As an industry leader in cybersecurity, Osec excels in providing a wide range of services extending to penetration testing, continuous penetration testing, threat hunting, red team operations, purple team engagements, and vulnerability research. With a commitment to cutting-edge methodologies, we enable organizations to fortify their security posture and proactively detect and address vulnerabilities before they can be exploited.
At Osec, we understand that today's threat landscape is constantly evolving, requiring a proactive and dynamic approach to cybersecurity. Our team of skilled professionals is adept at conducting rigorous penetration tests to identify weaknesses in your systems and networks, allowing you to fortify your defenses against potential attacks. Our continuous penetration testing services ensure that your security remains robust and up to date, providing ongoing monitoring and assessments to detect and address any emerging vulnerabilities in real time. In addition, our threat hunting capabilities enable us to actively search for potential threats within your infrastructure, while our red and purple team exercises simulate real-world attacks to evaluate your overall security readiness. Complemented by our cutting-edge vulnerability research, we deliver comprehensive insights and actionable recommendations to empower your organization in staying one step ahead of cyber threats. Choose Osec and stay confident in your cybersecurity defenses.
External link for OSec
122 E 42nd St
New York, NY 10168, US
49
Greek Street
London, W1D 4EG, GB
1200 Ala Moana Blvd
Suite 380
Honolulu, Hawaii 96814, US
OSec reposted this
Aloha! Last week some of our Honolulu crew got together for some poke, loco moco, and some spam musubi... Us frozen East Coasters aren’t sure what all that is, but we’re pretty sure they didn’t have to defrost their fingers to eat it. Hui maikaʻi! 🏄♂️ #Osec #OsecTeam #Hawaii #Honolulu #Teambuilding
Aloha! Last week some of our Honolulu crew got together for some poke, loco moco, and some spam musubi... Us frozen East Coasters aren’t sure what all that is, but we’re pretty sure they didn’t have to defrost their fingers to eat it. Hui maikaʻi! 🏄♂️ #Osec #OsecTeam #Hawaii #Honolulu #Teambuilding
🟡 Developers Beware: Stealer Malware is Targeting Your Code 👩💻 Threat actors from China and North Korea are zeroing in on developers—using compromised coding repositories to spread stealer malware. Their goal? Espionage. 🕵️♀️ By embedding malicious code into public Xcode repositories and projects, they can infiltrate countless products and services, significantly expanding their data collection capabilities. ✍️ How to Protect Yourself: ✅ Scrutinize every package before integrating it into your projects. ✅ Check repository age, popularity, and credibility—don’t trust blindly. ✅ Be wary of “helpful” contributions that seem too good to be true. The security of your project is only as strong as the code you trust. Are you vetting your dependencies carefully enough? Let’s discuss. ⬇️ #CyberSecurity #Developers #Infosec #ThreatIntel #OSec #Xcodemalware
Fixing fast is great, but building resilience is the real goal. Excited to be partnering with Barrier Networks to help organizations be ready, not just reactive. Sign up today!
