An offensive security program is an excellent component of a mature cybersecurity program, but kicking off that process can be overwhelming for some organizations. After all, offensive security has several components, such as Penetration Testing, Red Team exercises, incorporating threat intelligence, etc., so it can be hard to decide where to start. The answer to this dilemma starts with Managed Vulnerability Scanning (MVS).

ALPHV, also known as BlackCat or Noberus, is a sophisticated ransomware group targeting critical infrastructure and various organizations, including being the most active group used to attack the financial services sector. ALPHV first appeared in November 2021 and operates on a Ransomware-as-a-Service (RaaS) model, allowing affiliates to use its malware for their own attacks in exchange for a cut of the ransom payments.

IT teams are the unsung heroes of today’s fast-paced digital world, tirelessly toiling behind the scenes to keep data safe and systems running smoothly. One tool that’s presented a major shift for many IT departments is the Microsoft Defender Suite. Let’s explore how this powerful suite of tools is transforming IT security and making life easier for IT professionals.

For companies with the Microsoft 365 E3 license, the decision on whether to upgrade to 365 E5 is likely taken into consideration, and security should certainly be included. With E5, companies will likely find security upgrades in three key areas: identity management, endpoints, and cloud. So says David Broggy, Trustwave's Senior Solutions Architect, Implementation Services, and a 2024 recipient of the Microsoft MVP Award, in a recent webinar on transitioning from Microsoft E3 to E5.

Phishing remains the favored and most successful method of obtaining an initial foothold in a targeted organization. So it should come as no surprise that threat actors have developed turnkey solutions that enable even low-skilled hackers to conduct successful email attacks.

Financial services organizations already face a dizzying array of external threats, but just as dangerous and often harder to spot are the threats posed by people inside their firm, according to the Trustwave SpiderLabs' Financial Services Deep Dive: Insider Threat. The report noted that insider threat attacks have become more common over the past year, with 40% of organizations reporting more frequent insider threat attacks compared to previous years.

The 2024 Trustwave Risk Radar Report: Financial Services Sector underscores the escalating threat landscape facing the industry. Deepfakes, highly realistic synthetic media, and the increasing adoption of cryptocurrencies are providing cybercriminals with new avenues to compromise financial institutions. These emerging threats are augmenting the already prevalent ransomware and phishing campaigns, creating a complex and dynamic threat environment.

Around two years ago, memN0ps took the initiative to create one of the first publicly available rootkit proof of concepts (PoCs) in Rust as an experimental project, while learning a new programming language. It still lacks many features, which are relatively easy to add once the concept is understood, but it was developed within a month, at a part-time capacity.

In the ever-evolving field of information security, curiosity and continuous learning drive innovation. This blog series is tailored for those deeply engaged in experimental projects, leveraging Rust's capabilities to push the boundaries of what's possible. The focus on Rust, after exploring various programming languages, has led to the creation of several cutting-edge projects that are highlighted in this report.

The Security of Critical Infrastructure (SOCI) Act in Australia mandates that organizations operating within critical infrastructure sectors implement robust cybersecurity measures to protect against an increasingly diverse and sophisticated range of cyber threats. These sectors, which include energy, water, communications, healthcare, transport, and other essential services, are vital to national security, public safety, and economic stability.