On February 9, the U.S. Securities and Exchange Commission (SEC) issued proposed rules regarding cybersecurity risk management for investment advisers, registered investment companies, and business development companies. It's no surprise that the SEC is taking a more active role in this, given their continued interest in cybersecurity issues and high-profile ransomware attacks.

If you work in networking or security, you have probably gotten used to the acronym stew that makes up the technology industry at times. By now you have surely heard the latest buzzword and what industry analysts have coined as security service edge (SSE). SSE is essentially the consolidation of Firewall-as-a-Service (FWaaS), secure web gateway (SWG), cloud access security broker, and Zero Trust Network Access (ZTNA) delivered as a cloud service.

In January 2022, Netskope analyzed a destructive malware named WhisperGate, wiping files and corrupting disks during the aftermath of a geopolitical conflict in Ukraine. On February 24, the conflict escalated with Russian attacks in Ukraine, followed by a series of DDoS attacks against Ukrainian websites. On February 24, 2022, a new malware called HermeticWiper was found in hundreds of computers in Ukraine. HermeticWiper corrupts disks on infected systems, similar to WhisperGate.

Our diverse global Snykers are united by our core values. In addition to building a strong business, we also collectively lead with passion and empathy for each other, our customers, the communities where we live and work, and our planet as a whole. To paraphrase Dr. King, we believe that a threat to freedom or justice anywhere threatens these innate rights everywhere. Today, as the Ukrainian people are being affected directly, we are all affected indirectly.

In this episode of the Trustwave CISO Bytes Podcast, host David Bishop, Chief Information Security Officer at Trustwave, sits down with Kory Daniels, Global Director, Cyber Defense Consulting at Trustwave, to discuss the Russia and Ukraine crisis, its impact on cybersecurity, and how organizations in operational technology, critical infrastructure and beyond can harden their cyber defenses against nation-state threats.

This blog was jointly written with Santiago Cortes.

Our previous blog post on authentication security covered six most common authentication vulnerabilities. In this post, we will discuss a few best practices that help avoid authentication vulnerabilities and defeat specific attack vectors. Below are the six best practices to secure the authentication process.

Data breaches are increasing in frequency and severity. Following a data breach, most companies have protocols in place to contain the breach, assess the damage, and tighten their security to ensure the incident is not repeated. While this is a standard process for organizations to go through, would you be surprised to learn that cybercriminals do the exact same thing when their underground forums are revealed or exploited?

Almost a year since the Colonial Pipeline ransomware attack on critical infrastructure occurred, the question still looms large: not whether such an incident could happen again, but when?

-On February 23, 2022, multiple security vendors with a business presence in Ukraine identified a new wiper malware primarily impacting Ukrainian organizations in at least the aviation, defense, financial, and IT services industries. In at least one intrusion, Symantec observed the wiper malware impact devices in Lithuania. -Researchers identified HermeticWiper shortly after a DDoS attack targeted Ukrainian websites earlier that day.