Over the past few days, we have seen phishing attacks that use a combination of compromised Microsoft 365 accounts and.rpmsg encrypted emails to deliver the phishing message. At this stage, we are exploring and uncovering different aspects of this campaign and will share here some of our observations to date.
For those wondering what GraphQL is… “GraphQL is a query language for your API, and a server-side runtime for executing queries using a type system you define for your data. GraphQL isn't tied to any specific database or storage engine and is instead backed by your existing code and data.”
For the second year in a row, Trustwave Government Solutions President Bill Rucker was honored by Meritalk with its Cyber Defenders Award. Rucker earned this award, from the federal government IT news and events provider, for driving innovation, advancing the nation’s cybersecurity, and making significant contributions across cyber programs in Federal IT.
A user impersonation feature typically allows a privileged user, such as an administrator, but typically these days, support teams, to sign into an application as a specific user without needing to know the user’s password. This feature allows support teams to see the application as the user would see it, often in relation to following a user journey in the context of that user, in order to see the same error message a user is receiving with a view to resolving the issue.
The days of massive server rooms and having every employee all under one roof may seem like they are gone forever, but for a great many organizations the on-premise work environment is still here and unlikely to be pushed out of service any time soon. Let’s start off with a quick reminder on the importance of security an email system. Email remains the number one attack vector favored by threat actors because it involves humans, who can be a weak link in any security system.
I feel I need to clarify, for legal reasons, that this is nothing to do with any Harry Potter game. The reference is made because we are dealing with spells and magic, and I mean magic in the literal sense, not a reference to application security – although on some/most days it feels like magic. Time-Of-Check Time-Of-Use (TOCTOU) and Race Conditions? What’s it all about?
The healthcare industry has been struck with a growing number of cyberattacks over the last few months, raising concerns in the healthcare industry and in Washington, D.C. The continued onslaught of attacks has raised the question of how healthcare entities can and should be raising their cyber defenses. One potential tool in a hospital, or any industry's toolbox, can be Trustwave's patent-pending Advanced Continual Threat Hunt (ACTH) platform.
In the first part of this series, we looked at some common issues when a Chief Information Security Officer (CISO) is communicating with the Board. At the heart of many of these issues is how the CISO and upper management view security. As one CISO recently told me, "It's a catch-22 situation: If the business leaders don't consider this to be a business problem, they are unlikely to listen to people they don't consider to be business leaders telling them it is.".
Ignoring the little stuff is never a good idea. Anyone who has pretended that the small noise their car engine is making is unimportant, only to later find themselves stuck on the side of the road with a dead motor will understand this statement. The same holds true when it comes to dealing with minor vulnerabilities in a web application. Several small issues that alone do not amount to much, can in fact prove dangerous, if not fatal, when strung together by a threat actor.
Security information and event management (SIEM) systems are crucial to cyber security, providing a solution for collecting and analyzing alerts from all manner of security tools, network infrastructure, and applications. But simply having a SIEM is not enough because to be truly effective, it must be properly configured, managed, and monitored 24x7.