Hackers aren’t waiting for you to patch your vulnerabilities—they’re exploiting them now. The longer they stay open, the bigger the risk. How fast are you fixing yours? 🎲 ONE space has opened up at our Cyber Resilience Roundtable on February 27th with OSec at the Scottish Malt Whisky Society. Don't miss out on this final opportunity to join the event! 👉 Register your place today: https://lnkd.in/ejubp8Cc
🟨 Our COO, Erin Murtha, recently sat down with Dr. Ed Harris, DIT-IAC, CISSP, the CISO at Mauser Packaging, for an insightful discussion on what the future holds for cybersecurity. 🎙️ They covered topics like: - The latest U.S. regulations affecting our industry - The biggest threats on the horizon - AI's impact on security—both opportunities and challenges - Career advice for those looking to advance in cybersecurity Whether you're a seasoned professional or new to the field, there's valuable information here for everyone. Watch the full interview here ➡️ https://lnkd.in/gBDFMS7w What do you see as the biggest cybersecurity challenge in the coming years? Share your thoughts below! 👇 #Cybersecurity #AI #USRegulations #FutureOfWork #CyberThreats #Leadership #CyberCareers #CISOInsights
🟡 Russia’s Sandworm APT is exploiting critical vulnerabilities in widely used platforms to breach high-value organizations worldwide. Their subgroup, BadPilot, is focusing on key sectors like finance, manufacturing, telecom, defense, and government. Key Vulnerabilities: • Zimbra (CVE-2022-41352) • Microsoft Exchange (CVE-2021-34473) • Microsoft Outlook (CVE-2023-23397) • Fortinet EMS (CVE-2023-48788) • ScreenConnect by ConnectWise (CVE-2024-1709) What’s at Risk: Sandworm gains access, steals credentials, moves laterally, and exfiltrates data. What You Should Do: ✅ Patch systems immediately ✅ Block outbound TCP 445/SMB ✅ Monitor internet-facing assets #Cybersecurity #OsecIntel #ThreatIntelligence #APT #Russia #PatchNow #InfoSec #Security
OSec reposted this
🚀 It's fantastic to see a successful partnership in action! 🚀 💡 Two fintechs - Fundipedia and Staple AI - have made the switch from their previous provider to sign up with OSec, gaining the benefit of moving from one-off penetration testing to 🔄 continuous monitoring. This shift highlights the value we can deliver together at a competitive price, supporting fintechs in securing their systems. 🔍 What are you waiting for? Penetration testing is essential to put your mind at ease and reassure your potential clients and investors that you're always one step ahead in cybersecurity! 🛡️✨ ⚡ Don't wait—secure your future today! 🔐 https://lnkd.in/eeU982mf #Fintech #CyberSecurity #PenetrationTesting #RiskManagement #Compliance #ContinuousMonitoring #DataSecurity #accelerateyourmatch Finbridge Global
The harsh reality of not using TLPT. Hackers are always finding new ways in—and WHEN they make it in, it can result in... 🔴 Downtime that costs you thousands—every minute. 🔴 Fines for non-compliance that can cripple your bottom line. 🔴 A single breach can destroy the trust you spent years building. Enter Threat-Led Penetration Testing (TLPT): ✅ Expose security gaps before hackers exploit them ✅ Safeguard revenue, compliance, and reputation ✅ Turn cybersecurity into your competitive edge Fact: Companies that test regularly cut security incidents by 78%. Because fixing a breach costs 5-10x more than preventing one. 👉 Swipe the carousel to see how TLPT keeps you protected. Book a Free Consultation Call with our Leadership Team ➡️ calendly.com/osec-us/30min #CyberSecurityStrategy #PenetrationTesting #BusinessResilience #DataProtection #ThreatPrevention #FutureProofSecurity #TrustMatters #BusinessContinuity #TLPT #OsecIntel
⚠️ Chinese 'Infrastructure Laundering' Abuses AWS & Microsoft Cloud 🔎 Researchers have uncovered a sophisticated cyber threat: the Funnull CDN, a China-based network, is leveraging "infrastructure laundering" to exploit AWS and Microsoft Azure IPs for fraudulent operations. 💥 The Tactic: By blending malicious traffic with legitimate cloud services, attackers make it harder for defenders to detect and mitigate threats. Over 200,000 hostnames tied to Funnull are linked to scams, including investment fraud and fake trading platforms. 💡 Why It Matters: Even as AWS and Microsoft shut down fraudulent IPs, threat actors quickly adapt, acquiring new ones. This is a stark reminder that monitoring IPs alone isn't enough. The Funnull CDN has also been linked to supply chain attacks, most notably through its acquisition of the polyfill.io domain—previously used by countless websites—to serve malware. ✅ Key Takeaways for Organizations: - Vet third-party libraries, development packages, and CDN networks—especially for web applications. - Be aware of the increasing trend of supply chain attacks across JavaScript, Golang, and Python ecosystems. - Strengthen monitoring beyond just IP-based defenses. Learn how to leverage Automation + Human Expertise to strengthen your security posture ➡️ visit OSec.com #OSec #CyberSecurity #ThreatIntelligence #CloudSecurity #SupplyChainAttacks
🟡 It’s 2025 and Hackers are using AI against you. Are you using it to fight back? Our latest guide breaks down three critical areas you must focus on. Don’t wait until it’s too late—stay ahead, stay aware, and save money. Need help with your defenses? Explore our incenter platform. Visit osec.com/incenter #CyberSecurity #AI #RiskManagement #OSec