4-Step Approach to Mapping and Securing Your Organization's Most Critical Assets

You’re probably familiar with the term “critical assets”. These are the technology assets within your company's IT infrastructure that are essential to the functioning of your organization. If anything happens to these assets, such as application servers, databases, or privileged identities, the ramifications to your security posture can be severe.  But is every technology asset considered

A Leak of Biometric Police Data Is a Sign of Things to Come

Thousands of fingerprints and facial images linked to police in India have been exposed online. Researchers say it’s a warning of what will happen as the collection of biometric data increases.

New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs

A new report from XM Cyber has found – among other insights - a dramatic gap between where most organizations focus their security efforts, and where the most serious threats actually reside. The new report, Navigating the Paths of Risk: The State of Exposure Management in 2024, is based on hundreds of thousands of attack path assessments conducted by the XM Cyber

Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many

Webinar: Learn How to Stop Hackers from Exploiting Hidden Identity Weaknesses

We all know passwords and firewalls are important, but what about the invisible threats lurking beneath the surface of your systems? Identity Threat Exposures (ITEs) are like secret tunnels for hackers – they make your security way more vulnerable than you think. Think of it like this: misconfigurations, forgotten accounts, and old settings are like cracks in your digital fortress walls. Hackers

CTEM 101 - Go Beyond Vulnerability Management with Continuous Threat Exposure Management

In a world of ever-expanding jargon, adding another FLA (Four-Letter Acronym) to your glossary might seem like the last thing you’d want to do. But if you are looking for ways to continuously reduce risk across your environment while making significant and consistent improvements to security posture, in our opinion, you probably want to consider establishing a Continuous Threat Exposure

What is Exposure Management and How Does it Differ from ASM?

Startups and scales-ups are often cloud-first organizations and rarely have sprawling legacy on-prem environments. Likewise, knowing the agility and flexibility that cloud environments provide, the mid-market is predominantly running in a hybrid state, partly in the cloud but with some on-prem assets. While there has been a bit of a backswing against the pricing and lock-in presented when using

A Spy Agency Leaked People's Data Online—Then the Data Was Stolen

The National Telecommunication Monitoring Center in Bangladesh exposed a database to the open web. The types of data leaked online are extensive.

The Twisted Eye in the Sky Over Buenos Aires

A scandal unfolding in Argentina shows the dangers of implementing facial recognition—even with laws and limits in place.

Unmasking Trickbot, One of the World’s Top Cybercrime Gangs

A WIRED investigation into a cache of documents posted by an unknown figure lays bare the Trickbot ransomware gang’s secrets, including the identity of a central member.

Close Security Gaps with Continuous Threat Exposure Management

CISOs, security leaders, and SOC teams often struggle with limited visibility into all connections made to their company-owned assets and networks. They are hindered by a lack of open-source intelligence and powerful technology required for proactive, continuous, and effective discovery and protection of their systems, data, and assets. As advanced threat actors constantly search for easily

Serious Security: Verification is vital – examining an OAUTH login bug

What good is a popup asking for your approval if an attacker can bypass it simply by suppressing it?

3 Challenges in Building a Continuous Threat Exposure Management (CTEM) Program and How to Beat Them

If you're a cybersecurity professional, you're likely familiar with the sea of acronyms our industry is obsessed with. From CNAPP, to CWPP, to CIEM and all of the myriad others, there seems to be a new initialism born each day. In this article, we'll look at another trending acronym – CTEM, which stands for Continuous Threat Exposure Management – and the often-surprising challenges that come

American College of Pediatricians Leak Exposes 10,000 Confidential Files

A Google Drive left public on the American College of Pediatricians’ website exposed detailed financial records, sensitive member details, and more.

Leaktopus - Keep Your Source Code Under Control

• Plug&Play - one line installation with Docker.

• Scan various sources containing a set of keywords, e.g. ORGANIZATION-NAME.com.

  Currently supports:

  • GitHub
    • Repositories
    • Gists (coming soon)
  • Paste sites (e.g., PasteBin) (coming soon)

• Filter results with a built-in heuristic engine.

