Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

MDR Provider, MSSP or Both? Focus on the Capabilities You Need

Over the last several years, Managed Security Service Providers (MSSP) have evolved, and some have started offering Managed Detection and Response (MDR) services as part of their overall security solution. However, an MSSP lacking MDR capability simply cannot provide the same level of security, particularly in today’s quickly changing environment that has seen remote and hybrid work become the norm.

Cybersecurity in the Year Ahead: The Trustwave 2022 Cybersecurity Predictions

In 2021, the cybersecurity industry was truly tested. Most notably, we uncovered the deeper fallout from the SolarWinds attacks, combatted the proliferation of advanced ransomware gangs and a surge in vulnerability exploitation, and saw fragile supply chain and critical infrastructure more targeted by attackers than ever. As global cyber defenders, predicting where the broad industry could be heading is a daunting task.

The Importance of Speed During Detection and Response: Iranian-Backed Hackers Targeting U.S. Companies with Ransomware

Iranian government-sponsored advanced persistent threat (APT) actors are exploiting known Microsoft and Fortinet vulnerabilities to attack targets with ransomware in the transportation, healthcare and public health sectors, according to an alert issued on Nov. 17 by the Cybersecurity and Infrastructure Security Agency (CISA).

BlackByte Ransomware - Pt 2. Code Obfuscation Analysis

In Part 1 of our BlackByte ransomware analysis, we covered the execution flow of the first stage JScript launcher, how we extracted BlackByte binary from the second stage DLL, the inner workings of the ransomware, and our decryptor code. In this blog, we will detail how we analyzed and de-obfuscated the JScript launcher, BlackByte’s code, and strings.

BlackByte Ransomware - Pt. 1 In-depth Analysis

Please click here for Part 2 UPDATE 19.October.2021 - Based on some reactions and responses to our BlackByte analysis, and specifically, the included decryptor, we wanted to provide an update and some clarification. First off, we’ve updated the decryptor on github to include two new files. One is the compiled build of the executable to make the tool more accessible and the second is a sample encrypted file “spider.png.blackbyte” that can be used to test the decryptor.

A Handshake with MySQL Bots

It’s well known that we just don’t put services or devices on the edge of the Internet without strong purpose justification. Services, whether maintained by end-users or administrators, have a ton of security challenges. Databases belong to a group that often needs direct access to the Internet - no doubt that security requirements are a priority here.

Missing Critical Vulnerabilities Through Narrow Scoping

The typical process when scoping a penetration test is to get a list of targets from the client, which are typically a list of IP addresses and/or hostnames. But where does this information come from, and how accurate is it? Chances are the client has documentation that lists the devices they think they have, and what addresses or names they have been assigned. This documentation will form the basis of the scope when conducting testing or scanning against a target environment.

How Lack of Awareness and Clinging to the Past Threaten Your Networks

The security landscape is always changing. New features are coming out all the time, but often backward compatibility is maintained too. What this means is that while the new features may be present and active by default, it's possible for users to be completely unaware of them and continue using the legacy functionality.

SQL Injection in WordPress Plugins: ORDER and ORDER BY as Overlooked Injection Points

Trustwave SpiderLabs recently undertook a survey of some 100 popular WordPress plugins for possible SQL Injection vulnerabilities. Some good news is that in the vast majority, no such vulnerabilities were identified. Most plugins were found to be using either prepared statements or suitable sanitization when incorporating user-controlled data in a query.