Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A new flaw in AMD's Zen 2 processors is detailed in this blog post (archive.org snapshot) today, July 24, 2023. The 'Zenbleed' flaw affects the entire Zen 2 product stack, from AMD's EPYC data center processors to the Ryzen 3000 CPUs, and can be exploited to steal sensitive data stored in the CPU, including encryption keys and login credentials.

A new social engineering campaign tracked as “FakeSG” is distributing the NetSupport remote access Trojan (RAT) via phony browser updates, according to researchers at Malwarebytes. The campaign is similar but distinct from the widespread “SocGholish” campaign, which also uses fake browser updates to deliver NetSupport.

Security leaders today are facing a number of challenges, including a rise in the number of breaches, a need to accommodate remote work and networking requirements to replace MPLS networks. In this new blog post, we share insights about this new reality by David Holmes, Senior Analyst at Forrester, as well as an in-depth explanation about the security stack that can help. You can watch the webinar this blog post is based on here.

The National Industrial Security Program (NISP), the authority within the United States for access to classified data by government contractors. Have outlined requirements to ensure continued availability and integrity of classified data, and prevent its unauthorised disclosure. The operating manual (NISPOM) affects all government agencies and commercial contractors who have access to classified data.

Trustwave has achieved supplier status with Bridgepointe, a tech advisory firm that helps mid-market and enterprise companies transform tech investments into unrivaled business results. The Bridgepointe deals connects Trustwave to Bridgepointe’s expansive network to provide Trustwave security consulting, managed detection and response, threat hunting, co-managed SOC, database security, and email security services to their set of clients.

For more than two decades, virtual private networks (VPNs) have been the go-to technology for enterprise remote access — and by extension, for enforcing remote access security. Even ubiquitous internet connections are often redirected via VPN to a central data center, where security enforcement occurs through various hardware appliances. From there, the traffic is forwarded onward to the internet. Of course, it must follow the same indirect path back on the response side.

Generative AI, the transformative technology causing a stir in the global tech sphere, is akin to an enthralling narrative with its charming allure and consequential dark underbelly. Its most notable impact is forecasted in the realm of identity proofing, creating ripples of change that demand our immediate attention.

In the modern, cloud-first era, traditional data protection technology approaches struggle to keep up. Data is rapidly growing in volume, variety, and velocity. It is becoming more and more unstructured, and therefore, harder to detect, and consequently, to protect.