In today's rapidly evolving cyber landscape, modern adversaries constantly advance their methods to circumvent traditional defenses. At Trustwave, recent observations have unveiled the resurgence of the BlackCat group following its disruption by the US Justice Department on December 19, 2023.

At any point in your cloud security journey, you should consider practical architectures, frameworks, and benchmarks that will benefit your current and future infrastructure. These tools will provide guidance directly from those who have pioneered similar solutions. Working with existing designs will speed up your efforts and provide your organization with confidence that it is following industry security standards.

Alert fatigue is a long-standing problem in cybersecurity that only increases in severity as a company grows. In that sense, alert fatigue is inextricably tied to another challenge: the need for scalability in cybersecurity. Quite often, the remedy for both is to get help, such as with a managed detection and response (MDR) service that can triage, investigate, and respond to alerts. Market numbers help illustrate the scope of the issue.

Cybersecurity professionals often point out that threat actors do not differentiate when choosing a victim. To an attacker, a hospital is as useful a target as a law firm or even a mining operation. After all, a mining company has the same attributes that make it as interesting as any other target: proprietary data and customer information, and it must stay in operation. All of which an attacker can exploit for financial gain.

Allow me to set the scene and start proceedings off with a definition of an integer overflow, according to Wikipedia: To be inclusive of all audiences here, in software security we’ve got sources (typically user input) and sinks – where that input (the data) ends up. In order to overflow something (e.g. an integer overflow) we clearly need some way to be able to do that (think pouring water from a kettle into a cup), and that’s the source (us using the kettle) to overflow the cup.

Phishing is the most common method for an attacker to gain an initial foothold in an educational organization, according to the just released Trustwave SpiderLabs report 2024 Education Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies. Why phishing? Simplicity is the primary reason.

In late January, the UK’s National Cyber Security Centre (NCSC) issued the draft of its Code of Practice on Cybersecurity Governance. The document's goal is to raise the profile of cyber issues with organizational directors and senior leaders and encourage them to shore up their defenses from cyber threats.

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s incumbent upon healthcare organizations to limit their exposure, and minimize the likelihood of cyberattacks.

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber weaknesses, especially when it comes to ransomware.

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow won’t impact ransomware overall. As in the past, another group will pick up the slack, or LockBit itself will reform and get back into business.