Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Organizations must develop robust programs to manage supply chain risks, both known and unknown, while prioritizing their most critical assets. Often referred to as the "crown jewels", these assets are the most valuable and vital to business success. Supply chain attacks exploit vulnerabilities in the network of suppliers, distributors, and other third-party partners to gain unauthorized access to sensitive data and systems.

The best way to gauge the current state of an organization’s security posture is often with a blunt lesson, and a Red Team exercise might be the bluntest way to rip off the band-aid to see what security problems exist. That concept is the genesis behind the Trustwave SpiderLabs report Healthcare Sector Deep Dive: Unmasking Security Gaps.

Ransomware remains the primary threat the healthcare industry faces. However, threat actors do have a preference when it comes to which segment to attack. Trustwave SpiderLabs’ just released Healthcare Sector Deep Dive: Ransomware Trends and Impact, examines which healthcare sub-industries attract the most attention from threat actors, breaks down which adversarial groups conduct the attacks, and the impact specific attacks had on their victims.

The healthcare industry, with its highly prized electronic health records, a myriad of connected devices, continued use of legacy systems, and expanding telehealth services, is a premier target for threat actors. To properly dissect the issues facing the healthcare industry, Trustwave SpiderLabs has updated its earlier healthcare cybersecurity coverage with the just-released 2025 Trustwave Risk Radar Report: Healthcare Sector - A New Era of Cybersecurity Challenges.

The healthcare industry, with its vast repository of electronic health records, a growing network of connected devices, reliance on legacy systems, and expanding telehealth solutions, continues to be a prime target for cyber threats. To provide deeper insights into these evolving risks, Trustwave SpiderLabs has expanded its healthcare cybersecurity research with the newly released 2025 Trustwave Risk Radar Report: Healthcare Sector - A New Era of Cybersecurity Challenges.

On March 20, a relatively unknown user on Breach Forums posted the allegation that Oracle had suffered a data breach. According to published reports, the attacker claimed that 6 million customer records were exfiltrated from Oracle's SSO and LDAP systems. The threat actor behind the post is allegedly offering to sell the data, providing multiple purchasing options based on company name, hashed credentials, and other sensitive information.

In March 2025, several US federal agencies issued a joint warning on the phishing-based, ransomware-as-a-service (RaaS) threat group Medusa and are encouraging organizations to implement mitigations to reduce the likelihood of being impacted by an attack.

The concept of “principle of least privilege” has been around for a long time. In fact, it is older than me; there are papers from the 70s that discuss it: “Every program and every user of the system should operate using the least set of privileges necessary to complete the job.” (The protection of information in computer systems, Saltzer and Schroeder, 1974).

With the multiple regulations regarding information security entering into force over the past two years, 2025 marks a new era for organizational compliance.

This is a guest post from Cliff Thoburn, Head of Intelligence at RMI Global Solutions. RMI is recognized by the oil, gas, and broader energy industry on and offshore as experts in the threats and risks that face the spectrum of this key industry worldwide. The cybersecurity risks nation-state actors pose to the energy sector through insider threats are well documented.

In Part 1 of Fort Knox for Your Data: How Elasticsearch X-Pack Locks Down Your Cluster, we uncovered the dangers of running Elasticsearch with X-Pack disabled and thus, highlighting the ease with which attackers can exploit unauthenticated endpoints. Now, in Part 2, we will explore the other security features of X-Pack beyond authentication.

Trustwave has created a technology partnership with Devo, a unified Security Information and Event Management (SIEM) provider, to offer a next-generation Managed Extended Detection and Response (MXDR) solution called Trustwave MXDR with Co-Managed SOC for Devo. This collaboration will enable organizations to leverage a powerful SIEM platform without the complexities and costs associated with owning and managing the technology.

Picture this: an always-awake, never-tired, high-speed librarian that instantly finds the exact information you need from a massive collection of books. This extraordinary librarian is also capable of processing millions of requests simultaneously, understands partial or misspelled words, and even predicts what you’re looking for before you finish asking.

Trustwave's recent completion of the FedRAMP authorization process increases our ability to provide exceptional service to the federal government, the defense industrial base, and those with Cybersecurity Maturity Model Certification (CMMC) requirements, especially with a cloud service offering. Working with the federal government is hardly new for Trustwave.

The Trustwave SpiderLabs research 2025 Trustwave Risk Radar Report: Manufacturing Sector takes a global view of the cybersecurity issues facing this vertical, but it’s also important to examine how and if different regions are specifically impacted.

Financial institutions are robbed in innumerable ways. Gunmen conduct physical attacks on bank branches; people commit credit card fraud; hackers attempt to break into ATMs and force them to spit out thousands of dollars, while other threat actors seek to bypass these small-scale incidents and go for millions via a cyberattack. After all, why steal a couple of thousand dollars, pounds, or Euros if you can attempt to blackmail an organization for millions, steal and sell its data, or a little bit of both?

During an Advanced Continual Threat Hunt (ACTH) investigation in early February 2025, Trustwave SpiderLabs discovered a resurgence of fake CAPTCHA verifications designed to deceive victims into executing malicious PowerShell scripts. This campaign employs a multi-stage PowerShell execution process, ultimately delivering infostealers such as Lumma and Vidar.

Organizations today face a growing volume of data and alerts while dealing with tight budgets and vulnerable legacy systems. Which is why they need the security partners with the right tools that can help them make the correct security choice for their environment, and this is where Trustwave Microsoft Security Threat Protection and Sentinel Engagements (also referred to as Modern Work and Modern SecOps) come into play.

Infostealers have dominated the malware landscape due to the ease of threat operations maintenance, and a wide group of potential victims. In this blog, we take a closer look at a unique infostealer designed to precisely target a narrow data set on systems located in chosen geographic locations. The Strela Stealer (rus. Cтрела, lit. 'Arrow') is an infostealer that exfiltrates email log-in credentials and has been in the wild since late 2022.

As noted in the just-released Trustwave SpiderLabs report, 2025 Trustwave Risk Radar Report: Manufacturing Sector, modern manufacturing systems are increasingly interconnected, creating fertile ground for cybercriminals. The report details the weaknesses attackers exploit in infrastructure, workers, and the digital supply chain. Among the various tactics observed, vulnerability exploitation stood out due to its prevalence and potential impact.

Trustwave has engaged with hundreds of enterprise customers across Australia and worldwide, and one overarching theme continues to emerge. Cybersecurity is no longer an IT problem; it is a core business concern. Executives, board members, procurement teams, and even marketing departments are beginning to realize that security is not just about preventing breaches but about establishing trust, enabling business, and gaining competitive advantage.

This post is the third part of our blog series that tackles the Russia-Ukraine war in the digital realm. In this installment, we take a look at how both countries disrupted operations and services in the telecommunications, critical infrastructure, and technology sectors.

The following is a guest blog by Lisel Newton, Executive Director, Information Security, Risk & Compliance at Gossamer Bio. When it comes to cybersecurity, too many companies treat offensive security measures, such as Red Team exercises and penetration testing, as mere compliance checkboxes. Gossamer Bio, however, prioritizes offensive security as an integral component of our proactive defense strategy rather than just a regulatory requirement.

Generative AI (GenAI) is transforming the cybersecurity landscape, requiring Chief Information Security Officers (CISOs) and their teams to adapt quickly to both opportunities and challenges, according to the Gartner report 4 Ways Generative AI Will Impact CISOs and Their Teams. As organizations integrate GenAI into business processes, it is critical to secure not only the technology’s development but also its consumption across the enterprise.