The large amounts of behavioral data being generated today necessitate accurate labels for machine learning classifiers. In an earlier blog post, Large-Scale Endpoint Security MOLD Remediation, we discussed how to remediate labeling noise. In this blog post, we experiment with an unsupervised approach that eliminates the need for learning from labeled data.

The increased connectivity in modern vehicles adds convenience to drivers and passengers. However, it also sets in motion a proliferation of new cyber threats. Automotive manufacturers and suppliers are working to protect against these threats, identifying and implementing best practices needed to make modern vehicles more resistant to cyber-attacks.

As industrial organizations continue to embrace change by leveraging the latest technologies into their daily operations and production cycles, they have also been tasked with embracing remote and hybrid work environments – all while maintaining operational continuity. Utilizing advanced technologies has enabled these organizations to reduce expenses, expedite production time, and elevate customer service levels.

The Trustwave Threat Hunting team has authored a practical guide to help the cybersecurity community address the Linux “polkit” Local Privilege Escalation vulnerability (CVE-2021-4034) by identifying common behavior in exploitation.

Trustwave security and engineering teams became aware of the vulnerability in Polkit's pkexec component identified as CVE-2021-4034 (PwnKit) on January 25. We immediately investigated the vulnerability and potential exploits and continue to actively monitor the situation for our clients. Check your distribution for specific patches. As part of a strong patch management program, ensuring your infrastructure and applications are up to date is critical for mitigating cyber risk..

A new destructive malware called WhisperGate was discovered in mid-January 2022 targeting Ukrainian organizations. This threat emerged during geopolitical conflicts in Ukraine, masquerading as ransomware. However, this malware has a more destructive nature: wiping files and corrupting disks to prevent the OS from loading. Ukraine has suffered other cyberattacks that seem to be connected to WhisperGate, such as the defacement of many websites connected to their governments.

AWS Identity and Access Management (IAM) is a keystone to accessing AWS accounts, but as companies grow, it can be difficult to understand and standardize, especially across many AWS accounts. To put some personality into the challenges of managing identity for multiple AWS resources and accounts, I’ll start with a short story about a fictional company that you might recognize as similar to the one you work in today! ACME Net is growing fast.

In January 2022, Microsoft disclosed a remote code execution vulnerability for Internet Information Server (IIS) identified as CVE-2022-21907, which they have subsequently reported as wormable. Through Microsoft, Corelight Labs was able to review a proof of concept for an attack against the vulnerability. This blog presents an open source detection method that Corelight Labs is releasing to detect exploit attempts of CVE-2022-21907.

There’s a new acronym in town: SSE, which stands for Security Service Edge. If this looks mighty similar to Secure Access Service Edge (SASE), it’s because they are closely related.

Industrial control systems (ICS) are specific kinds of assets and associated instrumentation that help to oversee industrial processes. According to the National Institute of Standards and Technology, there are three common types of ICS.