By Waqas
An OSINT tool is a must for every researcher - In this article, we will explore the 15 best OSINT tools that you can use for your investigations.
This is a post from HackRead.com Read the original post: What is an OSINT Tool – Best OSINT Tools 2023

Open Source Intelligence (OSINT) tools are an invaluable resource for companies, organizations cybersecurity researchers and students. In this article, we will explore the 15 best OSINT tools that you can use for your investigations and education purposes.

**OSINT**, or Open Source Intelligence, refers to the practice of gathering information from publicly available sources. In the information and digital age, there are countless tools and resources available for OSINT practitioners to use, making it easier than ever to collect and analyze information. Here are the 15 best OSINT tools that you can use for your investigations:

**Maltego**

Maltego is a powerful and sophisticated OSINT tool for gathering data from public sources. Developed by Paterva, Maltego OSINT allows users to quickly uncover relationships between large amounts of disparate data which can then be used to build intelligence profiles.

With Maltego OSINT, users are able to extract information from multiple online sources using simple graphic representations. This includes the ability to map out social networks, capture contact details and business data, track domain names and IP addresses, uncover digital evidence such as documents or images stored on websites, find related news articles and more.

Furthermore, by automating the process of gathering publicly available data in this way, Maltego OSINT enables users to quickly discover hidden connections that would otherwise remain undetected. Visit the official website of Maltego **here**.

**Shodan**

**Shodan** is a search engine for the Internet of Things **(IoT) devices** and an OSINT tool that is used to uncover vulnerable and exposed devices connected to the Internet, otherwise known as smart devices.

Shodan was created by John Matherly in 2009 and is considered to be the world’s first computer search engine. Shodan can be used to detect security vulnerabilities on public websites, as well as provide detailed information about each web server it finds.

Shodan has become increasingly popular among cybersecurity and IT security professionals who use it for vulnerability assessment, penetration testing, and network mapping. Shodan also helps them identify insecure services such as **misconfigured cloud databases**, FTP servers, telnet servers, and SSH servers that are exposed on the internet without authentication or encryption.

Additionally, Shodan provides detailed technical information about each device it finds including IP address, operating system type, open ports, running software programs and associated vulnerabilities. That is why Shoden is a perfect OSINT tool out there. Visit the official website of Shodan **here**.

**TheHarvester**

TheHarvester is a powerful OSINT tool used to find information related to domains and email addresses. It can be used by security professionals, IT administrators, and hackers alike to collect information from different sources on the internet.

TheHarvester was created as an alternative for doing research on public resources such as search engines, PGP key servers, and social networks. It allows users to quickly gather large amounts of data from sites like Google, Bing, Yahoo!, Dogpile, LinkedIn, Twitter and many more.

All of the gathered data can be exported into several formats such as HTML/XML or even saved as a text file. Additionally, it includes an API that allows users to customize their searches according to their specific needs. Visit the official TheHarvester page on Kali **here**.

**Recon-ng**

Recon-ng is an OSINT tool used for reconnaissance and data gathering. It is a full-featured web application that can be used to gather subsets of public information related to a target, such as usernames, names, email addresses, domain names and other relevant details.

Recon-ng has been designed to automate the process of gathering intelligence about a given target as quickly and efficiently as possible. The Recon-ng OSINT tool provides users with access to multiple resources such as Google, Bing, Twitter, Shodan and more.

The platform also allows users to interact with each resource using the same interface which simplifies the data-gathering process significantly compared to traditional methods. It enables users to quickly collect comprehensive information on a target without having to manually search multiple online sources or databases. Visit the official Recon-ng page on Kali **here**.

**Spiderfoot**

Spiderfoot is an excellent OSINT tool designed to automate the process of gathering information about a specific target. Spiderfoot enables users to have quick and easy access to a wide range of data sources.

It is capable of collecting information from over 200 sources, such as DNS records, WHOIS information and public resources like Shodan, **VirusTotal**, Google and others. Spiderfoot can be used for reconnaissance, investigative research and even threat hunting by allowing users to quickly identify potential threats or vulnerabilities in their environment.

The tool works by scanning the internet for publicly available data from various sources based on the user’s input query parameters. The collected data can then be mapped out into an interactive graph with various visual indicators which make it easier to interpret the gathered information.

This feature makes it much easier for security professionals to recognize trends or anomalies within their networks which can help them detect malicious activities or threats early on. Visit the official website of Spiderfoot **here**.

**OSINT Framework**

OSINT Framework is a website and information-gathering tool used by security professionals for investigative purposes. It is a collection of free and publicly available tools that can be used to conduct online investigations.

OSINT Framework provides users with an easy-to-use platform to quickly search, collect and analyze data from various sources such as social media platforms, websites, forums, blogs and more. By using this framework, security professionals are able to gather a wealth of information in order to identify potential threats or anomalies on the web.

The OSINT Framework enables users to access public records and other sources of information quickly and efficiently. It utilizes specialized search engines and databases such as Google Hacking Database (**GHDB**) as well as several other open-source intelligence tools such as Recon-ng, Maltego and Shodan. Visit the official website of OSINT Framework **here**.

**Foca**

Foca (Fingerprinting Organizations with Collected Archives) is an OSINT tool used by cybersecurity professionals to collect data from the internet. It can be used to find information on any subject, including people, companies, and other organizations. The tool gathers data from a variety of sources such as social media platforms, websites, and search engines.

The tool helps users to collect information quickly and efficiently by providing them with a set of tools for searching, collecting and analyzing the collected data. It provides users with advanced filtering options that allow them to narrow down their searches and find relevant information easily.

Foca also has features such as keyword analysis which enables users to analyze text-based content or images in order to identify patterns or trends in the collected data. Additionally, it offers other features like automated report generation which allows users to generate reports quickly without having to manually gather all the necessary data themselves. Visit the official GitHub repository of FOCA **here**.

