Outpost24 adds AI summaries to boost digital threat analysis
The new feature is designed to provide efficient threat analysis by reducing the time security teams spend interpreting complex findings and helping organisations manage digital risks more effectively.
Outpost24's Digital Risk Protection modules enable organisations to identify, monitor, and protect against potential cyber threats before exploitation occurs. These modules continuously scan for exposed credentials, brand impersonations, data leaks, and other risks, but the volume and intricacy of findings can pose challenges for rapid decision-making by security professionals.
With the addition of AI-enhanced summaries, each DRP finding is automatically condensed into a 25-word explanation. By employing large language model (LLM) technology, the platform aims to streamline the interpretation of threat intelligence and provide concise, helpful information.
The AI-generated summaries are intended to offer content insights in an accessible format, translate threat information from foreign languages into English, and distil complex intelligence into key areas of concern for users.
"The latest AI-powered feature in Outpost24's Digital Risk Protection solution enhances efficiency by providing time-saving summaries that support informed decision-making and proactive threat management. We will continue expanding AI capabilities across our Attack Surface Management solutions," Omri Kletter, Chief Product Officer at Outpost24, said
The AI-enhanced summaries join the existing Domain Discovery AI feature in the External Attack Surface Management platform, reflecting Outpost24's ongoing research and development in artificial intelligence for attack surface management.
Outpost24 has stated that, although DRP results are inherently based on publicly available data, the company is taking steps to prevent further data exposure. The AI summaries will be generated through a private instance of a large language model to help ensure information is not leaked to third parties.
Outpost24, a prominent European cybersecurity firm specialising in Attack Surface Management (ASM), has solidified its position in the industry through strategic investments and leadership enhancements. The company is backed by Vitruvian Partners, an international investment firm known for supporting high-growth technology companies.
Founded in 2001 in Sweden, Outpost24 has expanded its global footprint, serving over 3,000 customers across 65 countries. The company's comprehensive cybersecurity solutions encompass ASM, Digital Risk Protection (DRP), and Identity and Access Management (IAM), enabling organizations to identify assets, mitigate risks, and monitor emerging threats effectively.
A key component of Outpost24's approach involves its team of ethical hackers who specialise in identifying and addressing complex threats. These professionals collaborate closely with client teams to enhance security measures and contribute to the broader cybersecurity community through research and intelligence sharing.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
02-08-2025
- Techday NZ
Outpost24 launches tool to detect dark web credential leaks
Outpost24 has launched a free tool aimed at helping organisations identify whether their credentials have been exposed on the dark web. The new product, known as the Outpost24 Credential Checker, enables organisations to check if their email domain is associated with credentials that have been leaked covertly online. This new offering is powered by the company's CompassDRP Digital Risk Protection solution, leveraging Outpost24's threat intelligence database to report on compromised credentials linked to a specified domain and its web assets. Timely identification of credential exposure is regarded as critical for preventing data breaches. The company states that its Credential Checker provides a measure to spot leaked credentials before they cause serious harm, whatever the size of business. Our goal in offering our Outpost24 Credential Checker is to democratise threat intelligence and help everyone to be more secure. With our Outpost24 Credential Checker, we're offering a sneak peek into a small part of our threat intelligence knowledge base, but also making it accessible to everyone, especially those organisations with smaller budgets. The tool is designed to be straightforward to use. Users input an email address connected to their corporate domain, after which the Credential Checker scans Outpost24's database - comprising billions of compromised credentials. Within minutes, a report is generated showing whether there is a match in known public breach repositories. The free report provided to users details the number of stolen credentials discovered for a given domain and its related web assets. It also offers context on how the information may have been compromised, which includes naming prevalent malware or viruses identified as responsible for the data theft. Outpost24 reports that the Credential Checker's threat intelligence capabilities are sourced from its CompassDRP platform. This solution provides security teams with a view over an organisation's digital attack surface as well as external threats in one cloud-based system. The platform brings together asset discovery from Outpost24's EASM platform with Digital Risk Protection modules. This permits continuous monitoring of both known and unknown public-facing internal assets in addition to external threat intelligence gathered from sources across the open, deep, and dark web. When threats are identified, the system aims to prioritise them through contextual threat intelligence insights, which are intended to help security teams expedite remediation processes. The launch of the Credential Checker adds to the company's range of tools to support security teams as they aim to stay ahead of emerging digital risks. Outpost24 provides Attack Surface Management solutions designed to help security teams stay ahead of evolving cyber threats. The company supports thousands of organisations worldwide by enabling them to identify, protect against, and monitor digital risks before they can be exploited. Founded in 2001, Outpost24 is headquartered in Sweden and maintains a global presence with offices in the United States, United Kingdom, France, Belgium, and Spain. The company's services are aimed at enhancing visibility and control over potential vulnerabilities across digital infrastructures. Follow us on: Share on:
Scoop
03-07-2025
- Scoop
NZICC Lands Two Large Medical Conferences – 3300 Delegates To Attend
Two of Australasia's largest association conferences are confirmed for 2026 at the New Zealand International Convention Centre (NZICC), with a combined total of 3300 delegates expected to attend generating millions of dollars in economic activity. It's the first time in more than a decade that both the Australian and New Zealand College of Anaesthetists (ANZCA) and the Royal Australian and New Zealand College of Ophthalmologists (RANZCO) will hold conferences in New Zealand. ANZCA is expected to attract 1500 delegates from around the world and inject more than $3 million into the local economy. "As a trans-Tasman organisation, we are excited to announce that the 2026 ANZCA Annual Scientific Meeting (ASM) will take place in Auckland. We are one of the largest specialist medical colleges in Australasia, and we are thrilled to have secured the state-of-the-art venue of the NZICC," said Professor Dave Story, President of ANZCA. The conference, which will be held across six days, including pre-meeting workshops, in May 2026, will feature a distinguished lineup of international keynote speakers on anaesthesia and pain medicine and will deliver up to 150 workshops to attendees. Later in the year, RANZCO's Annual Scientific Congress will take place. It's expected to attract 1800 delegates in November and contribute more than $2 million in economic activity. 'RANZCO is delighted to be welcomed to Auckland for our 57th Congress. It has been over a decade since RANZCO's Congress was last hosted in New Zealand and we're excited to experience all the vibrancy Auckland has to offer," said CEO Mark Carmichael. NZICC Director of Sales and Planning, Alana Bicknell, says securing two such prestigious conferences in what will be NZICC's first year of opening is a major boost. 'We can't wait to extend our manaakitanga to the delegates of both conferences. We're confident the NZICC will absolutely wow them.' The bids securing these events were led by the NZICC with the support of the Auckland Convention Bureau (ACB), a division of Tātaki Auckland Unlimited, and Tourism New Zealand Business Events. 'We appreciate the support from our industry partners to help bring these events to New Zealand, and also the government for their recent announcement regarding changes to the law around the advertising of medicines that have previously been a barrier to international medical conferences coming here,' said Alana Bicknell. Notes: The NZICC is designed to host events with over 4,000 attendees, offering flexible spaces that can be tailored to meet diverse event needs. Conveniently located in the heart of Auckland's CBD, it provides seamless connectivity to the city's vibrant communities, efficient transport links, and effortless access to more than 8,000 hotel rooms within a 20-minute walk, which ensures a smooth and enjoyable experience for guests. About ANZCA ASM 2026 ANZCA ASM is an annual meeting organised by the Australian and New Zealand College of Anaesthetists (ANZCA) and the Faculty of Pain Medicine (FPM). It serves as a key forum for anaesthetists, pain medicine specialists, researchers, and healthcare professionals worldwide to engage in knowledge exchange, discuss advancements, and address critical issues in anaesthesia and pain medicine. ANZCA ASM 2026's theme is '@Herenga waka, herenga tāngata: From home to home', which they worked with a designer, Chloē Reweti (Ngāi Te Rangi, Ngāti Ranginui, Ngāti Porou), and cultural advisor, Tui Blair (Ngāti Whātua). Event Dates: 30 April – 5 May 2026 About RANZCO Congress RANZCO Congress is an annual scientific meeting, bringing together ophthalmologists from Australia, New Zealand, and overseas. The event fosters collaboration and learning in the latest techniques, research, and advancements in eye care. Event Dates: 5 – 9 November 2026 About NZICC: The New Zealand International Convention Centre (NZICC) is located in the heart of Tāmaki Makaurau Auckland CBD, making it one of the most connected convention centres in the world. Designed collaboratively alongside event industry experts, the NZICC is a vertically stacked, flexible and modern building, creating a hub of innovation and positive exchange integrated into the fabric of a vibrant city. Uniquely positioned to make each event a memorable experience, the NZICC will offer: A venue that is designed around giving delegates fast and effortless transitions between meetings, exhibition, pre-function, banquet, and performance spaces. A glazed facade provides delegates with an inviting and transparent connection to the vibrancy of the city while allowing views of Auckland's natural beauty, from the Waitākere Ranges to the Waitematā Harbour. Close proximity to Auckland's innovation ecosystem – universities, business headquarters and innovation hubs – allowing event organisers to tap into New Zealand's leading knowledge centres. An integrated atrium and public laneway encourage networking and enhances the delegate experience within a city full of excitement and sophistication, with over 8000 hotel rooms, dining precincts, shopping and entertainment all within 10 minutes walking distance. Configurable spaces presenting opportunities for a wide range of events with intimate meeting spaces on all levels, pre-function capacity for 2,700 people, convention capacity for 3,150 and one-off events for 4,000.
