Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Trustwave is proud to announce that Gartner has named us as a Representative Vendor in the 2025 Gartner Market Guide for Digital Forensics and Incident Response (DFIR) Retainer Services. This is the sixth time Trustwave has been placed as a Representative Vendor in the Market Guide DFIR six times since the report's inception.

CVE-2024-7348, which was discovered by Noah Misch, is a race condition vulnerability affecting multiple versions of PostgreSQL when using the `pg_dump` utility. An attacker with sufficient privileges can exploit this vulnerability to execute arbitrary SQL commands with the permission of the user, which is typically a superuser, running the dump.

It seems everyone loves phishing attacks. Trustwave's Ed Williams, Vice President of SpiderLabs, during a recent Trustwave webinar, discussed the ongoing threat posed by the increasingly sophisticated phishing incidents that remain the primary vector for initial access in cyberattacks. What Williams interestingly noted was that threat actors are not the only group using phishing to gain access to organizations.

A threat actor once again proved the importance of enforcing strict password management practices by torpedoing a 158-year-old UK transportation company by hacking a password and then effectively shutting it down with ransomware. According to published reports, the threat group Akira gained access to KNP's system in June when it was able to determine a single employee's password. Once access was gained, Akira injected ransomware, which shut down the network and encrypted access to its files and backups.

Managed Detection and Response (MDR) solutions have been available for more than 20 years, but despite this level of longevity, there remains confusion about what programs qualify as true MDR. Despite having a long track record of widespread use and success, there is still a great deal of confusion among current and potential MDR clients about what an MDR provider should deliver to keep an MDR client secure.

Aligning with the Australian Government’s Information Security Manual (ISM) and the Essential Eight (E8) remains a foundational step for organizations working with or alongside government agencies. Trustwave’s Essential Eight Control Effectiveness Assessment is a great first step, but relying solely on compliance as a goal can leave security programs stagnant.

Two critical zero-day vulnerabilities in the Microsoft SharePoint Server environment, CVE-2025-53770 (9.8 CVSS score) and CVE-2025-53771 (6.5 CVSS score), are being actively exploited by threat actors to compromise vulnerable on-premises SharePoint servers. The two new vulnerabilities are part of a complex attack chain dubbed “ToolShell”, which grants threat actors access to unpatched SharePoint servers’ content and the ability to execute code over the network.

Recognizing the need to better protect organizations that rely on operational technology (OT), Trustwave is advancing its OT security services portfolio. Trustwave now delivers end-to-end visibility and threat response across IT and OT environments, enabling better detection, investigation capabilities, and response to threats targeting critical infrastructure by being integrated Trustwave’s Co-Managed SOC and penetration testing services.

In our latest report Data Pirates' Toolkit (Leveraging SQLmap for Unearthing Digital Gold), we take a comprehensive look at a tried-and-tested cyberattack methodology that threat actors can use to unlock sensitive and critical data from unsecured databases: SQL injection (SQLi) attacks.

It’s a well-known fact that threat actors use stolen personal data for many purposes ranging from launching phishing attacks, gaining access to an employer, or very commonly using credit card information to make purchases. What has also become somewhat common in the last eight or so years is using stolen information to support grander illegal enterprises like supplying air and hotel travel at heavily reduced prices via dark web travel agencies.

Dark web travel agencies have emerged as one of the more sophisticated and lucrative operations within the underground economy. As mentioned in the Wall Street Journal's coverage of Trustwave’s research, these shadowy enterprises offer dramatically discounted flights, luxury hotel stays, rental vehicles, and entire vacation packages, all facilitated through stolen credit card information, compromised loyalty program accounts, and forged identification documents.

For many organizations, especially those in industries like automotive manufacturing, navigating escalating cyber threats and meeting stringent insurance requirements is no simple endeavor. This is where a robust solution like Trustwave Managed Detection and Response (MDR) can make all the difference.

Malicious APKs (Android Package Kit files) continue to serve as one of the most persistent and adaptable delivery mechanisms in mobile threat campaigns. Threat actors routinely exploit social engineering and off-market distribution to bypass conventional security controls and capitalize on user trust to steal a variety of data, such as log in credentials.

The EU’s Digital Operational Resilience Act (DORA) establishes a unified regulatory framework to ensure financial institutions can withstand and recover from IT disruptions. As a cornerstone of operational resilience, secure and compliant database environments are critical to safeguarding sensitive financial data and maintaining regulatory alignment.

