Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As we see in the Trustwave SpiderLabs 2025 Manufacturing 2.0 Threat Report, the manufacturing sector is facing a rapidly increasing number of cyber threats with ransomware and phishing attacks being the attacker's primary weapon. The focus on this sector has resulted in the cost of a data breach in manufacturing jumping nearly $1 million to $5.6 million in 2024 compared to the previous year.

AWS DocumentDB by default is securely isolated within a VPC, unreachable from the public internet, what could be more secure? This security architecture can create unexpected challenges and complexity. The root cause? The very VPC isolation designed to protect DocumentDB can introduce a complex web of networking requirements, operational considerations, and architectural decisions that require careful management to maintain security.

This blog is the latest in a series that delves into the deep research conducted daily by the Trustwave SpiderLabs Threat Operations team on major threat actor groups currently operating globally. The Silver Fox threat actor group, also associated with attacks attributed to Void Arachne and Great Thief of the Valley, is a relatively new, most likely China-based threat group that has emerged as a significant player in advanced persistent threat (APT) campaigns.

It's not news that keeping an organization's information and communication technology (ICT) systems safe and sound is absolutely critical. That's where the Information Security Registered Assessors Programme (IRAP), run by the Australian Signals Directorate (ASD), comes in. It’s an excellent programme and one that Trustwave highly recommends. To help organizations align with this process, Trustwave now has an IRAP Assessment Service available.

Organizations are constantly seeking robust defenses to contend with the seemingly endless number of cyber threats arrayed against them. For many, Managed Detection and Response (MDR) services have emerged as a powerful solution. The reason why is pretty clear: MDR offers a significantly faster "time to value" compared to building an in-house Security Operations Center (SOC), which demands substantial investment in technology, talent, and years of refinement.

Trustwave is proud to announce that Gartner has named us as a Representative Vendor in the 2025 Gartner Market Guide for Digital Forensics and Incident Response (DFIR) Retainer Services. This is the sixth time Trustwave has been placed as a Representative Vendor in the Market Guide DFIR six times since the report's inception.

CVE-2024-7348, which was discovered by Noah Misch, is a race condition vulnerability affecting multiple versions of PostgreSQL when using the `pg_dump` utility. An attacker with sufficient privileges can exploit this vulnerability to execute arbitrary SQL commands with the permission of the user, which is typically a superuser, running the dump.

It seems everyone loves phishing attacks. Trustwave's Ed Williams, Vice President of SpiderLabs, during a recent Trustwave webinar, discussed the ongoing threat posed by the increasingly sophisticated phishing incidents that remain the primary vector for initial access in cyberattacks. What Williams interestingly noted was that threat actors are not the only group using phishing to gain access to organizations.

A threat actor once again proved the importance of enforcing strict password management practices by torpedoing a 158-year-old UK transportation company by hacking a password and then effectively shutting it down with ransomware. According to published reports, the threat group Akira gained access to KNP's system in June when it was able to determine a single employee's password. Once access was gained, Akira injected ransomware, which shut down the network and encrypted access to its files and backups.

Managed Detection and Response (MDR) solutions have been available for more than 20 years, but despite this level of longevity, there remains confusion about what programs qualify as true MDR. Despite having a long track record of widespread use and success, there is still a great deal of confusion among current and potential MDR clients about what an MDR provider should deliver to keep an MDR client secure.