Forrester recently predicted that in 2022, 60% of security incidents would involve third parties. Yikes! With such a large percentage of incidents taking place outside the confines of their organizations, corporate leaders need to know what to do to protect their business. So, here is a list of items to address to succeed at supply chain risk (SCR) management.

As Data Privacy Day once again rolls around, we can look back at some healthy improvements when it comes to privacy that organizations made over the previous 12 months. We can also use this yearly reminder on such an important topic to look forward to the coming year to pinpoint where additional changes are needed.

During an investigation of a malware campaign, I discovered that multiple emails were bypassing a specific email security system. Interestingly, there were no bypass techniques used. Instead, the flood of spear-phishing emails made the email security system allow some of the emails, at which point I began my research on Microsoft Outlook. The issue in this case was that the specially crafted malicious link parsing on the security system was weak.

The Trustwave Threat Hunting team has authored a practical guide to help the cybersecurity community address the Linux “polkit” Local Privilege Escalation vulnerability (CVE-2021-4034) by identifying common behavior in exploitation.

Trustwave security and engineering teams became aware of the vulnerability in Polkit's pkexec component identified as CVE-2021-4034 (PwnKit) on January 25. We immediately investigated the vulnerability and potential exploits and continue to actively monitor the situation for our clients. Check your distribution for specific patches. As part of a strong patch management program, ensuring your infrastructure and applications are up to date is critical for mitigating cyber risk..

In the wake of the takedown of the REvil/Sodinokibi ransomware gang by the Russian Federal Security Service (FSB) on January 14, Eastern-European cybercriminals are feeling the ground shake. In the days following the FSB action, Trustwave SpiderLabs researchers have analyzed a slew of Dark Web chatter and have found that this potential new world is breeding fear in that community.

There are truisms that span history. One truism is that a single mistake can lead to disaster, and to some extent the series of vulnerabilities affecting the organizations that use Apache Log4j.

Reuters reported on Friday that the Russian Federal Security Service (FSB) and local police launched a series of raids against members of the REvil/Sodinokibi ransomware gang at the request of the United States. More than a dozen arrests were made with millions in cash and goods being confiscated by authorities. This unprecedented action from the Russian Federal Security Service aligns with the fear that we've observed while conducting cybercriminal chatter reconnaissance on the Dark Web.

Organizations across industries are increasingly concerned about their cybersecurity posture and overall ransomware preparedness – and rightfully so – with the 64% increase in attacks from 2019 to 2020 (304 million attacks worldwide in 2020). We have also seen a 2x increase in demand for ransomware preparedness assessments and exercises.

Since the return of the Qakbot Trojan in early September 2021, especially through SquirrelWaffle malicious spam campaigns, we’ve received a few Qakbot samples to analyze from our Trustwave DFIR and Global Threats Operations teams.

First reported by The Record, the FBI has issued a new security Flash Alert warning organizations that the cybercrime gang FIN7 is again sending malicious USB drives to U.S. business targets in the transportation, insurance and defense industries through the U.S. Postal Service and United Parcel Service. This latest wave of attacks began in August 2021 with FIN7, which is also known as Carbanak Group and Navigator Group. The drives can be recognized by the LilyGo label on the case.

The need for strong cybersecurity has reached critical mass. Seventy-six percent of security leaders have reported an increase in cyber-attacks over the past year -- accelerated by the COVID-19 pandemic and a rapid shift from an in-office to a remote workforce and on-premises to cloud infrastructure.

Ransomware has quickly become one of the most prevalent cyber threats facing organizations today. Unfortunately, the cybercriminal community has latched onto this attack method because infections can quickly cause devastating damage to the victim, and strikes are incredibly easy to launch at scale. The best way to ensure that your organization does not fall victim to a ransomware attack is to understand what happens when an attacker injects this type of malware into a system.