**Metagoofil**

Metagoofil is a powerful OSINT tool used for gathering publicly available information about a particular target. It is especially useful for penetration testers, security professionals, and researchers who need to collect data from websites in order to perform reconnaissance on their targets.

Metagoofil was developed by Edge Security in 2006 as part of the framework for its security consulting services. This tool can be used to scan websites, search engines, and public document archives such as **PDFs and Microsoft Office documents**. It then searches for specific keywords related to the target and collects the relevant information from these sources.

With its easy-to-use interface, Metagoofil allows users to quickly find files containing sensitive information such as usernames, passwords, email addresses, IP addresses, etc., which can then be used in further attacks or research projects. Visit the official Metagoofil page on Kali **here**.

**GHunt**

GHunt is a new OSINT tool that lets users extract information from any Google Account using an email. The information that GHunt extracts include:

*   Google ID
*   Owner’s name
*   Public photos (P)
*   Phones models (P)
*   Phones firmware
*   Installed Softwares
*   Google Maps reviews
*   Possible physical location
*   Possible YouTube channel
*   Possible other usernames
*   Events from Google Calendar
*   If the account is a Hangouts Bot
*   Last time the profile was edited
*   Activated Google services (YouTube, Photos, Maps, News360, Hangouts, etc.)

Visit GHunt’s GitHub repository **here**.

**Yandex Images**

The Russian counterweight to America’s Google, Yandex has been extremely popular in Russia and offers users the option to search across the internet for thousands of images. This is in addition to its reverse-image functionality which is remarkably similar to Google.

A good option included within is that you could sort images category wise which can make your searches more specific and accurate.

**Tip:** In my personal experience; Yandex image search results are far more accurate and in-depth than Google Images. Visit Yandex **here**.

**N2YO.com**

Allowing you to track satellites from afar, N2YO is a great tool for space enthusiasts. It does so by featuring a regularly searched menu of satellites in addition to a database where you could make custom queries along the lines of parameters such as the Space Command ID, launch date, satellite name, and an international designator.

You could also set up custom alerts to know about space station events along with a live stream of the International Space Station(ISS)! Visit the official website of N2YO **here**.

**TinEye**

TinEye is the original reversed image search engine, and all you have to do is submit a proper picture to TinEye to get all the required information, like where it has come from and how it has been used.

Instead of using keyword matching, it uses a variety of approaches to complete its tasks, including picture matching, signature matching, watermark identification, and numerous other databases to match the image. 

In conclusion, these 15 OSINT tools are among the best available for conducting investigations using publicly available information. Whether you are a professional investigator or a curious individual, these tools can help you gather and analyze information more efficiently and effectively. Visit the official website of TinEye **here**.

**Have I Been Pwned**

**Have I Been Pwned** is an online service that helps people determine if their personal data has been compromised. It works by using email addresses to track data breaches, allowing users to know whether their information has been leaked or stolen due to a hack or other incident.

Have I Been Pwned was created in 2013 by Troy Hunt, a Microsoft Regional Director and security expert. The site provides users with detailed information about the source of any breach affecting their personal data, as well as the types of data that may have been leaked. This allows them to take appropriate steps to protect themselves from future attacks.

Have I Been Pwned or HIBP currently tracks more than 12 billion accounts across over 600 major data breaches, providing one of the most comprehensive databases for checking if your account details have been exposed online. Visit Have I Been Pwned **here**.

**Conclusion**

In conclusion, OSINT tools are an invaluable resource for anyone looking to stay ahead of the curve in the world of digital intelligence. The 15 Best OSINT tools outlined in this article provide an excellent overview for any user, from the novice to the professional, to get started. By using these tools and understanding their functions, users can empower themselves to become better researchers and find valuable data more quickly.

1.  **Top 10 Reliable VPN Services**
2.  **5 Free Best Internet Speed Test Websites**
3.  **8 Online Best Dark Web Search Engines for Tor Browser**
4.  **What Are Dark Web Search Engines and How to Find Them?**
5.  **Best legal & free online streaming sites for movies & TV shows**

What is an OSINT Tool – Best OSINT Tools 2023

Next week will be our final installment of our 2022 Year in Review report coverage. We’ll be publishing a final topic summary on Ransomware and Commodity Loaders and follow up these reports with a livestream on LinkedIn and Twitter with report and subject matter experts.

Thursday, February 2, 2023 15:02

Welcome to this week’s edition of the Threat Source newsletter.

If you haven’t noticed yet we’ve had a few guest writers on this newsletter over the last few months. Alas my time covering the newsletter has ended and I leave you with one final edition. Have no fear, William Largent will be rounding out the guest appearances next week and your long-time host Jon Munshaw will be back at the helm. Thanks for sticking with us this long and if you’re newly subscribed welcome!

**The one big thing**

Next week will be our final installment of our 2022 Year in Review report coverage. We’ll be publishing a final topic summary on Ransomware and Commodity Loaders and follow up these reports with a livestream on LinkedIn and Twitter with report and subject matter experts.

**Why do I care?**

We published our full 2022 Year in Review early December. If you haven’t read  it yet we highly suggest your download your copy here or check out our previous  livestreams. Through these reports and videos we’ve broken down the threat  landscape and trends Talos observed over 2022. What’s that saying, history    repeats itself? Take a minute to look back and prepare for what lies ahead in 2023.

**So now what?**

Mark your calendar for our fourth and final livestream on Tuesday February 7th at 12 PM EST. Read the report, browse the topic summaries, or watch our livestreams on demand. Looking for extra credit? Read through Talos’ Head of Outreach Nick Biasini’s future predictions of State Sponsored attacks in 2023.