• Enhance results with IOLs (Indicators Of Leak):

  • Secrets in the found sources (including Git repos commits history):
    • With Shhgit (using a customized rules list).
    • With TruffleHog.
  • URIs (Including indication of your organization's domains)
  • Emails (Including indication of your organization's email addresses)
  • Contributors
  • Sensitive keywords (e.g., canary token, internal domains)

• Allows to ignore public sources, (e.g., "junk" repositories by web crawlers).

• OOTB ignore list of common "junk" sources.

• Acknowledge a leak, and only get notified if the source has been modified since the previous scan.

• Built-in ELK to search for data in leaks (including full index of Git repositories with IOLs).

• Notify on new leaks

• MS Teams Webhook.
• Slack Bot.
• Cortex XSOAR® (by Palo Alto Networks) Integration (WIP).

Technology Stack

• Fully Dockerized.
• API-first Python Flask backend.
• Decoupled Vue.js (3.x) frontend.
• SQLite DB.
• Async tasks with Celery + Redis queues.

Prerequisites

• Docker-Compose

Installation

• Clone the repository
• Create a local .env file

  cd Leaktopus
  cp .env.example .env

• Edit .env according to your local setup (see the internal comments).
• Run Leaktopus

  docker-compose up -d

• Initiate the installation sequence by accessing the installation API. Just open http://{LEAKTOPUS_HOST}:8000/api/install in your browser.
• Check that the API is up and running at http://{LEAKTOPUS_HOST}:8000/up
• The UI should be available at http://{LEAKTOPUS_HOST}:8080

Using Github App

In addition to the basic personal access token option, Leaktopus supports Github App authentication. Using Github App is recommended due to the increased rate limits.

1. To use Github App authentication, you need to create a Github App and install it on your organization/account. See Github's documentation for more details.

2. After creating the app, you need to set the following environment variables:

   • GITHUB_USE_APP=True
   • GITHUB_APP_ID
   • GITHUB_INSTALLATION_ID - The installation id can be found in your app installation.
   • GITHUB_APP_PRIVATE_KEY_PATH (defaults to /app/private-key.pem)

3. Mount the private key file to the container (see docker-compose.yml for an example). ./leaktopus_backend/private-key.pem:/app/private-key.pem

* Note that GITHUB_ACCESS_TOKEN will be ignored if GITHUB_USE_APP is set to True.

Updating Leaktopus

If you wish to update your Leaktopus version (pulling a newer version), just follow the next steps.

• Pull the latest version.

  git pull

• Rebuild Docker images (data won't be deleted).

  # Force image recreation
  docker-compose up --force-recreate --build

• Run the DB update by calling its API (should be required after some updates). http://{LEAKTOPUS_HOST}/api/updatedb

Results Filtering Heuristic Engine

The built-in heuristic engine is filtering the search results to reduce false positives by:

• Content:
  • More than X emails containing non-organizational domains.
  • More than X URIs containing non-organizational domains.
• Metadata:
  • More than X stars.
  • More than X forks.
• Sources ignore list.

API Documentation

OpenAPI documentation is available in http://{LEAKTOPUS_HOST}:8000/apidocs.

Leaktopus Services

Service	Port	Mandatory/Optional
Backend (API)	8000	Mandatory
Backend (Worker)	N/A	Mandatory
Redis	6379	Mandatory
Frontend	8080	Optional
Elasticsearch	9200	Optional
Logstash	5000	Optional
Kibana	5601	Optional

The above can be customized by using a custom docker-compose.yml file.

Security Notes

As for now, Leaktopus does not provide any authentication mechanism. Make sure that you are not exposing it to the world, and doing your best to restrict access to your Leaktopus instance(s).

Contributing

Contributions are very welcomed.

Please follow our contribution guidelines and documentation.

Celsius Exchange Data Dump Is a Gift to Crypto Sleuths—and Thieves

By releasing half a million users’ transactions in a bankruptcy court filing, the company has opened a vast breach in its users’ financial privacy.