Trustwave has recreated new Managed Detection and Response (MDR) services to deliver unmatched capabilities tailored to fit an organization regardless of size or budget. While larger organizations may have the resources for heavy security investments, small and medium enterprises (SME) often struggle to keep up with this punishing pace and finding enough qualified security personnel can be even more challenging with the ongoing skills shortage.
“Safe travels!” It’s been a long time since most of us have uttered that phrase. Now we’re saying it with increasing regularity as family members, friends and colleagues are traveling again with greater ease and confidence. I’d like to suggest that when those of us in the security industry wish someone a safe trip, we use the opportunity to remind them of the increased cybersecurity risk they now face and share our expertise for how to protect themselves.
Our threat intelligence recently shared several threats they’ve uncovered through monitoring our B2B platform, in our recent report: Keeping pace with emerging threats: Summer 2022 roundup. One of the standout threats to keep your users aware of is a group of phishing emails impersonating Ukrainian charitable appeals – specifically those requesting cryptocurrency donations.
As organizations transition from monolithic services in traditional data centers to microservices architecture in a public cloud, security becomes a bottleneck and causes delays in achieving business goals. Traditional security paradigms based on perimeter-driven firewalls do not scale for communication between workloads within the cluster and 3rd-party APIs outside the cluster.
The Payment Card Industry Security Standards Council has released its first update to their Data Security Standard (PCI DSS) since 2018. The new standard, version 4.0, is set to generally go into effect by 2024, but there are suggested updates that are not going to be required until a year after that. This, of course, creates a couple of problems for those who want to phase in the new standard.
Securing sensitive data in today’s digital world has become increasingly complex and challenging, especially if parties practice poor data management, network security, encryption methods, or endpoint protection. As cyber attacks continue to grow, it’s absolutely necessary to maintain stronger cybersecurity practices.
Generating a generic content security policy is easy. Manually managing those policies to ensure they operate effectively and provide the right level of security is an entirely different issue. For businesses willing to make the shift, an automated content security policy can significantly ease the policy management burden.
The volume and frequency of ransomware attacks have increased significantly this past year. In fact, the number of ransomware attacks has nearly doubled in 2021 as compared to 2020. The impact of a breach is multi-fold and stretches well beyond the commonly acknowledged risks of downtime cost, impact on the brand, and the actual ransom paid. This has prompted a paradigm shift in how organizations and system integrators look at their cybersecurity strategy.
It’s been over two years since offices around the world closed their doors, sending employees to work from home to ride out a series of pandemic lockdowns. Those two years saw a succession of commands to close, reopen, close again, and reopen again, during which office workers in many industries embraced remote work and the benefits of eliminating the commute and providing a better work-life balance.
A few weeks ago, a new version for Fastjson was released (1.2.83) which contains a fix for a security vulnerability that allegedly allows an attacker to execute code on a remote machine. According to several publications, this vulnerability allows an attacker to bypass the “AutoTypeCheck” mechanism in Fastjson and achieve remote code execution. This Fastjson vulnerability only recently received a CVE identifier – CVE-2022-25845, and a high CVSS – 8.1.