**Top security headlines of the week**

Coming back from the dead yet again a new Lazaurs campaign has been found to exploit unpatched Zimbra devices targeting medical research and energy industries along with their supply chain partners in attempts to gather intelligence. Through unpatched devices the threat actors are gaining network access and escalation privileges. (SC Media)

Google’s official mobile virtual network operator (MVNO), Google Fi, was in headlines due to a customer data breach via T-Mobile. Using technology to switch between cellular provides Google Fi provides constant coverage for customers through T-Mobile and US cellular. It’s reported the breach happened in November 2022 but wasn’t discovered until early January 2023. Customers have been notified but many questions remain, like are users still vulnerable? (TechCrunch)

Surprising quite literally no one, ChatGPT sets a record for the fastest-growing user base in history. Reaching an estimated 100 million active monthly users in December just two months after launch (yet every time I try to get it to write this newsletter it says the app is at capacity…). Whether you’re a user, a skeptic, or simply don’t care ChatGPT has stirred up a lot of attention lately, we’ll all just have to keep an eye on the evolution of ChatGPT. (Ars Techinca)

**Can't get enough Talos?**

·  State Sponsored Attacks in 2023 and Beyond

·  Quarterly Report: Incident Response Trends in Q4 2022

· CTIR On Air: Reviewing Q4's top threats livestream

· Threat Landscape Topic Summary Report: Cisco Talos Year in Review 2022

·  2022 Year in Review: Threat Landscape Livestream

**Upcoming events where you can find Talos**

Cisco Live Amsterdam (Feb 6-10)

Amsterdam, Netherland

WiCyS (March 16-18, 2023)

Denver,CO

RSA (April 24-27, 2023)

San Francisco, CA

**Most prevalent malware files from Talos telemetry over the past week**

SHA 256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507

MD5: 2915b3f8b703eb744fc54c81f4a9c67f

Typical Filename: VID001.exe

Claimed Product:  n/a

Detection Name: Simple\_Custom\_Detection

SHA 256: 00ab15b194cc1fc8e48e849ca9717c0700ef7ce2265511276f7015d7037d8725

MD5:  d47fa115154927113b05bd3c8a308201

Typical Filename: msaccess.exe

Claimed Product: n/a

Detection Name: rojan.GenericKD

SHA 256: e12b6641d7e7e4da97a0ff8e1a0d4840c882569d47b8fab8fb187ac2b475636c

MD5: a087b2e6ec57b08c0d0750c60f96a74c

Typical Filename: aact.exe

Claimed Product: n/a

Detection Name: W32.File.MalParent

SHA 256:  125e12c8045689bb2a5dcad6fa2644847156dec8b533ee8a3653b432f8fd5645

MD5: 2c8ea737a232fd03ab80db672d50a17a

Typical Filename: LwssPlayer

Claimed Product:  梦想之巅幻灯播放器

Detection Name: Auto.125E12.241442.in02

SHA 256: e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934

MD5: 93fefc3e88ffb78abb36365fa5cf857c

Typical Filename: Wextract

Claimed Product:  Internet Explorer

Detection Name: PUA.Win.Trojan.Generic::85.lp.ret.sbx.tg

Threat Source newsletter (Feb. 2, 2023): I bid you all adieu

The group's wanton attacks demonstrate that business email compromise is everything a hacker can want in one package: low risk, high reward, quick, easy, and low effort.

Business email compromise (BEC) has become one of the most popular methods of financially motivated hacking. And over the past year, one group in particular has demonstrated just how quick, easy, and lucrative it really is.

In a Feb. 1 blog post, Crane Hassold, director of threat intelligence at Abnormal Security, profiled "Firebrick Ostrich" a threat actor that's been performing BEC at a near-industrial scale. Since April 2021, the group has carried out more than 350 BEC campaigns, impersonating 151 organizations and utilizing 212 malicious domains in the process.

This volume of attacks is made possible by the group's wholesale gunslinging approach. Firebrick Ostrich doesn't discriminate much when it comes to targets, or gather exceptional intelligence in order to craft the perfect phishing bait. It throws darts at a wall because, evidently, when it comes to BEC at scale, that's enough.

"BEC is attractive to bad actors," Sean McNee, CTO at DomainTools, explains to Dark Reading, "due to the lower barriers to entry than malware, less risk, faster scaling opportunities, and way more profit potential to higher echelons than other methods of attack."

These factors may explain why such attacks are "absolutely _the_ emerging trend," as Hassold tells Dark Reading, leaving even ransomware in the dust. "There are literally hundreds, if not thousands, of these groups out there."

**Firebrick Ostrich's BEC M.O.**

Firebrick Ostrich almost always targets organizations based in the United States. Beyond that, though, there doesn't appear to be a pattern — it dips into retail and education, transportation and healthcare, and everything in between.

The group specializes in third-party impersonations, reflecting a shift in BEC more generally. "Since its inception, BEC has been synonymous with CEO impersonation," Hassold notes. But more recently, "threat actors have identified third parties as a sort of soft target in the B2C attack chain. More than half of the B2C attacks that we see now are impersonating third parties instead of internal employees."

The degree of reconnaissance Firebrick Ostrich requires to perform such an attack is frustratingly minimal. All that's needed is an understanding that two organizations connect to one another somehow — most often, that one provides a product or service to the other.

Such information is publicly available on many government websites. In commerce, it might be found on a vendor's website, on a landing page gallery of customer logos. If not, a simple Google search might do the trick. It's enough to go on, Hassold says, even if "they haven't compromised an account or a document that provides them with insight into payments that are going back and forth."

Having identified a vendor, the group registers a lookalike Web domain, and a series of email addresses for imaginary employees and executives in the vendor's finance department. "Firebrick Ostrich copies all of the additional fake accounts on their emails to make it look like they are including others in the conversation," Abnormal Security researchers wrote in the analysis, "which adds credibility and social proof to the message."

Finally the group sends the email, impersonating an accounts payable specialist, to the accounts payable division at the target organization. The note will typically begin with some flattery, like how the vendor "greatly appreciates you as a valued customer and we want to thank you for your continued business."

Firebrick Ostrich doesn't seek out bank information from its victims. Rather, its operatives request to update their own (the "vendor's") bank details, for future payments.

