Not every organization's security apparatus is built or funded at the same level. For smaller organizations or those with other needs competing for budget, here are some points that show it's possible to do more with less. To drive meaningful progress and ensure a robust security posture, it's the C-suite and the board must collaborate and focus on three key areas: coverage, consolidation, and assurance.
The digital world relies on data, which because of its considerable value, is constantly targeted by skilled cybercriminals who have spent years developing methods and tools to gain access to even the most secure databases. Never mind those databases whose owners only pay lip service to security. Traditional security approaches that focus on network perimeters are no longer sufficient in today's evolving threat landscape.
Calendars are great and serve a wide range of purposes. Paper calendars, digital calendars, calendars with Garfield or Peanuts comics, they all have the ability remind us of birthdays, the first day of school, garbage pick-up day and holidays. So, let’s make sure your calendar has October marked down as Cybersecurity Awareness Month.
Trustwave has achieved two highly sought-after achievements from Microsoft, reaching Microsoft Verified Managed Extended Detection and Response (MXDR) Solution status and becoming a FastTrack Ready Partner for Microsoft 365. These achievements will allow Trustwave to utilize the skills of its elite SpiderLabs team to better secure clients and deeper security solutions and integration with Microsoft Sentinel and Defender.
Let’s try something a bit different and take a look at some of Trustwave SpiderLabs’ Open Source Intelligence (OSINT) research findings, and exploitation of vulnerable buckets and domains. I published this research internally on February 3, 2023, and here are my findings. Today, I will share with you how deleted S3 buckets could become a liability or threat to your organization and highlight the importance of cybersecurity in data and asset management.
What started out as a standard Red Team test designed to check the security capabilities of several Australian hospitals, led to a chain of events that eventually uncovered serious security flaws in remote-capable insulin pumps that, if abused could have had disastrous consequences. The hospitals, all of which are part of a connected healthcare system, had contracted with Trustwave to conduct the Red Team tests against several of their facilities.
When conducting Red Team engagements, more than one Command and Control (C2) framework would typically be used as part of our delivery process and methodology. We would be unintentionally limiting our options if we only had one Command and Control framework to depend upon, which would be less realistic when comparing it to an attack from real threat actors who seem to have infinite time and resources available. The use of multiple Command and Control frameworks is essential.
In today's rapidly evolving digital landscape, data stands as the linchpin of modern business operations. However, safeguarding sensitive data has grown into a formidable challenge for enterprises in recent times. The surge in data volume and escalating threats are not the sole culprits; the pivotal shift toward digitalization has prompted organizations to migrate their data and IT infrastructure to a diverse blend of private and public clouds.
ChatGPT and other Large Learning Modules have been in use for less than a year, yet these applications are transforming at an almost exponential rate. The changes taking place present an odd duality for the cybersecurity world. It is both a boon and a danger to security teams. In some cases, enabling teams to do more with less.
In the ever-evolving landscape of malware threats, threat actors are continually creating new techniques to bypass detection. A recent discovery by JPCERT/CC sheds light on a new technique that involves embedding a malicious Word document within a seemingly benign PDF file using a.doc file extension.
