Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Law Enforcement Collaboration Has Eastern-European Cybercriminals Questioning Whether There Is A Safe Haven Anymore

Through the active Dark Web research that Trustwave SpiderLabs conducts for its clients, we have observed new communications on various Dark Web forums between Eastern-European cybercriminals. Based on the conversations that we’ve collected, a segment of cybercriminals is now worried that the Russian authorities may be actively hunting them down.

Cloud Threats Memo: Hard Statistics About Poorly Secured Cloud Accounts

Cloud accounts continue to be a valuable target for cybercriminals: not only do the resources of a compromised IaaS environment grant an immediate profit for the attackers, but the same infrastructure also provides a trusted environment to launch attacks against other targets.

10 Ways to Reduce Cybersecurity Risk for Your Organization

‍Cybersecurity breaches have been on the rise, and it's expected that by 2023, they'll have grown to 15.4 million. While technological advancements have made it easy for organizations to upgrade their security measures, malicious hackers are now using sophisticated tools. This means that in addition to implementing strict cybersecurity policies, you also have to take proactive measures to reduce your cybersecurity risks.

The Cybersecurity Skills Gap: Myth or Reality?

Take a glance on social media on any given day, and we’ll hear from commentators stating how there is a (cyber) skills gap and that it must be addressed if we are to meet the challenges we are all increasingly facing. Let’s be clear about something before we continue. If we are saying that there is a skills gap, then there are organizations out there that are ready to hire cybersecurity professionals now.

CIS Control 14: Security Awareness and Skill Training

Users who do not have the appropriate security awareness training are considered a weak link in the security of an enterprise. These untrained users are easier to exploit than finding a flaw or vulnerability in the equipment that an enterprise uses to secure its network. Attackers could convince unsuspecting users into unintentionally providing access to the enterprise network or exposing sensitive information.

How Subcontractors Can Identify CUI Data in Google Workspace

The US federal government has increasingly focused on supply chain security in recent years, which puts added pressure on subcontractors to not be the weakest link. Due to the nature of federal contracts, government contractors typically possess data called Controlled Unclassified Information, or CUI, if they supply goods or services directly to the federal government.

Why the U.S. Government is scaling their cyber visibility practices with Elastic

Amid a growing network of endpoints to support telework and cloud-based applications, US federal civilian agencies are protecting government resilience and resources with a new Continuous Diagnostics and Mitigation Dashboard (CDM Dashboard) built on the Elastic search platform. At a recent MeriTalk Cyber Central: Defenders Unite event, participants learned about how Elastic, in partnership with ECS, enables security operations center (SOC) teams with cyber visibility at speed and scale.

Insider Threat Techniques and Methods to Detect Them

Detecting malicious activity takes weeks or even months despite the many efforts companies put into building cybersecurity threat detection systems. You can increase your chances of uncovering malicious activity by studying insider threat techniques and applying diverse detection methods. In this article, we discuss the most common techniques behind insider threats and their possible indicators as well as ways you can detect insider threats in an efficient manner.

Redscan analysis of NIST NVD reveals record number of vulnerabilities in 2021

Our latest analysis of the National Vulnerability Database (NVD) has revealed that 2021 has now officially broken the record for common vulnerabilities and exposures (CVEs) logged by researchers. NIST is the US National Institute of Standards and Technology, and its National Vulnerability Database (NVD) is a repository of Common Vulnerabilities and Exposures (CVEs).