"These attackers are playing a longer game," according to the report, "hoping that a simple request now will result in a payment to their redirected account with the next payment." The group always opts for ACH, as it requires only an account and routing number — no other identifying information — to send a lump sum.

For good measure, these emails also include a vague inquiry regarding outstanding payments.

Source: Abnormal Security

What's notable in all this is how quick and easy the entire attack flow is. Case in point: Abnormal Security found that in 75% of cases, Firebrick Ostrich registered a malicious vendor domain within just two days of sending an opening phishing email, and 60% of the time within 24 hours.

**BEC Is Big-Time Cybercrime**

In 2018, the FBI released a public service announcement about a "12 billion dollar scam." From October 2013 to May 2018, the agency estimated, organizations worldwide had lost about $12.5 billion to BEC.

That seemed like a lot at the time. One year later, though, the Feds released a new PSA. Now, BEC was a $26 billion arena. And in 2022, a third PSA appeared, declaring BEC a $43 billion scam.

These numbers may even be underestimated, considering the cases that go unreported.

Firebrick Ostrich is a prime example of why BEC is so popular, according to Abnormal Security: "They have seen massive success, even without the need to compromise accounts or do in-depth research on the vendor-customer relationship." The campaigns are effective yet quick, low effort, with a low barrier to entry.

BEC can also be, as McNee calls it, a "'gateway drug' to other illicit, illegal activities" like ransomware.

"There’s an accessible underground economy of suppliers that make account takeover fairly trivial, so if a BEC-focused bad actor is interested in pivoting to other activities or selling the access they gain to others, they can easily do so." This relationship goes both ways, with ransomware double extortions feeding follow-on BEC attacks.

To prevent a costly compromise, Hassold recommends that organizations "have a really structured and rigid process for any financial transaction. Make sure that the account change is confirmed with the actual party offline, in a separate communication thread, before the change is actually implemented."

Most of all, employees must be aware of phishing tactics. "A key reason BEC attacks are difficult to defend against," McNee adds, "is that they attack people and not technology per se. Everyone is susceptible to social engineering because we’re all human."

Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial-Scale Cyberattacks

Popular hacking aid resurrected following end-of-life announcement

Popular hacking aid resurrected following end-of-life announcement

XSS Hunter now has a home at Truffle Security, which has launched a new version of the tool after its original creator declared that he will be deprecating it in February.

XSS Hunter is a popular open source tool for identifying cross-site scripting (XSS) bugs in websites. An online version was previously maintained by its creator Mandatory (Matthew Bryant).

The new version, hosted on Truffle Security’s domain, is an open source fork of the original code with new features and enhanced security.

**Privacy concerns**

XSS is a very common vulnerability, accounting for 23% of bug reports submitted to bug bounty platform HackerOne, for example.

“The most popular tool for looking for XSS aside from manual testing is XSSHunter,” Dylan Ayrey, co-founder of Truffle Security, told The Daily Swig. “It’s an extremely valuable tool to the community, but it also had risks.”

Many users of XSS Hunter would accidentally send sensitive data to the platform and possibly cause data leakage. Ayrey had previously stumbled on 50,000 Google user records while working with the old XSS Hunter, which became the topic of a talk he gave at Black Hat 2022.

“As long as Mandatory was in charge of the service, I wasn’t concerned with what the platform might do with that data collected,” Ayrey said.

“But we were concerned after the EOL \[end of life\] was announced, another tool might have come along to replace it with operators that may have had different intentions with the data collected.”

Read more of the latest news about web hacking tools

The new XSS Hunter tool blurs screenshots captured by the platform to protect sensitive information rendered by the XSS payload. It has also removed support for full DOM capture and enforces Google SSO login to improve account security.

Regarding the deprecation of the old service, Mandatory told The Daily Swig that he had become “increasingly uncomfortable with the amount of vulnerability information stored in the service.

“Ideally I’d like to be storing zero vulnerability information for XSS hunter users, which this deprecation will achieve,” he said.

Mandatory described Truffle Security’s fork as “a step in the right direction” and said: “I think the fact that Truffle Security is starting out with an eye on balancing privacy and bug bounty research interests is a good sign.”

**New features**

Truffle Security has added support for detecting other kinds of vulnerabilities, including cross-origin resource sharing (CORS) misconfigurations that would allow external sites to view and extract data from internal domains. CORS vulnerabilities can be especially damaging, as Truffle Security recently discovered while investigating different internal corporate networks.

Truffle Security has integrated the lite version of its TruffleHog tool into the new XSSHunter, enabling it to scan HTML pages for secrets such as AWS, GCP, and Slack keys. It will also scan tested websites for source code leaks via .git directories.

“We saw an opportunity to both address privacy concerns as well as give the cybersecurity community new capabilities within the XSS Hunter tool,” Ayrey said.

Ayrey said Mandatory was supportive of the effort and helped out in the process. Truffle Security plans to add more features to XSS Hunter in the future, including adding a more complete version of TruffleHog.

Mandatory, who described XSS Hunter as his long time passion project, will continue to maintain the open source xsshunter-express repository “more dutifully in the future to support those who wish to self-host their own instance”.

“When I first built the service many people didn’t really believe that blind XSS was a ‘real’ concern,” he said. “Today I don’t think anyone doubts the pervasiveness and severity of these vulnerabilities, so it has pretty much achieved what it was meant to do.”

YOU MAY ALSO LIKE Meet TruffleHog – a browser extension for finding secret keys in JavaScript code

Truffle Security relaunches XSS Hunter tool with new features

Current and former cybersecurity leaders from Microsoft, Google, GitLab, Check Point, OWASP, Fortinet and others have already joined the open framework initiative, which is being led by OX Security.

**TEL AVIV, Israel****,** **Feb. 1, 2023** **/PRNewswire/ --** OX Security, the first end-to-end software supply chain security solution, today announced the launch of OSC&R (Open Software Supply Chain Attack Reference)_,_ the first and only open framework for understanding and evaluating existing threats to entire software supply chain security.

