The digital landscape constantly shifts, presenting exciting opportunities and lurking threats for businesses of all sizes. In this ever-evolving environment, maintaining a secure network is no longer a luxury; it's a necessity. However, achieving true security requires more than just firewalls and antivirus software. It demands a comprehensive understanding of your network's vulnerabilities – the chinks in your digital armor that attackers could exploit.

The introduction, adoption, and quick evolution of generative AI has raised multiple questions about implementing effective security architecture and the specific requirements for protecting all aspects of an AI environment as more and more organizations begin using this technology. Recent security reports on vulnerabilities that expose Large Language Model (LLM) components and jailbreaks for bypassing prompting restrictions have further shown the need for AI defenses.

This report is the first in a series of blogs that will delve into the deep research the SpiderLabs Threat Intelligence team conducts daily on the major threat actor groups currently operating globally. The information gathered is part of a data repository to help SpiderLabs identify possible intrusions as it conducts threat hunts, vulnerability scans, and other offensive security tasks.

Drones are becoming ubiquitous. They are sold as toys, used in industry, and as weapons of war, so the possibility of one becoming co-opted by a threat actor could result in severe damage, disruption of services, or data theft. In response, CISA and the FBI released a notification and guidance on Chinese-manufactured unmanned aircraft systems (UAS) aka drones, that could have vulnerabilities enabling data theft or that could facilitate network compromises.

Drawing on extensive proprietary research, Trustwave SpiderLabs believes the threat actors behind the Facebook malvertising infostealer SYS01 are the same group that developed the previously reported Rilide malware. Facebook Malvertising Epidemic – Unraveling a Persistent Threat: SYS01 – Part 2 lays out evidence tying the latest Rilide (V4) version to SYS01. The report noted the code from the two malware types overlaps in too many areas to be a simple coincidence.

Drawing on extensive proprietary research, Trustwave SpiderLabs believes the threat actors behind the Facebook malvertising infostealer SYS01 are the same group that developed the previously reported Rilide malware. Facebook Malvertising Epidemic – Unraveling a Persistent Threat: SYS01 – Part 2 lays out evidence tying the latest Rilide (V4) version to SYS01. The report noted the code from the two malware types overlaps in too many areas to be a simple coincidence.

Trustwave SpiderLabs uncovered multiple stored cross-site scripting (XSS) vulnerabilities (CVE-2024-37394, CVE-2024-37395, and CVE-2024-37396) in REDCap (Research Electronic Data Capture), a widely used web application for building and managing online surveys and databases in research environments. These vulnerabilities, if exploited, could allow attackers to execute malicious JavaScript code in victims' browsers, potentially compromising sensitive data.

Most homeowners know that a lock is a good idea as a basic defense against invaders, and leaving the front door unlocked is simply unwise. Unfortunately, when it comes to creating a strong cyber defense it’s not that simple. Attackers have been evolving their intrusion techniques over decades, focused on one goal, relentlessly probing for weaknesses to enter your domain.

The decision on whether to implement the Microsoft Security offerings available with the Microsoft 365 E5 license certainly involves deep security discussions, but it's also a business decision. In that respect, this process allows security leaders to engage with their CFO and other business leaders to elevate conversations.

The cybersecurity threat landscape is constantly evolving, requiring organizations to regularly evaluate their security stack to ensure it not only offers the highest level of protection, but is operated by a firm with a long track record of developing, implementing, and properly maintaining the highest quality security tools.