CDK Global, a company that provides software for thousands of auto dealers, was hit by back-to-back cyberattacks on June 19. These attacks led to an outage that continued to impact many of their sales operations on Friday, according to the Associated Press. CDK told multiple news outlets that it is "actively investigating a cyber incident," and the company shut down all of its systems out of an abundance of caution.

Trustwave SpiderLabs, in its just-released report 2024 Professional Services Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies, has uncovered an increasing number of ransomware, third-party supplier, and technology-based attacks targeting the professional services sector.

Recent research by Trustwave SpiderLabs, detailed in their newly published report "2024 Professional Services Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies," reveals a surge in ransomware, supply chain, and technologically sophisticated attacks aimed at the professional services industry.

Atlas Oil, a major player in the oil and fuel distribution industry, fell victim to a ransomware attack orchestrated by the Black Basta group. This attack not only compromised sensitive company data but also exposed a variety of documents that could potentially harm the company’s operations and reputation. Overall, Black Basta claims to have exfiltrated approximately 730 GB of data.

(A thought from The Matrix: Neo likely used a SIEM before he took the red pill and could see the matrix without one...) One of the best ways to monitor security-related activities for your organization is to collect audit logs from every network device and analyze those logs for activities which violate acceptable behavior. This is precisely the role of a SIEM or Security Information and Event Manager. Let me simplify your life by providing some best practice suggestions for deploying and using a SIEM.

As businesses engage in increasingly complex and interdependent relationships, ensuring all parties maintain high cybersecurity standards becomes essential. One method to achieve this is using security scores, which are similar to personal credit scores, and assessing the efficacy of an organization's cybersecurity program. However, there are certain changes and additions that should be made to how scoring is conducted that will ensure a more accurate scores, which will benefit stakeholders at all levels.

Knowing what you don’t know is the key to keeping an organization safe and the best method of doing so is with an offensive security approach that includes vulnerability scanning. By being proactive one can identify exploitable weaknesses in your own systems before malicious actors can. Here's why vulnerability scanning is an essential part of any offensive security solution: Vulnerability scanning is just one piece of the offensive security puzzle, but it's a crucial one.

In June 2010, Trustwave acquired Breach Security, which brought with it the popular Open-Source Web Application Firewall ModSecurity for Apache. At that time, Trustwave relicensed the code under the Apache license. This relicensing allowed more public participation in the project, and 2012 saw the release of an IIS port from Microsoft and a port for Nginx.

The adage "data is the new oil" doesn't resonate with everyone. Personally, having grown up around cars thanks to my dad, a master mechanic, I see oil as messy and cumbersome. Data, in my view, is more akin to bacon—universally enjoyed and valuable in various forms; everyone wants it and will go to great lengths to have an extra helping, maybe even pushing a sibling's arm out of the way to get the last piece.

Comparably, the leading workplace culture and compensation monitoring employee review platform has recognized Trustwave with two major awards: 2024 Best Companies for Career Growth and 2024 Best Leadership Teams. Trustwave is honored to be ranked 11th on Comparably's list of large organizations with the best career growth and 15th on its list of best leadership teams.