The founding consortium of cybersecurity leaders behind OSC&R include: David Cross, former Microsoft and Google cloud security executive; Neatsun Ziv, Co-Founder and CEO of OX Security; Lior Arzi, Co-Founder and CPO at OX Security; Hiroki Suezawa, Senior Security Engineer at GitLab; Eyal Paz, Head of Research at OX Security; Phil Quade, former CISO at Fortinet; Dr. Chenxi Wang, former OWASP Global Board member; Shai Sivan, CISO at Kaltura; Naor Penso, Head of Product Security at FICO; and Roy Feintuch, former Cloud CTO at Check Point Technologies.

Discussions with hundreds of industry leaders revealed that there was a very concrete need for a MITRE-like framework that would allow experts to better understand and measure supply chain risk, a process that until now could only be  based on intuition and experience. OSC&R is designed to provide a common language  and structure for understanding and analyzing the tactics, techniques, and procedures (TTPs) used by adversaries to compromise the security of software supply chains.

"Trying to talk about supply chain security without a common understanding of what constitutes the software supply chain isn't productive," said Neatsun Ziv, who served as Check Point's VP of Cyber Security before founding OX. "Without an agreed-upon definition of the software supply chain, security strategies are often siloed."

OSC&R is now ready to be used by security teams to evaluate existing defenses and define which threats need to be prioritized, how existing coverage addresses those threats, as well as to help track behaviors of attacker groups.

"OSC&R helps security teams build their security strategy with confidence," said Hiroki Suezawa, Senior Security Engineer at Gitlab. "We wanted to give the security community a single point of reference to proactively assess their own strategies for securing their software supply chains and to compare solutions," he continued.

The OSC&R framework will update as new tactics and techniques emerge and evolve. It will also assist red-teaming activities by helping set the scope required for a pentest or a red team exercise, serving as a scorecard both during and after the test. The framework will also now be open for other cybersecurity leaders and practitioners to contribute to OSC&R.

"I believe the OSC&R framework will help organizations reduce their attack surface," said Naor Penso, Head of Product Security at FICO. "I am proud to take part in a project that can have such a major impact on the future security landscape, and to share our knowledge and expertise."

The OSC&R framework is now online: https://pbom.dev/

**About OX Security**

OX Security believes that security should be an integral part of the software development process, not an afterthought. Founded by Neatsun Ziv and Lior Arzi, who previously led Check Point's Security Group, OX  is the first end-to-end software supply chain security solution. OX provides DevSecOps teams with the automation, visibility, and risk insights they need to bring security and integrity to every step of the supply chain, from the earliest planning stages until deployment to production.

SOURCE Ox Security

Cybersecurity Leaders Launch First Attack Matrix for Software Supply Chain Security

Categories: Personal
Tags: cybersecurity 101

Tags:  online privacy 101

Are you smarter than a five-year-old? When it comes to online security and privacy, you should be.



(Read more...)




The post Cybersecurity and privacy tips you can teach your 5+-year-old appeared first on Malwarebytes Labs.

Everything we teach our kids starts at home—we parents are their first teachers, after all. So, why wait for them to start going to school to start learning about cybersecurity and online privacy?

Though it's hardly news that more and more children are being introduced to mobile computing devices like tablets, smartphones, and laptops at an early age, you may be surprised at _what_ that age is. In 2015, Time featured a study revealing parents handing over such devices to kids as young as six months old. That may be too early an age for teaching a child beyond getting them to sit up, but after nearly a decade, similar trends on age versus technology use have persisted. \[1\]\[2\]\[3\]

As mobile devices have become an indispensable part of a child's life, a big question stands: What is the "appropriate" age to start teaching your little one about their security and privacy when using those devices? 

Well, it depends. If your child can understand (simple?) instructions and do them, you’re good to go. Remember, every child is different.

**5 cybersecurity and privacy tips you can tell your 5+-year-old**

Fostering habits for some simple yet good cybersecurity and privacy best practices early on can go a long way.

**1\. Lock the device.**

When it's time to put away the phone or tablet so your child can do something else like going to the park, remind them to lock it. They can do this by pressing the power button of the device. Of course, this only works if you have Lock Screen enabled on the device.

If your child is 5 years old and up, you can explain to them that locking the phone or tablet stops other people from using it without asking permission.

**2\. Use passwords.**

Of course, in order to lock a device's screen, a password is needed in this case. Not going for a pattern lock is deliberate. At this stage, we're not only seeding the idea of creating strong passwords but also making locking devices the norm (From 2016 to 2018, a reported 28 percent of Americans surveyed failed to use _any_ safeguards to lock their phones).

Don’t be too concerned about length yet, but if you can get your little one to spell out and remember a six to eight-character string—ideally, a word—you're both golden. We started our little one with a three-letter password to open her tablet when she was four, and we plan to triple that length now that she's two years older.

**3\. Keep the device in a safe place.**

Instruct your little one to put away the phone or tablet after they lock it. Make sure you already have a designated place in the house that your child knows about. Also, check that this place is accessible, and if it has doors, they can easily open and close them with minimal effort and supervision.

Under a pillow on the master's bed works, too (just don't forget to remove it before bedtime).

**4\. Ask for permission.**

Your five-year-old may have access to either the Google Play or Apple App stores via the device you're letting them use. Whether you have parental controls set up for these stores or not, wouldn't it be great to hear them ask: "Is this okay to download, mum?" This gives you, the parent or guardian, the opportunity to review the app to see if it's any good for them (Remember, dubious apps can still end up in these stores.).

The same principle should apply when they're watching videos on YouTube.

Every now and again, we see or read about cute or cartoony clips that are not actually for kids' consumption. And believe it or not, some of them were purposefully made to appear inviting to young children. To be safe, a critical eye is needed because, sometimes, even YouTube's AI can get it wrong.

