Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

What started out as a standard Red Team test designed to check the security capabilities of several Australian hospitals, led to a chain of events that eventually uncovered serious security flaws in remote-capable insulin pumps that, if abused could have had disastrous consequences. The hospitals, all of which are part of a connected healthcare system, had contracted with Trustwave to conduct the Red Team tests against several of their facilities.

When conducting Red Team engagements, more than one Command and Control (C2) framework would typically be used as part of our delivery process and methodology. We would be unintentionally limiting our options if we only had one Command and Control framework to depend upon, which would be less realistic when comparing it to an attack from real threat actors who seem to have infinite time and resources available. The use of multiple Command and Control frameworks is essential.

In today's rapidly evolving digital landscape, data stands as the linchpin of modern business operations. However, safeguarding sensitive data has grown into a formidable challenge for enterprises in recent times. The surge in data volume and escalating threats are not the sole culprits; the pivotal shift toward digitalization has prompted organizations to migrate their data and IT infrastructure to a diverse blend of private and public clouds.

ChatGPT and other Large Learning Modules have been in use for less than a year, yet these applications are transforming at an almost exponential rate. The changes taking place present an odd duality for the cybersecurity world. It is both a boon and a danger to security teams. In some cases, enabling teams to do more with less.

In the ever-evolving landscape of malware threats, threat actors are continually creating new techniques to bypass detection. A recent discovery by JPCERT/CC sheds light on a new technique that involves embedding a malicious Word document within a seemingly benign PDF file using a.doc file extension.

Threats that arrive from outside an organization are difficult to deal with, but at least business leaders understand that they exist and prepare a proper defense. However, many managers don’t expect one of their employees to cause a problem from the inside. Sure, there will always be a worker who steals money from the cash register or walks out with a few reams of printer paper, but the true insider threat is much more dangerous. The U.S.

For the seventh consecutive year, Trustwave has been named a Top 10 Managed Security Services Provider by MSSP Alert. Trustwave placed 10th on MSSP's 2023 list, indicating the company's status as an industry leading managed security service provider. MSSP Alert noted that the list identifies and honors the top MSSPs worldwide. The rankings are based on MSSP Alert’s 2023 readership survey combined with the site’s editorial coverage of MSSP, MDR, and MSP security providers.

The Trustwave SpiderLabs team conducted a multi-month investigation into the cyber threats facing the hospitality industry worldwide and has released a detailed report displaying how threat actors conduct attacks, the methodologies used, and what organizations can do to protect themselves from specific types of attacks.

Open-Source Intelligence (OSINT) can be valuable for an organization and penetration testing engagements in several ways. Today, let me highlight two areas: Leaked Credentials and Files. As part of any security engagement, it is ideal, if not essential, that we look up our target’s leaked credentials and files, as many clients do not have a high level of visibility or awareness in this area.

In late August, the FBI took down and dismantled Quakbot, a banking Trojan that primarily spread through spam and phishing emails and has been active and continuously updated since 2008. Trustwave SpiderLabs has tracked Qakbot for years and has worked hard to counter the malware’s efforts, including publicly releasing the encryption algorithm Qakbot used to encrypt registry keys, enabling victims to recover from an attack.