Method of infection: Water-holing
OSIRIS used a Social Engineering method called “water holing” to attack German IP addresses.
How does water holing attack work?
- The victim enters the infected website.
- The website checks if the target IP is German.
- If it’s a German IP – few evasion techniques are used to bypass EDR
- And then the virus connects to its command server through the Darknet
Save Your Company from Social Engineering Attacks Like that
Register and Get your Personalized Free Exposure Report NOW,
And see where your Company is Exposed to Hackers
Recently Posted on AUMINT.io Blog
🛡️ CISOs: 12 Must-Have Free Tools for Vulnerability Management 🛡️
Vulnerability management isn’t just scanning and patching – it’s about having the right tools to prioritize, respond, and reduce real-world risk.
But with so many tools out there, where do you begin – especially with zero budget?
Here’s a handpicked list of 12 free tools every CISO should know for end-to-end vulnerability management:
1️⃣ OpenVAS – A powerful open-source scanner for identifying security issues.
https://www.greenbone.net/en/vulnerability-management/
2️⃣ Nessus Essentials – A trusted vulnerability assessment tool for small environments.
https://www.tenable.com/products/nessus/nessus-essentials
3️⃣ Nmap – Not just for port scanning – it’s great for discovering exposed services.
https://nmap.org/
4️⃣ Nikto2 – Web server scanning for dangerous files, configurations, and outdated software.
https://github.com/sullo/nikto
5️⃣ OSQuery – Query your infrastructure like a database for quick risk visibility.
https://osquery.io/
6️⃣ Lynis – A Unix security auditing tool for vulnerability and compliance checks.
https://cisofy.com/lynis/
7️⃣ Vulners – Vulnerability search engine that integrates with many scanners.
https://vulners.com/
8️⃣ Wapiti – Web app vulnerability scanner with crawler-style testing.
https://sourceforge.net/projects/wapiti/
9️⃣ Trivy – Container vulnerability scanner for Docker and Kubernetes setups.
https://aquasecurity.github.io/trivy/
🔟 Metasploit Framework – Pen-test toolkit to validate and exploit discovered vulnerabilities.
https://www.metasploit.com/
1️⃣1️⃣ Patch My PC – Keeps Windows endpoints updated automatically.
https://patchmypc.com/home-updater
1️⃣2️⃣ CVE Search – A simple tool to find, correlate, and filter known CVEs.
https://github.com/cve-search/cve-search
These tools let you spot what matters, validate risks, and act – fast.
Want to supercharge your vulnerability playbook with recurring employee-targeted attack simulations? 🧠 See how AUMINT.io helps CISOs uncover blind spots in real time: Schedule here
🔐 Save this post to upgrade your VM toolkit without spending a dime!
#CISO #VulnerabilityManagement #CyberSecurity #InfoSec #RiskReduction #AUMINT