Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In March 2025, several US federal agencies issued a joint warning on the phishing-based, ransomware-as-a-service (RaaS) threat group Medusa and are encouraging organizations to implement mitigations to reduce the likelihood of being impacted by an attack.

The concept of “principle of least privilege” has been around for a long time. In fact, it is older than me; there are papers from the 70s that discuss it: “Every program and every user of the system should operate using the least set of privileges necessary to complete the job.” (The protection of information in computer systems, Saltzer and Schroeder, 1974).

With the multiple regulations regarding information security entering into force over the past two years, 2025 marks a new era for organizational compliance.

This is a guest post from Cliff Thoburn, Head of Intelligence at RMI Global Solutions. RMI is recognized by the oil, gas, and broader energy industry on and offshore as experts in the threats and risks that face the spectrum of this key industry worldwide. The cybersecurity risks nation-state actors pose to the energy sector through insider threats are well documented.

Trustwave has created a technology partnership with Devo, a unified Security Information and Event Management (SIEM) provider, to offer a next-generation Managed Extended Detection and Response (MXDR) solution called Trustwave MXDR with Co-Managed SOC for Devo. This collaboration will enable organizations to leverage a powerful SIEM platform without the complexities and costs associated with owning and managing the technology.

In Part 1 of Fort Knox for Your Data: How Elasticsearch X-Pack Locks Down Your Cluster, we uncovered the dangers of running Elasticsearch with X-Pack disabled and thus, highlighting the ease with which attackers can exploit unauthenticated endpoints. Now, in Part 2, we will explore the other security features of X-Pack beyond authentication.

Picture this: an always-awake, never-tired, high-speed librarian that instantly finds the exact information you need from a massive collection of books. This extraordinary librarian is also capable of processing millions of requests simultaneously, understands partial or misspelled words, and even predicts what you’re looking for before you finish asking.

Trustwave's recent completion of the FedRAMP authorization process increases our ability to provide exceptional service to the federal government, the defense industrial base, and those with Cybersecurity Maturity Model Certification (CMMC) requirements, especially with a cloud service offering. Working with the federal government is hardly new for Trustwave.

The Trustwave SpiderLabs research 2025 Trustwave Risk Radar Report: Manufacturing Sector takes a global view of the cybersecurity issues facing this vertical, but it’s also important to examine how and if different regions are specifically impacted.

Financial institutions are robbed in innumerable ways. Gunmen conduct physical attacks on bank branches; people commit credit card fraud; hackers attempt to break into ATMs and force them to spit out thousands of dollars, while other threat actors seek to bypass these small-scale incidents and go for millions via a cyberattack. After all, why steal a couple of thousand dollars, pounds, or Euros if you can attempt to blackmail an organization for millions, steal and sell its data, or a little bit of both?