In the ever-evolving landscape of malware threats, threat actors are continually creating new techniques to bypass detection. A recent discovery by JPCERT/CC sheds light on a new technique that involves embedding a malicious Word document within a seemingly benign PDF file using a.doc file extension.

Threats that arrive from outside an organization are difficult to deal with, but at least business leaders understand that they exist and prepare a proper defense. However, many managers don’t expect one of their employees to cause a problem from the inside. Sure, there will always be a worker who steals money from the cash register or walks out with a few reams of printer paper, but the true insider threat is much more dangerous. The U.S.

For the seventh consecutive year, Trustwave has been named a Top 10 Managed Security Services Provider by MSSP Alert. Trustwave placed 10th on MSSP's 2023 list, indicating the company's status as an industry leading managed security service provider. MSSP Alert noted that the list identifies and honors the top MSSPs worldwide. The rankings are based on MSSP Alert’s 2023 readership survey combined with the site’s editorial coverage of MSSP, MDR, and MSP security providers.

The Trustwave SpiderLabs team conducted a multi-month investigation into the cyber threats facing the hospitality industry worldwide and has released a detailed report displaying how threat actors conduct attacks, the methodologies used, and what organizations can do to protect themselves from specific types of attacks.

Open-Source Intelligence (OSINT) can be valuable for an organization and penetration testing engagements in several ways. Today, let me highlight two areas: Leaked Credentials and Files. As part of any security engagement, it is ideal, if not essential, that we look up our target’s leaked credentials and files, as many clients do not have a high level of visibility or awareness in this area.

In late August, the FBI took down and dismantled Quakbot, a banking Trojan that primarily spread through spam and phishing emails and has been active and continuously updated since 2008. Trustwave SpiderLabs has tracked Qakbot for years and has worked hard to counter the malware’s efforts, including publicly releasing the encryption algorithm Qakbot used to encrypt registry keys, enabling victims to recover from an attack.

The Trustwave SpiderLabs team conducted a multi-month investigation into the cyber threats facing the hospitality industry worldwide and has released a detailed report displaying how threat actors conduct attacks, methodologies used, and what organizations can do to protect themselves from specific types of attacks.

The Trustwave SpiderLabs team conducted a multi-month investigation into the cyber threats facing the hospitality industry worldwide and has released a detailed report displaying not only how threat actors conduct attacks, methodologies used, but what organizations can do to protect themselves from specific types of attacks.

The human resources firm Brandon Hall Group honored Trustwave for "Best Advance in Corporate Culture Transformation" in its coveted 2023 HCM Excellence Awards™. The Brandon Hall Group Excellence Awards recognize best practices for initiatives in Learning and Development, Talent Management, Leadership Development, Talent Acquisition, Human Resources, Sales Performance, Diversity, Equity & Inclusion, and the Future of Work.

In our previous blog, we found a lot of phishing and scam URLs abusing Cloudflare services using pages.dev and workers.dev domains, respectively. We’re now seeing a lot of phishing emails with URLs abusing another Cloudflare service which is r2.dev.