Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

August 2024

Incident Response Testing: An Australian Perspective

In today's rapidly evolving digital landscape, organizations must be prepared for the inevitable occurrence of cybersecurity incidents. Incident response testing is a critical component of a robust cybersecurity strategy, ensuring an organization can swiftly and effectively respond to incidents when they occur.

Trustwave Named the Innovation Leader by Frost & Sullivan for the Americas and Europe

The analyst firm Frost & Sullivan has recognized Trustwave with the dual honors of being positioned as the Innovation leader in its 2024 Managed Security Services (MSS) Radar, Americas, and 2024 MSS Radar, Europe, the second time Frost & Sullivan has recognized Trustwave as such in the Americas.

Exposed and Encrypted: Inside a Mallox Ransomware Attack

Recently, a client enlisted the support of Trustwave to investigate an unauthorized access incident within its internal cloud-based environment, leading to the deployment of Mallox ransomware by threat actors to its server. A misconfiguration allowed unauthorized individuals to bypass security restrictions. This blog details the initial access method, the tools used to execute their operations, and an analysis of the Mallox ransomware.

Protecting Patient Safety: Trustwave's Role in Healthcare Cybersecurity

The healthcare industry's digital transformation has brought unprecedented advancements in patient care. However, it has also introduced new vulnerabilities that put sensitive patient data at risk. Cybersecurity is no longer an option but a critical component of delivering safe and effective care. Threat actors have no compunction about taking advantage of this increased threat surface.

The Willy Wonka World of Application Security Defenses

One doesn’t have to be a magician to understand how to track the hundreds, if not thousands, of applications that are running on your network. To lighten the load and eliminate the need for having supernatural abilities, let’s go over some simple tasks a security defender can take to track, detect, and even block application threats.

Trustwave Data Reveals HTML Attachments, QR Codes, and BEC as Top Email Attack Vectors

The Trustwave SpiderLabs team regularly collects a trove of data while protecting clients from email-based attacks. HTML attachments, malicious QR codes, and business email compromise (BEC) are the favored attack methods. A recent snapshot of data from June 2024 from Trustwave MailMarshal shows that email-based threat actors still favor HTML attachments to deliver a variety of malware types.

The Power of Multifactor Authentication and a Strong Security Culture

The business mantra "employees are our number one asset" is true for many reasons. Including helping protect an organization from cyber threats. An organization can have the finest security technology stack available, employ offensive security measures such as penetration tests, and have a cybersecurity vendor on speed dial in case an incident occurs. However, if its workers are not cybersecurity conscious, all that effort and financial outlay will be wasted.

Trustwave Earns Dual Honors in ISG's 2024 Provider Lens Quadrant Reports

Trustwave was awarded a pair of honors from the industry analyst firm ISG, being named a Leader in the US for Managed Security Services – SOC (Midmarket) and as a Rising Star in the UK for Managed Security Services – SOC (Midmarket) in ISG’s 2024 Provider Lens Quadrant Reports for these regions. This is the second consecutive year Trustwave was named a Leader in MSS for the US (Midmarket).

Trustwave Government Solutions Attains StateRAMP Authorization Status

Trustwave Government Solutions (TGS) has attained authorized status by the State Risk and Authorization Management Program (StateRAMP) for its Government Fusion platform. "State and local agencies rely heavily on their technology partners to strengthen their cybersecurity postures, and we're proud to be able to deliver a solution that meets or exceeds their elevated security requirements," said TGS President Bill Rucker.

Active Defense and Offensive Security: The Two Sides of a Proactive Cyber Defense Program

Offensive security and active defense may appear at first glance as contradictory cybersecurity solutions, but when paired, they create complementary and robust protective solutions. Let's take a quick look at what each solution offers before we go into the details. Offensive security involves attempting to identify flaws in an organization before a threat actor has a chance to exploit them.

The Bug Stops Here: Using DevSecOps Workflows for Pest-Free Applications

Developers and cybersecurity have an interesting relationship. Developers have no problem with security operations just as long as they’re not involved or adding security doesn’t slow down their development cycle. Thankfully, well-documented security operations — known as DevSecOps — assist with the software development lifecycle (SDLC) and perform mostly invisibly from the developer’s perspective.

Deep Dive and Simulation of a MariaDB RCE Attack: CVE-2021-27928

In early 2021, a new vulnerability, identified as CVE-2021-27928, was discovered and published. It affects multiple versions of the open-source relational database management systems (RDMBS) MariaDB and Percona Server, and the wsrep (write set replication) plugin for MySQL. Fortunately, security professionals swiftly released a patch to ensure that affected systems could be updated to mitigate risks.

