If you're reading this blog, there's a good chance you're familiar with the topic of data breaches; they regularly make the headlines and cause a lot of extra work for IT, security and other staff in affected companies who battle to identify, contain and eradicate the attack. But while the news stories carry the attack's immediate impact, we're rarely aware of the long-term cost to the organization and its staff, both personal and financial.

Facebook Messenger is one of the most popular messaging platforms in the world, amassing 988 million monthly active users as of January 2022, according to Statista. One important feature of this platform is Messenger’s bot. Within the current digital landscape, chatbots are widely used by companies and individuals to connect with their customers online, and almost immediately pops up when chatting with brands or businesses.

The Managed Detection and Response (MDR) solutions offered by security firms today are a far cry from those first deployed by vendors. To better understand how MDR has grown over the years and the changes Trustwave has implemented to stay ahead of the curve, we spoke with Trustwave's Jesse Emerson, Vice President, Solution Architecture & Engineering.

I want to take some time to explain the importance of using a white-box approach when testing applications for vulnerabilities. To help in this endeavor, I will use a real-world example to demonstrate how researchers (in this case Karim El Ouerghemmi and Simon Scannell) *may* have found a vulnerability in WordPress (CVE-2022-21662 a 2nd order stored XSS) and how you, as a security researcher, can also use a white-box approach to find an exotic XSS vulnerability.

Trustwave Managed Detection and Response (MDR) is one of the most important cybersecurity offerings available in the market today, it’s also the reason why Trustwave is rolling out two new levels of service that will enable Trustwave and our business partners fortify the security posture of any business, regardless of size.

Trustwave has recreated new Managed Detection and Response (MDR) services to deliver unmatched capabilities tailored to fit an organization regardless of size or budget. While larger organizations may have the resources for heavy security investments, small and medium enterprises (SME) often struggle to keep up with this punishing pace and finding enough qualified security personnel can be even more challenging with the ongoing skills shortage.

Ever wondered how large-scale power plants monitor or control the myriad of systems that fill their environment? Have you thought about how some of the world’s greatest industrial hacks were enacted? This post will look to illuminate how one tiny legacy protocol, namely "ModBus" could help to understand just how straight forward this could be.

A zero-day vulnerability has been re-disclosed that is very similar to the Follina zero-day announced last week and is actively being tracked by Trustwave SpiderLabs. The vulnerability was initially publicly disclosed back in 2020 but dismissed by Microsoft, which replied at the time: "We are also always seeking to improve these protections.

People commonly think that any “Internet Connection” is exactly the same, or they may be vaguely aware that some connections are faster than others. However, there are significant differences between the connections. While these differences may not matter to someone who just wants to browse websites and read email, they can be significant or even showstoppers for more advanced users or s. This is especially true for anyone looking to do security testing or vulnerability scanning.

Trustwave SpiderLabs is tracking the critical-rated zero-day vulnerability CVE-2022-30190. Threat actors are reported to be actively exploiting this vulnerability in the wild. Microsoft disclosed and issued guidance for CVE-2022-30190 on May 30. Trustwave is diligently watching over our clients for exposure and associated attacks and working closely with our clients to ensure that mitigations are in place.

Trustwave SpiderLabs is tracking the critical-rated zero-day vulnerability CVE-2022-26134. Threat actors are reported to be actively exploiting this vulnerability in the wild. Atlassian disclosed and issued guidance for CVE-2022-26134 on June 2. Trustwave is diligently watching over our clients for exposure and associated attacks and working closely with our clients to ensure that mitigations are in place.

2022 has been busy in the cyber world. While there were signals in 2021 with the increased in activity in threat actors targeting OT environments with ransomware, the conflict in Ukraine prompted many businesses to press harder in asking more questions about their own resilience with operational technologies (OT) and supply chain infrastructure.