Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Drones are becoming ubiquitous. They are sold as toys, used in industry, and as weapons of war, so the possibility of one becoming co-opted by a threat actor could result in severe damage, disruption of services, or data theft. In response, CISA and the FBI released a notification and guidance on Chinese-manufactured unmanned aircraft systems (UAS) aka drones, that could have vulnerabilities enabling data theft or that could facilitate network compromises.

Drawing on extensive proprietary research, Trustwave SpiderLabs believes the threat actors behind the Facebook malvertising infostealer SYS01 are the same group that developed the previously reported Rilide malware. Facebook Malvertising Epidemic – Unraveling a Persistent Threat: SYS01 – Part 2 lays out evidence tying the latest Rilide (V4) version to SYS01. The report noted the code from the two malware types overlaps in too many areas to be a simple coincidence.

Drawing on extensive proprietary research, Trustwave SpiderLabs believes the threat actors behind the Facebook malvertising infostealer SYS01 are the same group that developed the previously reported Rilide malware. Facebook Malvertising Epidemic – Unraveling a Persistent Threat: SYS01 – Part 2 lays out evidence tying the latest Rilide (V4) version to SYS01. The report noted the code from the two malware types overlaps in too many areas to be a simple coincidence.

Trustwave SpiderLabs uncovered multiple stored cross-site scripting (XSS) vulnerabilities (CVE-2024-37394, CVE-2024-37395, and CVE-2024-37396) in REDCap (Research Electronic Data Capture), a widely used web application for building and managing online surveys and databases in research environments. These vulnerabilities, if exploited, could allow attackers to execute malicious JavaScript code in victims' browsers, potentially compromising sensitive data.

Most homeowners know that a lock is a good idea as a basic defense against invaders, and leaving the front door unlocked is simply unwise. Unfortunately, when it comes to creating a strong cyber defense it’s not that simple. Attackers have been evolving their intrusion techniques over decades, focused on one goal, relentlessly probing for weaknesses to enter your domain.

The decision on whether to implement the Microsoft Security offerings available with the Microsoft 365 E5 license certainly involves deep security discussions, but it's also a business decision. In that respect, this process allows security leaders to engage with their CFO and other business leaders to elevate conversations.

The cybersecurity threat landscape is constantly evolving, requiring organizations to regularly evaluate their security stack to ensure it not only offers the highest level of protection, but is operated by a firm with a long track record of developing, implementing, and properly maintaining the highest quality security tools.

For the second week in a row, Trustwave proudly announces recognition from the industry analyst firm Gartner. Today, Trustwave is proud to reveal that Gartner has named us as a Representative Vendor in the 2024 Gartner Market Guide for Digital Forensics and Incident Response (DFIR) Retainer Services. This news follows Trustwave's announcement last week stating we were named a Representative Vendor in the 2024 Gartner Market Guide for Managed Detection and Response.

Few repositories of cybersecurity knowledge are as broad, deep, and widely respected as Trustwave Security Colony. The industry analyst firm IDC has praised Security Colony, which sees clients and others interested in learning more about their cybersecurity posture download thousands of resources every month, much of which is available for free. IDC deemed this information so important that, in a recent report, it named Security Colony a "differentiator" from others in the field.

With all the issues happening in cybersecurity technology lately, such as CrowdStrike’s software update that caused massive outages worldwide last week, it behooves all organizations to take a serious look at their security stack with an eye toward paring it down to help reduce your threat landscape.