark web.

The Outpost24 Credential Checkeris powered with threat intelligence used by Outpost24’s CompassDRP, a Digital Risk Protection solution that gives security teams visibility over both the digital attack surface and external threats in a single cloud-based solution. It combines the asset discovery powers of Outpost24’s EASM platform with threat-intelligence powered DRP modules enabling organizations to monitor their known and unknown public-facing internal assets, as well as threats from external channels across the open, deep, and dark web. Once identified, these threats are easily prioritized due to contextual threat intelligence insights that speed up remediation efforts.

How it Works

Simply input an email address related to a corporate domain and the Outpost24 Credential Checker will search for matches in Outpost24’s database with billions of compromised credentials and in minutes a report will generate on whether the domain appears in known public breach repositories. The free report provides the number of stolen credentials found for a given domain and its web assets, as well as the most common reason for the data theft, including the most prevalent malware or virus that Outpost24 found stealing this data.

To start your first scan, access the Outpost24 Credential Checker here.

Outpost24 researchers today released research looking at a race condition vulnerability in nopCommerce, an open-source eCommerce platform written in C#, which aids developers in building online stores. When exploited, it allows an attacker user to redeem a gift card multiple times by using a technique called a single-packet attack. If they did this correctly, they were able to receive items for free. 

The full details can be found at this link and it is a very interesting read.

Earlier today I posted a story warning about Iran launching cyberattacks on the US. But it seems that Iran has to worry about coming under a cyberattack as well.

The cyberattack by Gonjeshke Darande on Nobitex (Iran’s largest cryptocurrency exchange) made global headlines, not only for its scale, but for its political intent. This bold act of digital sabotage occurred within a rapidly deteriorating geopolitical context.

On June 13, 2025, Israeli airstrikes targeted key Iranian military and nuclear facilities. Iran responded with swift retaliation, escalating tensions across the region. In this environment, the Nobitex hack stands out not just as a significant cyber incident, but as a symbolic strike, designed to undermine Iran’s financial stability, expose alleged regime corruption, and deliver a political message in the language of cyberwarfare.

Today, Outpost24 Strategic Research Lead Lidia López Sanz published an analysis of the attack in her post Analyzing the Gonjeshke Darande attack on Iranian crypto exchange Nobitex walking through how the attack happened and the lessons that can be learned.

According to Lidia:

“It is very unusual to see millions of dollars’ worth of cryptocurrency burned with the sole purpose of causing disruption and making a political statement. There have been other major attacks on cryptocurrency exchanges, for example the North Korean state-sponsored group Lazarus is well known for such attacks, but those had mainly a financial gain motivation. In this case, Gonjeshke Darande, appears to have chosen to not steal the funds for profit, in order to deliver a stronger message.”

This analysis is completely worth reading. Thus I would set aside some time to do so.

Outpost24 today announced it has been recognized as an Overall Leader in the 2025 KuppingerCole Leadership Compass Report for Attack Surface Management and is the only European vendor named as an Overall Leader in the report. The company was also named a leader in the Product and Market categories. Outpost24 has quickly moved up from its previous position as “Challenger” in 2023 to the Overall Leader category in 2025.

The KuppingerCole Leadership Compass Report provides an overview of the Attack Surface Management market and guides organizations to find the solution that best meets their needs. They examine the market segment, vendor service functionality, and innovative approaches to providing Attack Surface Management solutions.

According to the report, the modern attack surface has expanded significantly due to the use of cloud services, mobile devices, APIs, Internet of Things (IoT) devices, supply chains, and remote work practices. This expansion introduces new endpoints and potential vulnerabilities and makes organizations more susceptible to cyber threats. Implementing Attack Surface Management (ASM) solutions enables organizations to identify potential vulnerabilities, assess the effectiveness of their cybersecurity systems, and strengthen their security posture accordingly. A proactive approach to cybersecurity has become an essential requirement for organizations, as cyber threats continue to evolve in complexity and frequency.

Outpost24 key features selected by KuppingerCole are:

• Detects websites and applications that are without GDPR-compliant cookie consent practices. (Distinguishing feature)
• Strong M&A risk analysis capabilities
• Easy licensing which includes unlimited assets and users per organization
• Contributing member of the Cyber Threat Alliance
• Pen testing availability as a service
• Proprietary risk-scoring framework
• Supported MITRE ATT&CK mapping

Outpost24’s cloud-based External Attack Surface Management (EASM) platform helps organizations identify, protect and monitor their external attack surface and improve their cyber resilience. Outpost24 offers automatic data gathering, enrichment, and AI-driven analysis modules that analyze all known and unknown internet-facing assets for vulnerabilities and attack paths to then offer simple, effective remediation actions to close any security gaps.

“We are honored to be named an Overall Leader in the 2025 KuppingerCole Leadership Compass Report for Attack Surface Management,” said Ido Erlichman, CEO of Outpost24. “As the modern attack surface continues to expand, organizations must take a proactive approach to protecting themselves by understanding their specific attack surface and identifying any potential vulnerabilities. Our ASM solutions, including recently launched Outpost24 CyberFlex, provide a comprehensive view of internal and external attack surfaces to identify unknown assets, close security gaps, prioritize risk mitigation and holistically protect organizations.”

To download a complimentary copy of the 2025 KuppingerCole Leadership Compass Report, please visit this link.

Outpost24 offers industry-leading Attack Surface Management solutions that keep security teams one step ahead of emerging threats. They help thousands of organizations around the world to identify, protect, and monitor digital risks before they can be exploited. Outpost24 was founded in 2001 and is headquartered in Sweden, with offices in the US, UK, France, Belgium, and Spain.  Visit https://outpost24.com/ for more information.