Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Storm-0940 is a Chinese advanced persistent threat (APT) group that has operated since at least 2021, although some evidence suggests involvement in earlier incidents. Known for its complex cyber espionage tactics, this group primarily targets government agencies, military organizations, and critical infrastructure to gain intelligence for political and military advantage. Leveraging an arsenal of techniques ranging from spear-phishing to exploiting software vulnerabilities.

The newly released single largest analysis of cyber attacks across all of 2023 show a strong tie between the use of phishing and techniques designed to gain credentialed access. I’ve stood on the “phishing is a problem” soapbox for many years, attempting to focus the attention of cybersecurity teams on the single largest problem within the organization: the employees that fall for social engineering tactics time and time again.

The holiday season is here, and with it comes the thrill of Black Friday deals and holiday shopping sprees. But it's not just shoppers who are gearing up – cybercriminals are ready to take advantage of the holiday rush, hoping to catch unsuspecting consumers off guard. While Trustwave generally focuses on protecting enterprises from cyberattacks and scams, we feel it’s important to help consumers, as well. After all, many people use work devices for online shopping and accessing social media.

In today’s digital environment, encrypted traffic has become the norm, with over 90% of web communications now utilizing encryption. While this secures data in transit, it has become a blind spot for enterprises, enabling attackers to hide malware within encrypted channels. According to the Q3 2024 Cato CTRL SASE Threat Report, organizations that enable TLS inspection block 52% more malicious traffic than organizations than don’t.

Imagine leaving your car key at a public place, only to drop your keys when exiting the vehicle. Someone picks them up and drives away. They speed through a school zone and are caught on camera. Later, the car is used in a robbery. Now, you’re not only missing your car but also wrongly implicated in criminal activities.

Blind Cross-Site Scripting is a type of Cross-Site Scripting attack in which the injected script is executed in the context of another page and different circumstances compared to the page in which it was inserted. Blind XSS differs from regular XSS attacks as the attacker cannot see the effect of the injected script in his or her browser since the script is executed in a place that the attacker can not access.

The IT industry has seen an unshakable surge in malware attacks. According to SonicWall’s 2022 Cyber Threat Report, almost 2.8 billion malware attacks were detected in 2022. Approximately 30% of these malware attacks were carried out using emails containing malicious links and attachments. On June 10, 2022, one such malware, Dark Crystal, also known as DCRat, jolted Ukraine. It is a remote access Trojan (RAT) that has been receiving regular upgrades and new modules since 2018.

Subdomain takeovers pose a significant and often overlooked threat to website security. In today's digital age, almost every business has a website to promote, inform, and provide resources to visitors. Websites that use multiple subdomains risk exposing themselves to cyberattacks. Subdomain takeovers can lead to data breaches and reputational damage. However, these risks can be minimized with the right strategies, and your organization can stay protected.

A threat actor sends an email to a user at an organization claiming to be from the IT department. They need a password to a critical application, and the email is convincing – it mentions aspects of the application that would only be known to the user, it brings up a recent update email that was sent out company wide, and it even closes with a friendly, “Hope to see at next week’s happy hour!” in the sign-off.