Phishing is the most common method for an attacker to gain an initial foothold in an educational organization, according to the just released Trustwave SpiderLabs report 2024 Education Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies. Why phishing? Simplicity is the primary reason.

In late January, the UK’s National Cyber Security Centre (NCSC) issued the draft of its Code of Practice on Cybersecurity Governance. The document's goal is to raise the profile of cyber issues with organizational directors and senior leaders and encourage them to shore up their defenses from cyber threats.

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s incumbent upon healthcare organizations to limit their exposure, and minimize the likelihood of cyberattacks.

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber weaknesses, especially when it comes to ransomware.

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow won’t impact ransomware overall. As in the past, another group will pick up the slack, or LockBit itself will reform and get back into business.

Ten years ago, Congress passed the "CAN-SPAM Act" (also known as theYou-CAN-SPAM Act, since it defined legal spam and supersedes any stricter state-antispam laws). One of the provisions of the act is that there must be a legitimate physical address in the email. Spammers have long tried different tactics to get around this.

Just weeks after Trustwave SpiderLabs reported on the Greatness phishing-as-a-service (PaaS) framework, SpiderLabs’ Email Security team is tracking another PaaS called Tycoon Group. The team found Tycoon Group during a regular investigation into a phishing incident, and its distinctive method of communication to its phishing server convinced the team to further explore this active PaaS operation.

Trustwave SpiderLabs is wrapping up a multi-month investigation into the threats facing the education sector, across higher education, primary and secondary schools. Trustwave will post the 2024 Education Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies report on February 22, but here are a couple of early findings along with a round-up of some of the higher-profile attacks on education targets that have taken place in the last year.

Many organizations downplay the critical aspect of whether their cybersecurity provider has the ability to properly vet a third-party vendor's cybersecurity posture. There are multiple reasons behind this and there are also considerations of where the cybersecurity vetting process can go off the rails during supply chain purchases.

For the fifth consecutive year, the leading channel publication CRN named Trustwave to its 2024 Managed Service Provider (MSP) 500 list in its Security 100 category. The Trustwave Global Channel Partner Program earned recognition for providing one of the industry's most extensive collections of security products and services. These offerings cater to enterprise requirements in threat detection and response, as well as vulnerability and risk management.

In today's digital landscape, ensuring robust security for your mobile applications is paramount. With attackers constantly evolving their techniques and targeting vulnerabilities, adopting DevSecOps is more important than ever, and it is part of any solid program of adding proactive measures to safeguard your mobile apps.

Cyber threats can originate from anywhere around the globe. For services such as managed detection and response (MDR) to effectively defend against them requires a managed security service provider (MSSP) that likewise has a global footprint. The top 10 countries from which distributed denial-of-service attacks (DDoS) originate include China, Brazil, India, Indonesia, Russia, and Germany, according to data collected by the cloud services company Cloudflare. At the same time, the U.S.

During an Advanced Continual Threat Hunt (ACTH) investigation that took place in early December 2023, Trustwave SpiderLabs discovered Ov3r_Stealer, an infostealer distributed using Facebook advertising and phishing emails. SpiderLabs’ “Facebook Advertising Spreads Novel Malware Variant,” is an in-depth dive into Ov3r_Stealer, exposing what the Threat Hunt team learned about the threat actors, their techniques, tactics, and procedures and how the malware functions.

The integration of Artificial intelligence (AI) is forcing a significant transformation in the business operations landscape. Through automation, data analysis and predictive capabilities, AI is reshaping how businesses operate as companies look to spur productivity.

Trustwave MailMarshal is now listed on the Microsoft Azure Marketplace, an online store for solutions that are built on or built for Azure and intended for IT professionals and developers. Trustwave MailMarshal joins an illustrious list of IT software applications and services built by industry-leading technology companies.