Welcome to the second part of our investigation into the Rockstar kit, please check out part one here. This blog tackles real-world Rockstar 2FA email examples incorporating noteworthy techniques.

Trustwave SpiderLabs has been actively monitoring the rise of Phishing-as-a-Service (PaaS) platforms, which are increasingly popular among threat actors. In our previous blog, we explored the appeal of these platforms and discussed various major phishing kits today. In this two-part blog, we'll focus on a phishing kit named ‘Rockstar 2FA’ that is linked to widespread adversary-in-the-middle (AiTM) phishing attacks.

Resilience strategies are failing. Despite their known importance, why is it so difficult to implement them effectively? Resilience is not a new concept, but it is one we talk about individually and through the lens of business that is often difficult to demonstrate. In today’s digital world, resilience strategies are being challenged more frequently, include more scope, and are being defeated by intentional and unintentional actions—users, third-party partners, and criminals.

Finding the exact price of any product is now easier than ever. A quick check with your favorite online retailer will show that a GE Profile Dryer goes for $989, a 10-pack of Play-Doh can be had for $7.99, and a loaf of Pepperidge Farm Farmhouse Hearty White Sliced Bread is $3.59. Unfortunately, a glance at certain less legitimate online sites on the Dark Web is just as easy.

While most security professionals recognize the value of penetration testing, they too often conduct pen tests only sporadically – maybe quarterly at best. Pen Testing as a Service (PTaaS) is a way to change that equation, enabling companies to conduct pen tests more regularly, or whenever a particular need arises. That’s important because of the crucial role pen testing plays in providing offensive security –finding problems before bad actors do.

The holiday season starts on Black Friday and is the busiest time of year for retailers, but it’s also a peak period for cybercriminals who look to exploit vulnerabilities in business of all sizes.

The holiday season is here, and with it comes the thrill of Black Friday deals and holiday shopping sprees. But it's not just shoppers who are gearing up – cybercriminals are ready to take advantage of the holiday rush, hoping to catch unsuspecting consumers off guard. While Trustwave generally focuses on protecting enterprises from cyberattacks and scams, we feel it’s important to help consumers, as well. After all, many people use work devices for online shopping and accessing social media.

There is no doubt about the value of conducting Managed Vulnerability Scanning. Trustwave has posted multiple blogs on the topic, (just check here, here, and here) for a look at how Trustwave approaches this very important cybersecurity procedure. One point we have not covered is exactly what kind of vulnerabilities Trustwave SpiderLabs’ analysts find during a scan. Are they truly dangerous? What would happen if the client had opted to give a pass to an MVS occurrence?

Trustwave has been named a Leader in the IDC MarketScape: Asia/Pacific (APAC) Managed Security Services (MSS) 2024 Vendor Assessment (IDC, September 2024) and a Major Player in the IDC MarketScape: Asia/Pacific Professional Security Services 2024 Vendor Assessment (IDC, September 2024). "Trustwave is proud to be recognized as a Leader and a Major Player respectively by the IDC MarketScape in MSS and PSS across APAC", said Trustwave CEO Eric Harmon.

Let’s take a look at how traditional vulnerability assessment (VA) tools compare to those built specifically to assess database security. General vulnerability assessment tools have been in use for more than 25 years, so the technology is mature. However, there are significant differences in the tools available and their specific purposes regarding database security management. Many VA solutions on the market offer general vulnerability assessments, focusing on a wide range of IT assets.