ModSecurity is an open-source Web Application Firewall (WAF) engine maintained by Trustwave. This blog post discusses an issue with four transformation actions that could enable a Denial of Service (DoS) attack by a malicious actor. The issue has been addressed with fixes in v3.0.10. ModSecurity v2 is not affected.
The recent Trustwave SpiderLabs report, Cybersecurity in the Healthcare Industry: Actionable Intelligence for an Active Threat Landscape, offers a detailed look at the typical attack flow used in a variety of cyberattacks. The attack flow discussed in the report focused on what a healthcare organization might face, but for the most part, attack flows stay the same regardless of the vertical being attacked.
For the second consecutive year, Information Security Group (ISG) named Trustwave a Rising Star in Managed Security Services (MSS) for U.S. Large Accounts and for the first time as a Leader in MSS for U.S. Midmarket in its 2023 Provider Lens™ Quadrant Report. ISG recognized Trustwave for its holistic offering with enhanced visibility, continuous threat monitoring and hunting, and its elite partnerships.
The concept of Offensive Security is often misunderstood by clients who often confuse it with penetration testing, but these two solutions, while both vital, are in fact quite different. Offensive Security is a popular industry umbrella term for all things pertaining to an organization's strategy surrounding cybersecurity, whereas penetration testing is more singular involving security teams attempting to break into a client’s systems.
The Trustwave SpiderLabs team conducted a months-long investigation into the cyber threats facing the healthcare industry and has provided a roadmap displaying how threat actors conduct an attack, methodologies used, and what organizations can do to protect themselves from specific types of attacks.
In their latest report titled "Cybersecurity in the Healthcare Industry: Actionable Intelligence for an Active Threat Landscape," the Trustwave SpiderLabs team reveals the data from a months-long investigation focusing on the cyber threats the healthcare industry is currently grappling with.
With more than 2.5 million cybersecurity positions unfilled globally, the cybersecurity field is facing a severe shortage of talent, with an increasing demand for skilled professionals to combat the ever-evolving threats in the digital landscape.
As they say, when it rains, it pours. Recently, we observed more than 3,000 phishing emails containing phishing URLs abusing services at workers.dev and pages.dev domains.
To obtain a better perspective of attacks worldwide, Trustwave has implemented a network of honeypots located in multiple countries across the globe. By distributing honeypots in such a manner, we can gather a reliable set of information on the methods and techniques used by attackers and their botnets. In our pursuit to explore the current threat landscape, we established a honeypot sensors network across six countries: Russia, Ukraine, Poland, UK, China, and the United States.
Building and maintaining a strong, diverse, and technically effective cybersecurity workforce can prove difficult, but one method of simplifying this task is using a cybersecurity workforce skills framework to review the composition of an organization's current cybersecurity function.
