Trustwave has received the Frost & Sullivan Excellence in Best Practices Company of the Year Award in the Americas Managed Security Services (MSS) market, recognizing Trustwave as being at the forefront of innovation and growth in this category.

External attack surface management (EASM) is the continuous exercise of managing cybersecurity risks associated with an organization’s external-facing digital assets. The process includes monitoring, identifying, reducing, and mitigating risks present across an organization’s external attack surface.

On September 3, 2024, Zyxel released patches for a critical OS command injection vulnerability, identified as CVE-2024-7261, affecting Access Points (APs) and security routers. This vulnerability stems from improper handling of special elements in the “host” parameter within the CGI program of certain AP and router versions, potentially allowing an unauthenticated attacker to execute OS commands by sending a specially crafted cookie to the vulnerable device.

On September 4, 2024, Cisco released fixes for two critical vulnerabilities in Cisco Smart Licensing Utility (CSLU), a tool used to manage licenses across Cisco products in a network. Cisco has stated that these vulnerabilities are only exploitable if the Smart Licensing Utility is actively running and has been started by a user. Note: These vulnerabilities do not impact Cisco’s Smart Software Manager On-Prem or Satellite.

A good deal of my time and efforts in educating customers today is around object storage in general and AWS S3 in particular. In case you missed it 11:11 Systems has recently taken our partnership with AWS to the next level, making all of their S3 class storage available to you with our award winning support and flexible pricing options.

Security is a top buying requirement for businesses today. In fact, two-thirds of respondents to our State of Trust survey say that customers, investors, and suppliers are increasingly looking for proof of security and compliance. As concerns around in-house security practices, third-party tools, and access to customer data grow, customer expectations for trust continue to rise. ‍

In an ironic twist of fate, cybercriminals seeking to exploit stolen credentials have found themselves the targets of a new scheme. Security researchers recently uncovered a malicious campaign in which hackers were lured into downloading infostealer malware through a seemingly legitimate tool for checking compromised OnlyFans accounts. This development serves as a reminder that even those lurking on the dark web are not immune to digital risks.

Over the past decade, Bitcoin’s value has increased more than 200-fold. Similarly, other cryptocurrencies have also seen significant growth, prompting many individuals to engage in mining for profit. This rise in cryptocurrency mining has led to a substantial increase in the use of cryptominers. As organizations increasingly migrate their computing workloads to the cloud for various benefits, attackers have shifted their focus to these cloud resources for cryptocurrency mining.

Dynamic Application Security Testing (DAST) is an advanced testing method that tests the production environment and analyzes application security at runtime. This type of black box testing identifies real-world vulnerabilities externally without much need for insights into the product provenance of any single component. By simulating real-world attacks in your system, DAST identifies critical security gaps that other vulnerability assessments and static methods might miss.

The Enterprise OPA Platform’s low-code policy builder empowers product owners and security analysts to design, review, and experiment on application permission logic directly.