**5\. Share only with relatives and close family friends.**

Kiddo loves having her picture taken. Sometimes, she would ask me to take a snap and send it to her Nana, who is part of an Instagram group.

Thankfully, only family members—and those close to us who're treated as family—are members of that group. We would've been reluctant to share otherwise.

Kiddo doesn't have a single social media account, but we're already instilling in her the value of information related to her and, consequently, _us_. She knows our home address, for example, and she also knows she should only share it with a policeman or policewoman if she's lost.

**Final thoughts**

The computing devices and apps your little one uses are already impacting them in more ways than one. It's essential to steer them in the right direction by getting ourselves involved in their digital lives as early as possible. There is plenty of room for growth.

So, parents and guardians, be patient. Put these points on repeat and expand on them. And, if you're lucky, be thankful that before your child starts school, they already have some of the cybersecurity and privacy basics down.

Good luck!

**We don't just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Cybersecurity and privacy tips you can teach your 5+-year-old

The average organization does business with 11 third parties, and 98% of organizations do business with a third party who has suffered a breach, an analysis finds.

Nearly every company does business with — or uses the products of — a third party that has suffered a compromise, thus increasing their security risks.

That's according to data science firm Cyentia Institute, which has issued an analysis that includes external measurements of security from more than 230,000 organizations provided by cybersecurity risk-management firm SecurityScorecard. It found that the average firm had around 10 third-party relationships, and hundreds of indirect fourth-party relationships, with the typical firm having 60 to 90 times more fourth parties than third parties. Nearly all firms (98%) had at least one third-party partner who had suffered a breach, the report stated.

The IT sector has the most third parties, with an average of 25, while the finance sector had the fewest, at 6.5. Those numbers quickly balloon when fourth-party relationships are included, as did their risk. The average firm has an indirect relationship with 200 fourth parties that have had a breach, the analysis found.

The research underscores the sprawling nature of third- and fourth-party relationships for corporations, and the dramatic increase in risk that they can cause, says Wade Baker, founder and partner at the Cyentia Institute.

"Risk goes downhill," he says. "The first parties are more likely to have good security \[risk\] scores than their third parties, and with fourth parties, the numbers really explode. You need to expect \[these firms and products\] to not be up to your standards for security."

That's because while many organizations have become more mature regarding their own cyber risks, few are cognizant of the extended risks, Cyentia and SecurityScorecard stated in the analysis.

"Many organizations are still unaware of the dependencies and exposures inherent to third-party relationships, and simply focus on managing their own security posture," the report stated. "Others are aware of those issues, but don't make vendor decisions based on security and/or require vendors to meet certain standards. Even firms that do establish third-party security requirements can struggle to continually monitor compliance and progress."

    

Almost all companies did business with a third party who had been compromised in the past 2 years. Source: Cyentia Institute and SecurityScorecard

Third-party and supply-chain risk have become significant issues in recent years. And CISOs have become increasing wary of their third-party providers, ever since the compromise of an HVAC supplier led to the breach of retail giant Target.

While the analysis looks at third-party risk, the definition of what a third party is extends not just to vendors and partners, but software providers and open source projects. Now-infamous attacks on software suppliers such as SolarWinds, and vulnerabilities in widely used software components such as Log4J, have raised the visibility of the risk that this arena poses.

The top 5 technologies included in third-party relationships within the data are Google Analytics, Google Tag Manager, Amazon Web Hosting, PHP, and Facebook products — all of which were involved in two-thirds (68%) of third-party relationships, the report stated.

"A lot of these third and fourth party relationships \[involve us\] both agreeing to adhere to certain policies just by virtue of using a product, and now I'm opening up myself to a certain degree of risk," Baker says.

**Risk Rises With Each Hop**

The analysis also found that third parties typically have a weaker security posture than the companies they served. Overall, there is a much higher likelihood that third parties will have security problems, meaning that companies can't assume that all of their third parties are as diligent about security.

"I view it in the same way as all of us knowing we have too many privileges — in general, people have access to more data than they need to do their job," Baker says. "It would be good to reduce the number of third parties, especially if they're not needed, and also be a little bit more choosy."

The data, however, does not suggest a clear path forward, beside becoming more aware of the problem. Baker does not necessarily recommend, for example, that organizations cut the bottom 25% of their third parties from their business. However, evaluating them more closely or more frequently might be more realistic, he says.

"If we really want to protect our supply chains, we've got to we've got to make the weakest link stronger," Baker says. "And I think the analysis is showing that there's a lot of weak links across third parties and fourth parties, and that is where the challenge lies."

Nearly All Firms Have Ties With Breached Third Parties

By Deeba Ahmed
Google Fi customers are impacted by the recent T-Mobile breach, as Fi relies on T-Mobile and US Cellular for connectivity.
This is a post from HackRead.com Read the original post: Google Fi User Data Breached Through T-Mobile Hack

According to Google Fi’s email sent to its customers on Monday, a limited amount of their customer data was exposed in T-Mobile’s breach after suspicious activity was noted in a system that contained Google Fi’s customer data.

Google Fi, Google’s official mobile virtual network operator (MVNO), has confirmed that data belonging to its customers was exposed in a recently discovered T-Mobile security breach. The incident was **reported by Hackread.com** on January 20th, 2023.

**What does Google Fi have to do with T-Mobile?**

For your information, **Google Fi** relies on T-Mobile and US Cellular for connectivity. It operates on the networks of US Cellular and T-Mobile, allowing customers to enjoy comprehensive coverage across the country.

Unlike traditional plans from Verizon or AT&T, Google Fi uses technology to switch between different cellular providers while your phone is in use. This means that if you’re using your phone and one carrier’s service becomes weaker than another’s in the area, your phone will automatically switch to a stronger signal – without any interruption in service.

**T-Mobile Data Breach Details**

On January 19th, **T-Mobile** published a regulatory filing revealing that an unauthorized threat actor had managed to access the data of 37 million of its current customers. The breach occurred in November 2022 and was discovered on January 5th, 2023.