Trustwave is making Executive Business Reviews (EBR) available to its client base. EBRs are a methodology designed to deepen Trustwave's already strong client relationships by helping clients stay informed as to their current security status, regional and sector-related threats, security costs and optimization opportunities.

KAWA4096, a ransomware whose name includes "Kawa", the Japanese word for "river", first emerged in June 2025. This new threat features a leak site that follows the style of the Akira ransomware group, and a ransom note format similar to Qilin’s, likely an attempt to further enrich their visibility and credibility. In this blog post, we’ll share key insights from an analyzed KAWA4096 sample to uncover how this ransomware operates and what sets it apart.

Phishing remains the number one method attackers use to gain initial access to organizations. That makes your workforce the front line of defense and your ability to identify, neutralize, and respond to phishing attempts is more critical than ever. Trustwave’s Managed Phishing for Microsoft is a service designed specifically for organizations leveraging Microsoft Office 365 and Defender for Office (E5 or equivalent).

Aligning with the Australian Government’s expectations for cybersecurity can present challenges, especially for organizations unfamiliar with the frameworks in use. For those looking to work with or support government programs, understanding how systems are assessed against the Information Security Manual (ISM) is critical. The ISM, maintained by the Australian Signals Directorate (ASD), sets out cybersecurity principles to guide the protection of government information and systems.

The Trustwave’s SpiderLabs’ 2025 Risk Radar Report: Technology Sector highlights a persistent and evolving threat landscape, emphasizing that while the tech industry leads in digital offerings, it often lags in information security. Transitioning from a reactive to a proactive cybersecurity posture is no longer an option, but a necessity.

Trustwave has significantly enhanced its Microsoft Azure Marketplace offering with the addition of three security solutions that will help clients meet their Microsoft Azure Consumption Commitment (MACC). Starting immediately, Trustwave MXDR for Microsoft, MXDR Elite for Microsoft with Co-Managed SOC, and MailMarshal with Microsoft O365 are Azure Benefits Eligible in the Microsoft Azure Marketplace.

While selling technology or services to the U.S. Federal Government offers a tremendous opportunity, it also involves navigating complex requirements—especially in the area of cybersecurity. Federal agencies handle sensitive data and demand the highest levels of security assurance. This is where the Federal Risk and Authorization Management Program (FedRAMP) comes in, acting as the crucial gatekeeper for cloud services used by the government.

As organizations continue to face an increasing number of sophisticated threats that require advanced managed detection and response capabilities, Trustwave has developed a series of solutions to help maintain a high level of security. One such solutions is Trustwave’s Managed Extended Detection and Response (MXDR) with Co-Managed Security Operations Center (SOC) offering.

On July 3, 2025, Qantas confirmed in an update statement that a cyber incident had compromised data from one of its contact centers, following the detection of suspicious activity on June 30. The breach didn’t strike at the heart of Qantas’ systems; it snuck in through a third-party provider. The attack allegedly exposed the data of 6 million Qantas customers. Figure 1. Qantas’ latest statement posted on July 3, 2025.

Just a recap - Trustwave in no way endorses ransom payments. We believe the best way to deal with a ransomware situation is to: A: Create a strong defensive posture that will deter, if not stop, an attack. B: Have in place a solid and well-practiced incident response plan that includes backups so an organization can quickly recover from any attack.

Just a recap - Trustwave in no way endorses ransom payments. We believe the best way to deal with a ransomware situation is to: A: Create a strong defensive posture that will deter, if not stop, an attack. B: Have in place a solid and well-practiced incident response plan that includes backups so an organization can quickly recover from any attack.

The 2025 Trustwave Technology Risk Radar Report highlights ransomware as a major and persistent threat within the technology sector that shows no signs of abating as new ransomware-focused threat groups are constantly appearing.

As CEO of Trustwave, I’m excited to share a pivotal development in our journey to deliver world-class cybersecurity to our clients: Trustwave has signed a definitive agreement to be acquired by LevelBlue, a global leader in AI-driven managed security services. This marks a significant milestone not only for our company but for the entire cybersecurity industry, as it brings together two recognized innovators to create the world’s largest pure-play Managed Security Services Provider (MSSP).