Trite old sayings aside, practice works. Sports teams and the armed forces understand that ensuring everyone knows their role and has practiced it until they can do the job in the dark with their eyes closed is the only way to guarantee the proper reaction when it’s time to go to work. The same should hold true for an organization preparing for any type of emergency, ranging from a power outage, natural disaster, or cyberattack.

Attack surface management is certainly a concern for most organizations, but being top of mind does not mean it's easy for organizations to understand or implement. Unfortunately, there are many misconceptions about how hard managing one's attack surface is, so let's deal with five of the most common fallacies. The fact is attack surface management is a lot easier said than done and to be effective, attack surface management demands a strong base of 'cyber hygiene'.

Managed vulnerability scanning is a cybersecurity service that uses software, vulnerability scanners, human-led and automated penetration testing, and other tools to help an organization identify, track, evaluate, and mitigate security risks both inside their network and connected external sources. Even organizations with the most sophisticated information technology security professionals are challenged when dealing with the hundreds of new threats released into the wild each month.

As is tradition with my blog posts, let’s start off a definition of what HTTP pipelining is all about. “HTTP pipelining is a feature of HTTP/1.1 which allows multiple HTTP requests to be sent over a single TCP connection without waiting for the corresponding responses. HTTP/1.1 requires servers to respond to pipelined requests correctly, with non-pipelined but valid responses even if server does not support HTTP pipelining.

Information disclosed in the leaked NTC Vulkan papers allows us to investigate the high probability of cooperation between the Russian private software development company and the Russian Ministry of Defense, namely, the GRU (Sandworm), and possibly others.

SC Media and SC Media Europe have named two of Trustwave’s premiere products, DbProtect and MailMarshal, as a finalist in several award categories the cybersecurity media outlet plans to announce this summer. For 26 years, the SC Awards program has been cybersecurity’s most prestigious and competitive program, recognizing the solutions, organizations, and people driving innovation and success in information security.

Over the past few days, we have seen phishing attacks that use a combination of compromised Microsoft 365 accounts and.rpmsg encrypted emails to deliver the phishing message. At this stage, we are exploring and uncovering different aspects of this campaign and will share here some of our observations to date.

For those wondering what GraphQL is… “GraphQL is a query language for your API, and a server-side runtime for executing queries using a type system you define for your data. GraphQL isn't tied to any specific database or storage engine and is instead backed by your existing code and data.”

For the second year in a row, Trustwave Government Solutions President Bill Rucker was honored by Meritalk with its Cyber Defenders Award. Rucker earned this award, from the federal government IT news and events provider, for driving innovation, advancing the nation’s cybersecurity, and making significant contributions across cyber programs in Federal IT.

A user impersonation feature typically allows a privileged user, such as an administrator, but typically these days, support teams, to sign into an application as a specific user without needing to know the user’s password. This feature allows support teams to see the application as the user would see it, often in relation to following a user journey in the context of that user, in order to see the same error message a user is receiving with a view to resolving the issue.