T-Mobile Inc. informed law enforcement officials and cybersecurity consultants regarding the data hack, which included customers’ names, dates of birth, billing addresses, email addresses, and more than 37 million postpaid and prepaid customers.

**Google Fi Warns About Data Exposure**

According to Google Fi’s email sent to its customers on Monday, a limited amount of their customer data was exposed in T-Mobile’s breach after suspicious activity was noted in a system that contained Google Fi’s customer data.

Google has confirmed that no text message call contents or PINs were taken. Moreover, the exposed system did not store private customer data such as names, payment card details, email IDs, passwords, government IDs, etc.

However, the hackers could access account statuses, phone numbers, service plan details such as international roaming, and SMS card serial numbers. It is worth noting that, despite utilizing the T-Mobile network for its connections, Google did not name it as its primary service provider in the email.

**Email sent to Google Fi customers:**

_Dear Google Fi customer,_

_We’re writing to let you know that the primary network provider for Google Fi recently informed us there has been suspicious activity relating to a third-party system that contains a limited amount of Google Fi customer data._

_There is no action required by you at this time._

_This system is used for Google Fi customer support purposes and contains limited data including when your account was activated, data about your mobile service plan, SIM card serial number, and active or inactive account status._

_It does not contain your name, date of birth, email address, payment card information, social security number or tax IDs, driver’s license or other forms of government ID, or financial account information, passwords or PINs that you may use for Google Fi, or the contents of any SMS messages or calls._

_Our incident response team undertook an investigation and determined that unauthorized access occurred and have worked with our primary network provider to identify and implement measures to secure the data on that third-party system and notify everyone potentially impacted. There was no access to Google’s systems or any systems overseen by Google._

_If you are an active Fi user, please note that your Google Fi service continues to work as usual and was not interrupted by this issue._

**_What does this mean for me?_**

_The accessed information included your phone number and limited technical information. This includes information about when your account was activated, SIM card serial number, account status (for example, whether your plan is active or inactive), and limited details about the mobile service plan and options provided by your Google Fi service (such as unlimited SMS or international roaming)._

Google has assured its customers that they don’t need to take any further action, and there was no unauthorized invasion of Google’s own systems or any system that it directly oversees.

**_More Data Breach News_**

1.  **Google Employees Data Stolen After Data Breach**
2.  **Hackers Breach TPG Telecoms’ Email Host to Steal Client Data**
3.  **Australia’s 2nd-largest telecom firm suffers massive data breach**
4.  **Hacker extracts user data from Canadian Telecom Firm after rebuttal**
5.  **Telecom giant behind routing SMS discloses 5-year-long data breach**

Google Fi User Data Breached Through T-Mobile Hack

Gem Security provides the world's first holistic approach for Cloud TDIR, bridging the gap between cloud complexity and security operations.

**TEL AVIV, Israel****,** **Feb. 1, 2023** **/PRNewswire/ —** Gem Security today emerged from stealth, launching its Cloud TDIR (Threat Detection, Investigation and Response) platform and announcing $11 million in Seed funding led by Team8.

The adoption of cloud infrastructure is increasing and diversifying the attack surface for organizations. 90% of all organizations use more than one cloud provider\[1\]. As Gartner notes\[2\], the expansion in attack surface is rarely paralleled with coverage by detection and response initiatives, leaving organizations unaware of a variety of threat vectors. 79% of companies have experienced at least one cloud data breach in the last 18 months, with 43% of companies reporting ten or more\[3\].

While there is no lack of solutions for detection and response, legacy approaches fall short of providing a solution for the cloud era. The proliferation of cloud services across infrastructure, platforms, and software has fragmented the security landscape. Collecting and correlating the explosion of associated telemetry is both challenging and inadequate.

Gem Security goes beyond this, helping organizations act on Gartner's recommendation to implement a continuous, risk-based program to manage their threat exposure. Gem Security offers a platform that leverages existing infrastructure and solutions while offering unique automated detection, investigation and response capabilities purposely-built for cloud environments.

Gem Security supports all major infrastructure platforms - AWS, Azure, Google Cloud and Kubernetes. Furthermore, Gem's platform integrates with leading platforms like identity providers, source code repositories and secrets managers, leveraging the additional data for context analysis. Gem Security is already working with companies ranging from mid-market to Fortune 500.

"Most cloud security solutions focus on building a wall that is as tall as possible to make sure the bad guys stay out. That sounds good in theory. In practice, however, no wall is ever going to be tall enough. We offer a more realistic approach, starting from the fact that cloud environments are and will remain imperfect. If it's perfect, it's only for five minutes, and then it's going to be imperfect again.

Minimizing the potential for intrusion is only half the story. When someone jumps over the wall, we don't just raise an alarm. Gem's platform will empower your team to find and stop the intruder, automating your incident response and ensuring there is no escalation. Where others end, we begin", said Gem Security Co-Founder & CEO Arie Zilberstein.

Zilberstein co-founded Gem Security with CTO Ron Konigsberg and VP Product Ofir Brukner. Gem's founders are all security industry veterans, having spent years in the trenches responding to large-scale breaches in the cloud. They previously held key roles in elite Israeli Intelligence Corps Unit 8200 as well as Sygnia, an Incident Response and cybersecurity company working with global top tier organizations.

Gem Security's holistic approach for Cloud TDIR bridges the gap between security operations and cloud complexity. Lessons learned from years of experience working in some of the most demanding cloud environments in the world have been leveraged in building Gem's comprehensive platform, enabling organizations to:

*   **Prepare**. Optimizing coverage via a continuous Cloud Incident Readiness dashboard
*   **Detect**. Combining real-time cloud-native threat detection based on TTPs (Tactics, Techniques & Procedures) and behavioral analytics
*   **Investigate**. Enriching context across the entirety of cloud infrastructure for instant root cause analysis
*   **Respond**. Isolating risks swiftly using cloud-native entity quarantine capabilities

"Gem is redefining the cloud security operations game", said ADM Michael S. Rogers, Former Director of the NSA. "Security organizations today struggle to find cloud experts, and the complexity of cloud environments is leaving teams blind to emerging attacks. Gem empowers security operations with a simple, automated, and efficient approach that allows organizations to respond faster and minimize the impact of attacks in the cloud".