Techday NZ
20-06-2025
- Techday NZ
Outpost24 identifies key OAuth risks & best practice solutions
An analysis by Outpost24 has examined seven of the most common vulnerabilities present in OAuth implementations and outlined recommended measures organisations can take to mitigate these risks. OAuth, short for Open Authorization, is a widely used industry protocol that allows users to grant access to their data on one site to another site, without sharing their credentials directly. This delegation of authority involves issuing tokens that provide time-limited and scoped permissions to client applications on behalf of users. Underlying complexity Although OAuth helps reduce direct exposure of user credentials and supports fine-grained access control, its broad flexibility also creates significant opportunities for errors during implementation. The protocol's reliance on strict validation of parameters, endpoints and tokens, as well as correct management of application state, means that mistakes or oversights can introduce vulnerabilities that attackers can exploit. Outpost24's analysis notes that OAuth is not inherently weak, but that its "power (delegated, token-based access) relies on numerous checks and balances. However, OAuth vulnerabilities often arise when developers or architects skip steps, like byte-for-byte URI validation, state verification, or signature checks on ID tokens. These oversights create exploitable gaps that attackers can target. So, OAuth itself isn't inherently 'weak'—but its flexibility and the proliferation of optional parameters and flows make it easy to misconfigure in ways that lead to real-world vulnerabilities." Common vulnerabilities The analysis identifies seven main areas where OAuth vulnerabilities commonly occur: 1. Open redirect and redirect URI manipulation: If the system does not strictly validate redirect URIs, attackers can manipulate authorisation flows to direct tokens or codes to endpoints they control, resulting in unauthorised access to user data. 2. Missing or weak Cross-Site Request Forgery (CSRF)/state protections: Failing to include a robust state parameter tied to each user's session enables attackers to trick users into completing authorisation requests that generate tokens for attacker-controlled clients. 3. Implicit flow and lack of Proof Key for Code Exchange (PKCE): The use of implicit flow, where access tokens are delivered directly via the browser, exposes tokens to interception. Without PKCE, even the more secure code flow can be susceptible if an attacker can access intermediate codes. 4. Inadequate scope validation and overly broad permissions: Applications may request excessive permissions, which can lead to abuse if an attacker acquires the access token. Users can be misled into granting high-privilege access. 5. Token leakage via insecure storage or transport: Storing tokens in browser storage areas accessible to client-side scripts, or transmitting them over insecure channels, can lead to theft through network compromise or browser vulnerabilities. 6. Missing or ineffective token revocation: Without appropriate means to revoke tokens, attackers or malicious clients may retain access indefinitely, even after a user believes they have rescinded authorisation. 7. Homegrown or outdated OAuth implementations: Custom or obsolete libraries may omit essential security checks, such as validating signature fields or all necessary request parameters, making exploitation feasible through replay or impersonation attacks. Mitigation strategies The analysis offers concrete recommendations to address each identified risk. For redirect URI threats, strict, exact matching of registered URIs is advised, along with enforcement of HTTPS. To defend against CSRF threats, the report urges clients to "generate a cryptographically random state value, store it in the user's session, and include it in the request. Strictly validate state on callback," and to make use of SameSite cookie attributes. The deprecation of the implicit flow and the universal adoption of PKCE are recommended for public clients. The analysis recommends the "use of authorization code flow + PKCE for all public clients", which helps bind token requests to verified identifiers, limiting misuse. Limiting scope requests to the minimal set required, alongside server-side validation of access scope, are key principles for scope management. Regarding token storage and transport, the advice is to "use secure, HttpOnly cookies for storing tokens" and to "enforce TLS everywhere… All endpoints (authorization, token, resource) must enforce HTTPS with strong ciphers." Short token lifetimes and refresh token rotation are also recommended to reduce the exposure following a token compromise. For revocation, the report recommends implementing dedicated endpoints that can invalidate access and refresh tokens in accordance with relevant standards, with continuous verification at the resource server layer to ensure revoked tokens remain unusable. On the issue of custom or outdated OAuth implementations, the recommendation is to "adopt well-maintained libraries and frameworks" and to "stay current with RFCs and security advisories," underscored by regular code reviews, threat modelling and attention to emerging IETF best practices. Operational recommendations To build a resilient OAuth deployment, enforce strict validation of redirect URIs, state parameters, and token signatures; adopt PKCE for all public clients; and adhere to least‐privilege scope requests. Ensure secure storage and transmission of tokens (favouring HttpOnly cookies over local storage) and implement token revocation with continuous introspection. Use community‐trusted OAuth libraries, keep up with evolving IETF/OAuth 2.1 guidelines, and maintain robust logging/monitoring to catch misuse quickly. Outpost24's analysis points out that by addressing these common misconfigurations and implementation issues, organisations "significantly reduce the risk of credential theft, unauthorised API access, and large-scale data breaches arising from flawed OAuth integrations."
