Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising

During an Advanced Continual Threat Hunt (ACTH) investigation that took place in early December 2023, Trustwave SpiderLabs discovered Ov3r_Stealer, an infostealer distributed using Facebook advertising and phishing emails. SpiderLabs’ “Facebook Advertising Spreads Novel Malware Variant,” is an in-depth dive into Ov3r_Stealer, exposing what the Threat Hunt team learned about the threat actors, their techniques, tactics, and procedures and how the malware functions.

Trustwave MailMarshal Now Available on the Microsoft Azure Marketplace

Trustwave MailMarshal is now listed on the Microsoft Azure Marketplace, an online store for solutions that are built on or built for Azure and intended for IT professionals and developers. Trustwave MailMarshal joins an illustrious list of IT software applications and services built by industry-leading technology companies.

Federal Water and Wastewater Security Incident Response Guide Falls Short

This week, federal guidelines were published to assist owners and operators in the water and wastewater systems (WWS) sector on best practices for cyber incident response. Guideline are great, but they are just suggestions unless there are the resources for the WWS operators to enable them and some form industry monitoring to ensure they are met.

Trusted Domain, Hidden Danger: Deceptive URL Redirections in Email Phishing Attacks

In this ever-evolving landscape of cyberthreats, email has become a prime target for phishing attacks. Cybercriminals continue to adapt and employ more sophisticated methods to effectively deceive users and bypass detection measures. One of the most prevalent tactics nowadays involves exploiting legitimate platforms for redirection through deceptive links.

Spoofing 802.11 Wireless Beacon Management Frames with Manipulated Power Values Resulting in Denial of Service for Wireless Clients

This is another one of those blog posts from me about how I independently carried out some security research into a thing and found something, but I was just too late to the party once again . However, I want to share the journey because I still think there is some value in doing so.

Trustwave SpiderLabs Detects Spike in Greatness Phishing Kit Attacks on Microsoft 365 Users

Trustwave SpiderLabs is tracking a spike in usage of the Greatness phishing kit to attack Microsoft 365 users to distribute malicious HTML attachments that steal login credentials. Greatness is a phishing-as-a-service platform developed by a threat actor known as "fisherstell," and has been available since mid-2022 that provides a ready-made infrastructure and tools for anyone to launch phishing campaigns charging $120 per month in Bitcoin.

Trustwave's Best Practices for Protecting Against Mother of all Data Breaches

The discovery of what has been dubbed the Mother of all Data Breaches (MOAB), reportedly containing 12TB or 26 billion records representing 3,800 separate data breaches, should remind everyone of the need to maintain strong passwords and change default credentials.

Let's Get Physical with Security Requirements

Not every criminal illegally entering a business is looking to steal cash, equipment, or merchandise; some are looking to take something a bit more ephemeral. This scenario is particularly true for organizations, such as offices, insurance offices, or law firms not traditionally targeted by your everyday, run-of-the-mill burglar. The threat actors are out for information, giving them access to the organization’s network, which can lead to serious damage.

Fake Biden Robocall Demonstrates the Need for Artificial Intelligence Governance Regulation

The proliferation of artificial intelligence tools worldwide has generated concern among governments, organizations, and privacy advocates over the general lack of regulations or guidelines designed to protect against misusing or overusing this new technology.