"Cloud migration brings new opportunities to enterprises, but also entails quite a few challenges and risk, including the need to adapt existing solutions to the new cloud infrastructure" said Nadav Zafrir, Managing Partner at Team8 Group and former head of Israel's elite technology Unit 8200. "We are thrilled to team up with Gem's talented founders, who have gained years of experience in incident response at Sygnia, our portfolio company, and to support their mission to build the next generation of cloud security. Gem's unique platform offers a first-of-its-kind solution to deal with the inevitable attacks on cloud environments, and is based on an intuitive, automatic, and efficient approach that allows organizations to identify cloud security events in real-time; investigate them based on behavior analysis and threat intelligence; respond quickly, and enable isolation of the threat. All this - to minimize the impact of cloud attacks."

**About Gem Security**

Gem Security is a rapidly growing Cloud TDIR platform provider that bridges the gap between security operations and cloud complexity. Headquartered in New York and Israel, Gem Security is funded by global investors, led by Team8. For more information, visit gem.security.

**About Team8**

Team8 is a venture group that builds and backs the most innovative technology companies in the fields of fintech, cyber, data, and digital health. We leverage deep domain expertise, cutting-edge technology, and first-hand company-building experience to partner with entrepreneurs in founding globally-successful companies, while also investing in early-stage companies that are active in the group's fields of interest. For more information, visit www.team8.vc.

Gem Security Emerges From Stealth With $11M, Unveils Cloud TDIR Platform for Faster Response to Cloud Threats

Companies need to keep security priorities top of mind during economic downturns so all-important revenue generation doesn't come with a heaping side order of security problems.

In today's digital world, there's no question that security must be a constant priority for companies — whether it's protecting internal corporate information or their products and solutions.

However, when recessionary forces are lurking, security for products and solutions that are offered or sold to end users, such as Web or mobile applications, needs to become an even greater focus. While it might seem counterintuitive in a climate of cost-cutting to spend on security — essentially looked at as a checklist item — the alternative is a world of pain and more costs.

According to Accenture, cyberattacks grew by 31% between 2020 and 2021. This was right as the US was grappling with the COVID-19 pandemic and the negative impact it had on the nation's economy. Now, signs may be pointing to another downturn in the economy this year, something reflected by recent layoffs in the industry.

As a result of these economic factors, the reduction in staff and budgets can create the perfect window for cybercriminals to take advantage while companies focus on continuing to operate and sustain themselves.

**A Window of Opportunity for Cybercriminals**

During down economic periods, companies place a greater focus on generating top-line revenue and allot more staff and resources to accomplish it. This means that, in 2023, companies will prioritize the enhancement of applications by creating new features and functionalities that can drive sales.

Unfortunately, with the majority of staff and resources allocated to application enhancement, security can often fall by the wayside. Particularly, keeping everything updated with the latest security practices.

This deprioritization creates a window of opportunity for cybercriminals to take advantage of flaws or bugs in applications. For example, the Synopsys Cybersecurity Research Center (CyRC) recently highlighted a number of vulnerabilities in a few applications available through various app stores. The CyRC stated that it "uncovered weak or missing authentication mechanisms, missing authorization, and insecure communication vulnerabilities" in the apps Lazy Mouse, Telepad, and PC Keyboard. These vulnerabilities could lead to the gathering of sensitive information, such as login credentials, through the exploitation of keystrokes.

Although we don't know the full impact of these vulnerabilities, these are great examples of the types of flaws or bugs that could fall off the list of priorities for many companies.

**Application Security Is Nonnegotiable**

With any scenario in which an application can be compromised by cybercriminals, there's enormous potential for reputational damage and revenue generation. That's why it's nonnegotiable.

Regardless of whether we're in a recessionary period or not, companies must continue prioritizing all application security activities on the same level as revenue. These activities include:

*   **Vulnerability and penetration testing:** Some of the first security activities that are often deprioritized in times of economic downturn are vulnerability and penetration testing. While a company may conduct this testing every few months during a normal economic period, it may decrease that rate to focus IT and engineering staff efforts on building new features and functionalities. This means there's opportunity for cybercriminals to attack an application that's not kept up to date to determine where its security vulnerabilities lie. It's critical for companies to maintain or increase their testing windows during down economic periods as cyber activities tend to trend up.

*   **Risk assessments:** When developing or enhancing applications, there are often company-created custom features and functionalities as well as those they integrated through a third party. Features and functionalities like this can include payments (Apple Pay, Google Pay, Stripe, PayPal, etc.), access (Facebook or Google login, etc.), biometrics, and more. As with vulnerability and penetration testing, companies must conduct regular risk assessments that include any third-party additions with which they work or integrate. The vulnerabilities inherent to these third parties have the potential to become issues for their business, too.

*   **Privacy protection:** Applications, especially those that are geared toward consumers as the end users, are particularly vulnerable to cyberattacks. Companies must continue to implement the processes and protocols that ensure the safety and encryption of user information.

*   **Bug bounty programs:** Historically, many technology companies or companies that offer applications and software host bug bounty programs that help to identify bugs or flaws. It's important for companies to continue investing in these types of programs that offer compensation to developers for their detections because, as mentioned earlier, flaws and bugs open a window for cybercriminals to exploit applications.

**Keep Priorities in Sight**

As companies look ahead and the economy continues to change, it's important they don't lose sight of their priorities. Yes, it's important to continue to find new revenue streams through applications to keep companies profitable. However, that doesn't have to come at the expense of application security.

Tag

#google