ISG recognized Trustwave as a Rising Star in Managed Security Services for Large Accounts in its recently released Provider Lens™ Quadrant Report on Cybersecurity Solutions & Services report. The ISG research evaluates strengths, challenges, and competitive differentiators across cybersecurity providers and solutions, and serves as a resource for IT decision makers tasked with improving the cyber resilience of their organizations.

During a recent engagement, Trustwave SpiderLabs discovered an Indirect Object Reference (IDOR) vulnerability within Squiz Matrix CMS which would allow any low privileged user to change the contact details of any other user on a Squiz Matrix instance (including administrators). An attacker exploiting the vulnerability could change an administrator’s email address to an attacker-controlled email address after which the attacker could reset the administrator’s password.

As organizations go about their regular routine of finding and adding new technologies to help increase their overall success, each organization must keep in mind the security implications of each move, along with the fact that much of their current technology stack has to be maintained with a well-thought out and quickly implemented patching program.

Observing the ongoing conflict between Russia and Ukraine, we can clearly see that cyberattacks leveraging malware are an important part of modern hybrid war strategy. Reports from Trustwave and other security researchers show that Russian cyberattackers have maintained pressure on Ukraine throughout the conflict. This article covers malware that has been used against organizations in Ukraine to destroy systems and data or gain control over targeted systems for surveillance and data staling.

Oracle Communications Session Border Controller (SBC) is one of the most popular products worldwide that helps service providers deliver trusted, carrier-grade, real-time communications such as VoLTE, VoIP, video conferencing and calling, presence, IM, and IPTV. Harold Zang, Senior Technical Security Specialist and Jeremy Nunn, Security Specialist at Trustwave SpiderLabs, identified three vulnerabilities in the Oracle SBC.

Cybersecurity is just a word, but that word is the entry way into an incredibly complex world filled with an alphabet soup-level of acronyms, connected to thousands of terms that help define the category. To help make it easier to understand the latest terminology to better your knowledge of what is happening in the cyber world, Trustwave Government Solutions has created a handy online glossary.

Observing the ongoing conflict between Russia and Ukraine, we can clearly see that cyberattacks leveraging malware are an important part of modern hybrid war strategy. While conventional warfare is conducted on the battlefield and limited by several factors, cyber warfare continues in cyber space, offering the chance to infiltrate and damage targets far behind the frontlines. Russia utilized cyberattacks during the initial phase of the invasion in February.

Protecting healthcare-related data requires a special level of technological and human support where the two support and interact with each other in harmony. Trustwave delivers this protection through its integration with Microsoft Azure Sentinel Security Information and Event Management (SIEM) solution allowing healthcare organizations to focus on caring for their patients while we protect their environment.

Deploying security automation is hard if the criteria for success is beyond the scope of ticketing workflow. But the barrier of automation deployment has never been lower with the advent of so many Security Orchestration, Automation, and Response (SOAR) platforms now available to select from in the market and how attractive purchasing automation in a box (or in the cloud) is.

Trustwave’s new MDR offerings garnered recognition from IDC as differentiated due to the inclusion of Security Colony as part of the offering. Security Colony, now bundled in with Trustwave MDR offerings, is a Resource Library of 400+ documents derived directly from real-life consulting engagements with clients. The project deliverables have been anonymized and made available to clients.