Attack surface management is certainly a concern for most organizations, but being top of mind does not mean it's easy for organizations to understand or implement. Unfortunately, there are many misconceptions about how hard managing one's attack surface is, so let's deal with five of the most common fallacies. The fact is attack surface management is a lot easier said than done and to be effective, attack surface management demands a strong base of 'cyber hygiene'.

As is tradition with my blog posts, let’s start off a definition of what HTTP pipelining is all about. “HTTP pipelining is a feature of HTTP/1.1 which allows multiple HTTP requests to be sent over a single TCP connection without waiting for the corresponding responses. HTTP/1.1 requires servers to respond to pipelined requests correctly, with non-pipelined but valid responses even if server does not support HTTP pipelining.

Managed vulnerability scanning is a cybersecurity service that uses software, vulnerability scanners, human-led and automated penetration testing, and other tools to help an organization identify, track, evaluate, and mitigate security risks both inside their network and connected external sources. Even organizations with the most sophisticated information technology security professionals are challenged when dealing with the hundreds of new threats released into the wild each month.

SC Media and SC Media Europe have named two of Trustwave’s premiere products, DbProtect and MailMarshal, as a finalist in several award categories the cybersecurity media outlet plans to announce this summer. For 26 years, the SC Awards program has been cybersecurity’s most prestigious and competitive program, recognizing the solutions, organizations, and people driving innovation and success in information security.

Information disclosed in the leaked NTC Vulkan papers allows us to investigate the high probability of cooperation between the Russian private software development company and the Russian Ministry of Defense, namely, the GRU (Sandworm), and possibly others.

Over the past few days, we have seen phishing attacks that use a combination of compromised Microsoft 365 accounts and.rpmsg encrypted emails to deliver the phishing message. At this stage, we are exploring and uncovering different aspects of this campaign and will share here some of our observations to date.

For those wondering what GraphQL is… “GraphQL is a query language for your API, and a server-side runtime for executing queries using a type system you define for your data. GraphQL isn't tied to any specific database or storage engine and is instead backed by your existing code and data.”

For the second year in a row, Trustwave Government Solutions President Bill Rucker was honored by Meritalk with its Cyber Defenders Award. Rucker earned this award, from the federal government IT news and events provider, for driving innovation, advancing the nation’s cybersecurity, and making significant contributions across cyber programs in Federal IT.

A user impersonation feature typically allows a privileged user, such as an administrator, but typically these days, support teams, to sign into an application as a specific user without needing to know the user’s password. This feature allows support teams to see the application as the user would see it, often in relation to following a user journey in the context of that user, in order to see the same error message a user is receiving with a view to resolving the issue.

The days of massive server rooms and having every employee all under one roof may seem like they are gone forever, but for a great many organizations the on-premise work environment is still here and unlikely to be pushed out of service any time soon. Let’s start off with a quick reminder on the importance of security an email system. Email remains the number one attack vector favored by threat actors because it involves humans, who can be a weak link in any security system.