It may sound counterintuitive, but the Dark Web presents an invaluable opportunity for businesses to flip the script on hackers. The Dark Web remains a relatively hidden digital space that comprises upwards of 5 percent of the entire internet. This is where cybercriminals go to peddle sensitive and valuable data after breaching vulnerable business networks.

Trustwave security teams are aware of two zero-day vulnerabilities (CVE-2022-41040 and CVE-2022-41082) impacting Microsoft Exchange Server 2013, 2016, and 2019 and organizations with Outlook Web Access facing the Internet. If exploited, the vulnerabilities can allow an attacker to elevate privilege and remote code execution capability. We immediately investigated the vulnerabilities and potential exploits and continue to monitor the situation.

The Broadway Tower in Worcestershire, England is a famous structure. It’s inspiring, beautiful, and at 62 feet high, like other similar buildings, it’s a folly. While it looks grand inside and out, it serves no purpose than to be a decoration. It’s all too easy to buy a set of policies and procedures, change the company name and some other details, then present it as an application development and security program.

After years of falling behind, the construction industry has realised the importance of its data. Construction-related businesses invested a remarkable 188% more in cybersecurity in 2018–19. Data leaks and cyberattacks have jolted sectors worldwide, affecting everyone. 55% of UK businesses experienced a cyberattack in 2019 alone, and the average damage resulting from breaches is £176,000.

Another week, another supply chain incident. It’s been only nine days since the Mend research team detected the dYdX incident, and today we have detected another supply chain malicious campaign. On October 02, 2022 at 12:12 UTC, a new npm account was registered, and a package called nuiversalify was immediately uploaded. The same threat actor then proceeded to publish more typo/spellcheck squattings of popular packages until 14:03:29 UTC, with small but irregular time gaps between uploads.

Mandiant has reported an instance in which a group of North Korean hackers tainted the PuTTY SSH client through a malicious ISO package.

Mimikatz provides a variety of ways to , but one of the most alarming is the DCSync command. Using this command, an adversary can simulate the behavior of a domain controller and ask other domain controllers to replicate information — including user password data. In fact, attackers can get any account’s NTLM password hash or even its plaintext password, including the password of the KRBTGT account, which enables them to create Golden Tickets.

Active Directory accounts with elevated privileges pose a serious security risk: They are a top target for attackers because they provide administrative access to systems and data, and they can also be misused by their owners, either deliberately or accidentally. Therefore, it’s critical for IT teams to keep close track of accounts with elevated permissions.

Despite the ongoing rise in social engineering attacks, the idea that cybersecurity is only about technology manifests within most of our minds. Organizations often neglect human behavior's impact on their cybersecurity postures. Instead, they spend lavishly on endpoint security tools, threat hunting programs, and building incident response plans. Admittedly, these security measures are a crucial part of mitigating attacks.