Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

February 2022

CISO Bytes Podcast: Russia-Ukraine Crisis, Combatting Nation-State Threats for Critical Infrastructure and Beyond

In this episode of the Trustwave CISO Bytes Podcast, host David Bishop, Chief Information Security Officer at Trustwave, sits down with Kory Daniels, Global Director, Cyber Defense Consulting at Trustwave, to discuss the Russia and Ukraine crisis, its impact on cybersecurity, and how organizations in operational technology, critical infrastructure and beyond can harden their cyber defenses against nation-state threats.

Trustwave's Action Response: Russia-Ukraine Crisis - Defending Your Organization From Geopolitical Cybersecurity Threats

Trustwave security and engineering teams are on heightened alert and are actively monitoring malicious cyber activity associated with and adjacent to the escalating military conflict between Russia and Ukraine. Trustwave is working closely with its clients around the world to enhance cyber preparedness during this time.

Nation-State Actors or Common Cybercriminal, Your Cyber Fundamentals May Be Your Achilles' Heel

I have seen quite a few articles of late proclaiming that a major cyberattack against Australia is imminent as a result of the ongoing situation in Ukraine, and in truth it's kind of riled me up a bit. The most recent announcements about Australia promising cyber support to Ukraine has increased speculation on this question.

Creating Buy-In for a Cybersecurity Awareness Program

There is more to implementing a successful cybersecurity training program than to task IT with the job or conduct a quick Internet search to find an outside vendor. In a day and age when an employee’s error can lead to a disastrous cyberattack, it is imperative organizations have a basic understanding of how to implement an awareness program that reaches all employees, is conducted at the correct pace by well-informed instructors and is helpful, informative, and not irritating.

Be Prepared: Tax Scam Season is in Full Swing

It's somehow fitting that Groundhog Day and tax scam season overlap. Much like the 1993 Bill Murray film where he repeatedly experienced the same day, tax season scammers come out of their hole every year at the same time and tend to use the same attack methods against organizations and regular taxpayers. These scammers stick to these tried-and-true methods because they still work.

Red, Purple, and Blue: The Colors of a Successful Cybersecurity Testing Program

This is the first in a series of blogs that will describe the importance of conducting Red and Purple Team exercises. The first entry in the series gives an overview of how to properly conduct these drills with follow on blogs diving deeper into the specifics of Red and Purple team maneuvers. The first realization most organizations have that their cybersecurity is, let's say, subpar generally comes right after it has been hit by a devastating attack.

From Stored XSS to Code Execution using SocEng, BeEF and elFinder CVE-2021-45919

A stored cross-site scripting vulnerability, tracked as CVE-2021-45919, was identified in elFinder File Manager. The vulnerability can result in the theft of user credentials, tokens, and the ability to execute malicious JavaScript in the user's browser. Any organization utilizing an out-of-date elFinder component on its web application could be affected.

Data Assessment in Healthcare: Knowing What Data You Have Is Half the Battle

When it comes to protecting personal healthcare information or a medical facility from cyberattacks or data breaches, the first step that must be taken is a thorough and exhaustive data assessment. The data assessment will provide your organization with a complete understanding of: Why? Because a cybersecurity team cannot be expected to protect something if it does not know it exists in the first place.

ServiceNow - Username Enumeration Vulnerability (CVE-2021-45901)

During a recent engagement Trustwave SpiderLabs discovered a vulnerability (CVE-2021-45901) within ServiceNow (Orlando) which allows for a successful username enumeration by using a wordlist. By using an unauthenticated session and navigating to the password reset form, it is possible to infer a valid username. This is achieved through examination of the HTTP POST response data initially triggered by the password reset web form. This response differs depending on a username's existence.

Mitigating Third-Party Vendor Risk in Your Supply Chain

A recent survey by the analyst firm Gartner showed that 89% of companies experienced a supplier risk event in the last five years; however, those companies' overall awareness and plans to mitigate lacked maturity. As a result, it is no longer enough to secure your own company's infrastructure. You must also evaluate the risk posed by third-party vendors and plan to monitor those organizations for breaches.