Karl Sigler, Senior Security Research Manager, SpiderLabs Threat Intelligence, conducted a series of briefings in Washington, D.C., to federal officials on April 12-13, giving an update on what Trustwave SpiderLabs researchers are finding with the Russia-Ukraine War, ChatGPT, and current phishing trends. During his time in Washington, Sigler spoke with the U.S. Senate Armed Services Committee, Department of Homeland Security/TSA, Senate staffers, and other departments.

Endpoint detection and response (EDR) solutions are a crucial element of any cyber defense strategy. In general, EDR solutions help companies detect issues on the myriad number of devices their employees use. Although an EDR’s value is apparent there’s a simple way to draw additional value from an EDR system while strengthening your defense in depth strategy by adding a managed detection and response (MDR) solution.

Trustwave was honored during Cyber Defense Magazine in the 11th Annual Global InfoSec Awards at the 2023 RSA Conference, taking home accolades for Managed Detection and Response (MDR) Service Providers and was named the Market Leader in Penetration Testing.

The industry analyst firm Gartner has named Trustwave as a Representative Vendor in its 2023 Market Guide for Digital Forensics and Incident Response Retainer Services. This distinction comes on the heels of Trustwave being named a Representative Vendor in Gartner’s 2023 Market Guide for Managed Detection and Response (MDR).

Yesterday I wrote about some common Request for Proposal (RFP) pitfalls we have seen over the years at Trustwave. (part 1) Trustwave offers a wide range of services — from Managed Detection & Response (MDR), Managed SIEM services from Splunk, Qradar, and Microsoft Sentinel security testing, to complex red team engagements, so we‘ve seen numerous of styles and approaches in the format and presentation of the requests.

Towards the end of 2020, a new vulnerability in MongoDB was found and published. The vulnerability affected almost all versions of MongoDB, up to v4.5.0, but was discussed and patched appropriately. The vulnerability, CVE-2020-7928, abuses a well-known component of MongoDB, known as the Handler, to carry out buffer overflow attacks by way of null-byte injections.

At Trustwave, we see scores of requests for proposal (RFP) in all shapes and sizes, originating from nearly every conceivable industry, seeking solutions to their specific security challenges and desired business outcomes. To help those issuing the RFP and the vendor on the receiving end, I’ve drawn up some simple guidelines to follow that will help your RFP process run smoothly.

U.S. officials confirmed last week that a member of the military photographed and uploaded more than 50 classified documents to a Discord server and other social media sites, again reminding us of the danger insider threats can present to any organization. According to the Associated Press, a member of the U.S. Air National Guard was arrested last week in Massachusetts in connection with the leak.

When researching which managed detection and response (MDR) service provider to partner with, security professionals would do well to consider whether the provider also has experience with threat hunting, a topic we covered in a previous post. As with MDR, however, threat hunting offerings can vary dramatically, and an innovative, human-led form promises significant gains in terms of cyber protection: advanced continual threat hunting.

A little bit of background for those not familiar with chfn… “chfn (change finger) is used to change your finger information. This information is stored in the /etc/passwd file and is displayed by the finger program.

A Chief Information Security Officer is a person who is always in a tough spot. Not only is a CISO responsible for the day-to-day safety of their organization, but they must be able to explain to the C-Suite what is going on from a cybersecurity perspective and do so in language that the other executives understand. After all, what a CISO has to say is all about protecting the business from threats to its computer system and reducing risk, items that need to be on every corporate management agenda.

Trustwave has just launched OT Security Maturity Diagnostic, which is an assessment and advisory service centered on ensuring the security of industrial automation and control systems. OT Diagnostic by Trustwave is optimized to gain insight into an organization’s current state of OT security across people, processes, and technology.

Managed detection and response (MDR) is justifiably one of the fastest-growing areas of cybersecurity, with Gartner estimating 50 percent of organizations will be using MDR services by 2025. But in choosing an MDR service, security pros should take into consideration what kind of expertise the provider can bring to bear – and how that expertise should extend beyond the MDR service itself.

The analyst firm Frost & Sullivan awarded Trustwave the dual honors of being named 2023 Company of the Year for Managed and Professional Security in the Americas, Excellence in Best Practices, and as the Leading Innovator in the 2023 Frost Radar™: Americas Managed & Professional Security Services Market. Trustwave was also recently named a Top 5 Innovator in the Global MDR Radar Report.

In early March, one of the notorious botnets, Emotet, resumed its spamming activities after a 3-month period of inactivity. Recently, Trustwave SpiderLabs saw Emotet switch focus to using OneNote attachments, which is a tactic also adopted by other malware groups in recent months. This analysis is intended to help the cybersecurity community better understand the wider obfuscation and padding tricks Emotet is using.

Trustwave SpiderLabs uncovered a new strain of malware that it dubbed Rilide, which targets Chromium-based browsers such as Google Chrome, Microsoft Edge, Brave, and Opera. Rilide malware is disguised as a legitimate Google Drive extension and enables threat actors to carry out a broad spectrum of malicious activities, including monitoring browsing history, taking screenshots, and injecting malicious scripts to withdraw funds from various cryptocurrency exchanges.

Threat groups intending to cause widespread damage often opt to use a supply chain attack, as seen in the massive supply chain compromise that struck VOIP software provider 3CX on March 29. Trustwave SpiderLabs has issued a blog detailing the attack and upcoming steps to mitigate the problem. Striking an organization's supply chain simplifies the attack process by eliminating the need to strike multiple targets by instead focusing on breaching one organization that is key to many others.