On September 26, 2024, security researcher Simone Margaritellidisclosed the details of four OpenPrinting Common UNIX Printing System (CUPS) vulnerabilities, that, when chained together, can allow malicious actors to launch remote code execution (RCE) attacks on vulnerable systems. CUPS is a widely used, open-source printing system that supports Linux and other Unix-like operating systems. It also supports ChromeOS and macOS.

The advent and widespread acceptance of Large Language Models (LLMs), such as Microsoft Copilot, by organizations and even average consumers has created another surface threat area that cybersecurity teams must come to understand. To help with this process, Trustwave SpiderLabs conducted a Red Team exercise against a licensed version of Microsoft Copilot.

Earlier this month, the Financial Industry Regulatory Authority (FINRA) posted a cybersecurity advisory highlighting the recent cybersecurity risks of third parties impacting its members and financial services organizations. The recently released Trustwave SpiderLabs 2024 Trustwave Risk Radar Report: Financial Services Sector underscores FINRA's concern about the escalating threat landscape facing the financial industry.

HTML smuggling techniques have been around for quite some time. A previous Trustwave SpiderLabs’ blog discussed its use in distributing malware by storing binaries in immutable blob data within JavaScript code that gets decoded on the client-side browser, eventually delivering the payload.

Microsoft Copilot for Security is a powerful new artificial intelligence tool that can help companies home in on credible cybersecurity threats amid an onslaught of noise. However, significant expertise is required to configure and operate it properly and avoid unnecessary costs. These are a few key takeaways from the webinar, "Getting Started with Microsoft Copilot for Security", presented by Dan Gravelle, Director of Global Solutions Architecture at Trustwave.

Phishing-as-a-Service (PaaS) platforms have become the go-to tool for cybercriminals, to launch sophisticated phishing campaigns targeting the general public and businesses, especially in the financial services sector. PaaS operates much like other subscription-based malware models, where cybercriminals offer phishing kits, including spam tools, phishing pages’ templates, bulletproof servers, and victim databases to less-experienced attackers.

Security Colony may not have the name recognition of some of Trustwave’s other security products and services, but when experts discuss and measure Trustwave's strengths, this repository of knowledge is almost inevitably brought up in the conversation. For example, over the last several years, the industry analyst firms IDC, Frost & Sullivan, and ISG have all called out Security Colony as a primary reason why each selected Trustwave for various accolades.

An offensive security program is an excellent component of a mature cybersecurity program, but kicking off that process can be overwhelming for some organizations. After all, offensive security has several components, such as Penetration Testing, Red Team exercises, incorporating threat intelligence, etc., so it can be hard to decide where to start. The answer to this dilemma starts with Managed Vulnerability Scanning (MVS).

ALPHV, also known as BlackCat or Noberus, is a sophisticated ransomware group targeting critical infrastructure and various organizations, including being the most active group used to attack the financial services sector. ALPHV first appeared in November 2021 and operates on a Ransomware-as-a-Service (RaaS) model, allowing affiliates to use its malware for their own attacks in exchange for a cut of the ransom payments.

IT teams are the unsung heroes of today’s fast-paced digital world, tirelessly toiling behind the scenes to keep data safe and systems running smoothly. One tool that’s presented a major shift for many IT departments is the Microsoft Defender Suite. Let’s explore how this powerful suite of tools is transforming IT security and making life easier for IT professionals.