When Patching Goes Wrong: Lessons Learned from The CrowdStrike Incident

Patches are a way of life for any network administrator and are the most efficient method in place to ensure systems are running the most up-to-date and secure versions of their various software applications. For the most part, updates take place behind the scenes, with the average person only noticing a patch being installed when they are asked to reboot their machine to install the new version.

Defending Healthcare: Trustwave's Dedication to Fight Cyber Threats to Patient Safety

Hospitals face a challenging dilemma: delivering the highest quality of medical care while shielding patient and family data from ever-evolving cyber threats, all while ensuring that critical operations continue uninterrupted. At Trustwave, we understand the immense pressure hospitals are under and are dedicated to creating a safer digital environment where healthcare providers can thrive, and patients receive the uncompromised care they deserve.

Trustwave Rapid Response: Mitigate Windows TCP/IP RCE Vulnerability (CVE-2024-38063)

Microsoft has disclosed a critical (CVSS 9.8) TCP/IP remote code execution (RCE) vulnerability that impacts all Windows systems utilizing IPv6. To conduct this attack, threat actors can repeatedly send IPv6 packets that include specially crafted packets. By doing this, an unauthenticated attacker could exploit this vulnerability, leading to remote code execution. Systems that have IPv6 disabled are not susceptible to this vulnerability.

The Art of Deception: Turning the Tables on Attackers with Active Defenses

Once an attacker enters your network, one of their first actions will be to try and hide their tracks by blending in, using methods of deception such as mimicking normal user activities. A cyber defender can also use methods of deception to detect and slow the advance of these adversaries. This is known as an active defense. This article will discuss some methods of using Active Defences, sometimes referred to as ’deceptions,’ as one part of a comprehensive cyber defense strategy.

Balancing Escalating Security Concerns While Pursuing Business Innovation

Australia's business leaders face a complex and rapidly evolving market landscape that is highly competitive, globally interconnected, and demands a proactive approach to risk management. As continued technological innovation drives business development, efficiency, and success, it simultaneously empowers malicious threat actors to evolve and attack successful businesses more sophisticatedly.

How to Limit Extra Costs When Implementing Microsoft E5 Security Products

The Microsoft 365 E5 license gives you access to a slew of valuable Microsoft Security products that will cover you quite well for all your enterprise security monitoring needs. However, monitoring is only part of the security equation; the resources and services you add to it will help you get real value from E5.

Unleashing the Power of Microsoft Security with Trustwave

Tectonic shifts are occurring across the cyber landscape, and organizations are increasingly turning to Microsoft as a cornerstone of their security strategy. At Trustwave, we have been at the forefront of this trend, partnering with Microsoft for years to deliver unparalleled security solutions and outcomes for our clients. Microsoft 365 E5 has become a compelling option for many organizations due to its robust suite of productivity tools and integrated security features.

Trustwave Managed Vulnerability Scanning Shines a Light on Vulnerabilities

The digital landscape constantly shifts, presenting exciting opportunities and lurking threats for businesses of all sizes. In this ever-evolving environment, maintaining a secure network is no longer a luxury; it's a necessity. However, achieving true security requires more than just firewalls and antivirus software. It demands a comprehensive understanding of your network's vulnerabilities – the chinks in your digital armor that attackers could exploit.

Sentinels of Ex Machina: Defending AI Architectures

The introduction, adoption, and quick evolution of generative AI has raised multiple questions about implementing effective security architecture and the specific requirements for protecting all aspects of an AI environment as more and more organizations begin using this technology. Recent security reports on vulnerabilities that expose Large Language Model (LLM) components and jailbreaks for bypassing prompting restrictions have further shown the need for AI defenses.

Placing Threat Groups Under a Microscope: Lapsus$

This report is the first in a series of blogs that will delve into the deep research the SpiderLabs Threat Intelligence team conducts daily on the major threat actor groups currently operating globally. The information gathered is part of a data repository to help SpiderLabs identify possible intrusions as it conducts threat hunts, vulnerability scans, and other offensive security tasks.

CISA-FBI Issue Security Warning for Chinese-Manufactured Drones

Drones are becoming ubiquitous. They are sold as toys, used in industry, and as weapons of war, so the possibility of one becoming co-opted by a threat actor could result in severe damage, disruption of services, or data theft. In response, CISA and the FBI released a notification and guidance on Chinese-manufactured unmanned aircraft systems (UAS) aka drones, that could have vulnerabilities enabling data theft or that could facilitate network compromises.