Security practitioners may know about common command-and-control (C2) frameworks, such as Cobalt Strike and Sliver, but fewer have likely heard of the so-called Chinese sibling framework “Manjusaka” (described by Talos in an excellent writeup). Like other C2 frameworks, we studied the Manjusaka implant/server network communications in our lab environment, and here we document some of the detection methods available. We have also open-sourced the content we describe.

As a direct result of COVID-19 burnout, the ongoing Great Resignation trend might be impacting healthcare more than any other industry. Research shows that healthcare has already lost an estimated 20% of its workforce over the past two years. This turnover is happening top-to-bottom throughout organizations. Doctors are switching between hospitals, administrative staff are leaving the industry, and technology teams are being lured away by higher paying jobs in other sectors.

Trustwave’s new MDR offerings garnered recognition from IDC as differentiated due to the inclusion of Security Colony as part of the offering. Security Colony, now bundled in with Trustwave MDR offerings, is a Resource Library of 400+ documents derived directly from real-life consulting engagements with clients. The project deliverables have been anonymized and made available to clients.

CrowdStrike today unveiled the next evolution of CrowdStrike’s industry-first IOAs: artificial intelligence (AI)-powered IOAs.

We measure and test things that are important in our lives, from credit scores to blood pressure. For cybersecurity, testing threat protection defenses is an expected benchmark. Netskope recently completed a set of anti-malware tests with AV-TEST, an independent anti-malware testing lab based in Germany with one of the world’s largest databases of malware samples. Every second, AV-TEST discovers four to five new malware variants.

In July 2022, Microsoft disclosed a vulnerability in the Windows Server Service that allows an authenticated user to remotely access a local API call on a domain controller, which triggers an NTLM request. This results in a leak of credentials that allows an attacker to authenticate to Active Directory Certification Services (ADCS) and to generate a client certificate that enables remote code execution on a domain controller.

CrowdStrike is always looking for innovative ways to improve detection content for our customers. We believe a multifaceted approach that combines customer input, standardized testing and internal research is necessary to stop breaches today and in the future. At CrowdStrike, we never rest, because neither does the adversary.

Frost & Sullivan analysts investigated 70 market participants and recognized Trustwave as one of 15 Innovators in the field. The report noted that Trustwave’s Fusion platform allows clients to manage and view their cybersecurity status, and elite SpiderLabs are driving factors behind being honored. “Trustwave Fusion, a security operations platform that integrates and enriches data from over 750 third-party sources, including cloud, network, endpoints, and email.