On October 9, 2024, the security researchers at Astra Security found an HTML injection vulnerability in the messages section of the Admidio User Management solution. The vulnerability, assigned CVE-2024-47836, allows attackers to inject arbitrary HTML content into the application, which could manipulate webpage behavior, mislead users, and act as a precursor to further attacks.

On 29 July 2024, the researchers at Astra identified a critical vulnerability in UnifiedTransform, a popular school management software. CVE-2024-53573 is an improper access control vulnerability in an admin endpoint, leading to an account takeover.

For most people, the holidays may be a time for winding down and taking a break. For cyber criminals, it’s just the opposite. With many of your staff out of the office or signing in remotely, and a large percentage of business being done at the end of the year, organizations are a prime target for cyber threats on and around the holidays. To protect your organization, you’ll want to enact a firm security framework.

While many businesses wind down during the holiday season, cyber criminals ramp up their efforts instead. E-commerce sites are obvious targets, but threat actors target cloud services providers, financial institutions, and social media networks just as often — if not more — during the holidays. Whatever your organization does, you’ll want to follow a few holiday cybersecurity tips to safeguard your sensitive data and protect your staff as the year comes to a close.

The holiday season is a time when hardworking employees relax — and hardworking threat actors look for their next victims. As workers buy more products online, take seasonal trips, and give in to holiday distractions, large organizations become tempting targets for cyber attacks. Phishing, ransomware, and similar threats may be even more effective than usual in the last few months of the year. That means the impact of cyber attack strategies can also be more significant.

Mock data is an essential tool in software development and testing, offering realistic and secure alternatives to sensitive production data. Beyond traditional testing, mock data is now a cornerstone for AI development, where large datasets are critical for training and validation. By mimicking the properties of real-world data while ensuring privacy and compliance, mock data enables organizations to innovate without compromising security or trust.

Cybersecurity industry analysts were not the only group touting Trustwave. In 2024, a variety of media and workplace reviewing sources hailed Trustwave not only for our security solutions but as a great place to work. Because Trustwave is proud of how our employees perceive us let's take a look at the awards issued by Comparably, a leading workplace culture and compensation monitoring employee review platform. Trustwave was awarded three Comparably awards in 2024.

Security can be a difficult, expensive world to navigate. So we decided to create a comprehensive guide of open-source security tools to cut through the bullsh*t and show what the most critical tools to implement are, what assets you need to protect, and how you can build a long-term security plan using only free and open-source tools.

While Kubernetes’ Role-based access control (RBAC) authorization model is an essential part of securing Kubernetes, managing it has proven to be a significant challenge — especially when dealing with numerous users and pods. Fortunately, KubiScan is here to help address this issue.

Employees often need to access various online services for work and personal purposes. Whether signing up for industry newsletters, registering for webinars, or using online tools, a corporate email address is a convenient way to manage professional communication. However, this seemingly harmless habit can expose employees and their organizations to significant risks.

Trend Micro warns that the Russian state-sponsored threat actor Earth Koshchei (also known as “APT29” or “Cozy Bear”) is using spear phishing emails to trick victims into connecting to rogue Remote Desktop Protocol (RDP) relays. “Earth Koshchei’s rogue RDP campaign reached its peak on October 22, when spear-phishing emails were sent to governments and armed forces, think tanks, academic researchers, and Ukrainian targets,” Trend Micro explains.