This blog examines some interesting aspects of the recent reforms to Australia's Security of Critical Infrastructure Act - specifically related to the new risk management obligations that have been introduced. We'll unpack some of the ambiguities that exist and remain to be clarified in this specific area of the reforms.

Trustwave security teams are aware of two zero-day vulnerabilities (CVE-2022-41040 and CVE-2022-41082) impacting Microsoft Exchange Server 2013, 2016, and 2019 and organizations with Outlook Web Access facing the Internet. If exploited, the vulnerabilities can allow an attacker to elevate privilege and remote code execution capability. We immediately investigated the vulnerabilities and potential exploits and continue to monitor the situation.

Trustwave announced today that it has attained Gold competency in security in the Microsoft Partner Network, a mark reached by only 1% of all Microsoft partners. This certification, awarded upon rigorous review of technical certifications and innovative solutions, represents Microsoft’s highest level of partner recognition for aligning technical expertise to customer needs.

Vitrea View is a tool that uses the DICOM standard to view medical images. If exploited an attacker could access patient information and obtain additional access to various services associated with Vitrea View..

Trustwave, a leading provider of Managed Security Services, has been named a Representative Vendor in the Gartner® 2022 Market Guide for Managed SIEM Services. In the report, Gartner analysts Al Price, John Collins, Andrew Davies, Mitchell Schneider, and Angel Berrios provide an updated definition of Managed SIEM Services along with how Managed SIEM, which is also known as a managed SoC or SoC as a service.

For the sixth consecutive year, Trustwave has been named a Top 10 MSSP by MSSP Alert in its 2022 Top 250 MSSPs List. Trustwave garnered 7th place on MSSP’s list, a strong indicator of the company’s status as a managed security service provider.

I know many will read this title and think that I am crazy. If I am compliant with NIST, HIPAA, ISO, PCI, etc., then I am running a secure network. And to a point that is true. But let’s look at it this way. If you are driving down the interstate at the posted speed limit and are keeping three car lengths between the driver in front of you, are you truly safe and secure on the interstate?

At the beginning of the Russia-Ukraine conflict, KillNet - a Russian cybergang - began actively collecting open-source intelligence (OSINT), which drew interest from various threat actor groups. Heightened interest in the OSINT data led to additional actors joining , growing its membership to include not only Russian cyber criminals, but uniting other cyber gangs sympathetic to Russia.

Cybersecurity and Infrastructure Security Agency’s (CISA) has released their 2023-2025 Strategic Plan, its first comprehensive strategic plan since the agency was created four years ago. “This is an important step in planning and preparing to combat the evolving cyber threats,” said Bill Rucker, president of Trustwave Government Solutions (TGS). “I appreciate the emphasis on working with the private sector in the plan.

Trustwave MailMarshal has received a major upgrade to version 10.0.5 adding proprietary technologies to greatly increase the security tool’s ability to detect phishing emails, spam and malicious URLs. MailMarshal is already highly effective against phishing, but the new version’s phishing detection ability is boosted by being able to detect 40% of previously ‘hard to detect' samples the addition of these new capabilities.