SC Media and SC Media Europe have named Trustwave as a finalist for several awards to be announced this summer. SC Media Europe has shortlisted two Trustwave products as finalists: SC Media will announce winners on Aug. 22 and SC Media Europe will announce winners on June 21. SC Media, which represents the U.S. branch of the cybersecurity publisher, has named Trustwave DbProtect as a finalist in the Best Database Security Solution category.

Trustwave SpiderLabs in early April observed a Grandoreiro malware campaign targeting bank users from Brazil, Spain, and Mexico. The campaign exploits the tax season in target countries by sending out tax-themed phishing emails. Grandoreiro was first detected in 2016 is one of the largest banking trojan families developed to strike targets Latin America.

Phishing website links are commonly delivered via email to their respective targets. Once clicked, these websites often show a single webpage that outright asks for sensitive information like account login credentials, credit card details, and other personally identifiable information (PII). Recently, we have encountered an interesting phishing website containing an interactive component in it: a chatbot.

Most organizations employ mobile computing, which utilizes wireless communications for staff members to perform day-to-day tasks with more ease. While some organizations have deployed enterprise security standards on their wireless networks, Trustwave SpiderLabs has observed some organizations deviating from security best practices when it comes to managing a wireless environment leaving these wireless networks as low-hanging fruit for attackers to abuse.

The Russian invasion of Ukraine has heightened government and business awareness around the reality that nation-state cyber threats pose. To cover all the implications of the threat posed by nation-state actors and the groups they sponsor, we sat down with Gary De Mercurio, VP, Global Practice Lead, Trustwave SpiderLabs.

Maybe I’m a bit late to the game on this one, but I recently discovered PwnFox and it has quickly one of my favorite tools yet. So, what is PwnFox? To put it simply, it’s a BurpPro extension that works with Firefox. It accomplishes two things. First, it helps containerize up to eight (yes, that’s right… eight!) different sessions within one browser and secondly, it organizes all your proxied traffic in Burp BY COLOR! I’ll dive a bit more into #2 in a second.

Trustwave SpiderLabs is tracking a new critical-rated vulnerability (CVE-2022-1388) affecting F5 BIG-IP network devices. Threat actors are reported to be actively exploiting this vulnerability in the wild. F5 disclosed and issued a patch for CVE-2022-1388 on May 4. We are diligently watching over our clients for exposure and associated attacks and working closely with our clients to ensure that mitigations are in place.

The threats facing databases today are numerous and constantly evolving as the perimeter continues to fall away in favor of multi-cloud environments. This change means organizations must adopt an in-depth, data-centric security approach that includes a program designed from the ground up to protect databases.

Email security is not a simple check-box item. The need to have a strong email security solution in place has never been greater. Email is ubiquitous, and the average employee receives so many emails on a daily basis that they often open and click on messages without giving a second thought to any potential problem they might pose. This means an organization must have an email security solution in place to find and block suspicious emails before someone mistakenly clicks on a link.

As we approach the one-year anniversary of the Colonial Pipeline ransomware attack, it is an excellent time to reflect upon what took place and how that incident can serve as a teaching point for any organization interested in preventing a ransomware attack. First, here is a quick refresher on what transpired.

There is a bit of serendipity associated with World Password Day 2022. This year the day falls on May 5, the day before the first anniversary of the devastating Colonial Pipeline ransomware attack, which was initiated through a compromised password. The combination of National Password Day and the Colonial Pipeline anniversary should help remind everyone that password security is incredibly important and ever evolving.

Ladies and gentlemen of all ages and security roles, let us dive head-first into this newish thing called XDR. There is no shortage of vendors, and researchers, providing you their definition on what XDR actually represents so it becomes is there one you agree with or not. Taking a slightly different tact to explore what does XDR mean to you, and your security team.