We close out Cybersecurity Awareness Month for 2023 with a few final points that show that a company's security is a team sport, one in which everyone must participate. As noted in Trustwave SpiderLabs recent report, 2023 Financial Services Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies, phishing is one of the most effective methods attackers use to gain an initial foothold in financial services organizations.

The variety of cloud services that store organizational data continues to proliferate in type and number leading to tension as more governments, policymakers, and organizations consider (or are in the process of) implementing mandates requiring that specific types of data remain within geographical borders. Many organizations need to navigate these data management compliance mandates while also satisfying the competing needs of expediency, cost-effectiveness and, of course, data security.

What is the scariest aspect of deepfake videos and audio? A: How accurate they appear? B: How will threat actors implement these creations? C: The amount of potential damage a deepfake can cause? D: None of the above? My argument would be D. For me, the most frightening aspect is how easy a deepfake video file is to create and the fact that free tools to generate a very realistic fake video of anyone are just a quick Google search away.

Cyberattacks are a constant and evolving threat across all sectors with 2023 seeing a resurgence in data breaches and ransomware attacks with popular variants like Clop, LockBit, and ALPHV, among others, terrorizing businesses and exploiting system vulnerabilities. The 2021–2022 financial year saw an increase in cybercrime, with over 76,000 reports made to the Australian Cyber Security Centre (ACSC), with no signs of slowing down.

Banks and other financial institutions have the one thing every criminal desires. Money. So, it only makes sense that cybercriminals prioritize attacking this industry sector, and it makes even more sense for these institutions to harden their systems to prevent attacks.

I was looking at my watch last week and my attention was moved towards the seconds over at the right of the watch face, incrementing nicely along as you’d expect. Now, I don’t know if I’d just spent too long staring at a debugger screen or if it was something in the air, but an idea dawned on me, related to all things command and control, data exfiltration, etc.

Trustwave has introduced a new solution allowing organizations using Microsoft Sentinel to obtain the highest return on investment possible while keeping their security level at peak performance and improving response times. Trustwave Managed SIEM for Microsoft Sentinel is a managed solution intended to maximize an organization’s Microsoft E5 investment, specifically firms without a robust cybersecurity team.

Database security often, and to an organization's detriment, falls between the cracks as security and IT teams scramble to stay on top of daily cyber hygiene tasks and deal with the never-ending problems of running their network. The danger of overlooking their database, or to put it in, say, banking terms – the vault – is this is likely a threat actor's primary target. An organization's database is where IP, credentials, and financial information are stored.

A recent vulnerability tracked as Rapid Reset (CVE-2023-44487) in the HTTP/2 protocol was recently disclosed by researchers and vendors. It was exploited in the wild from August 2023 to October 2023. The issue arises from the HTTP/2 protocol's ability to cancel streams using an RST_STREAM frame, which can be misused to overload servers by initiating and quickly canceling numerous streams, circumventing the server's concurrent stream limit.

In this era, threat actors have proven to be tireless in their pursuit of exploiting vulnerabilities and gaining unauthorized access to online platforms using anything from simple to sophisticated attacks. Today, we delve into shedding light on how attackers employ methods to bypass one of the most common defenses against automated attacks. Particularly on using TOR networks to evade or bypass CAPTCHA.

As 2023 Cybersecurity Awareness Month continues, let's look at a couple of the areas the Cybersecurity and Infrastructure Security Agency (CISA) and National Cybersecurity Alliance (NCSA) are focusing on this year.

Cyberattacks striking the financial services industry are more prevalent, dangerous, and hitting faster than ever. To provide much needed guidance and recommended mitigation measures the elite Trustwave SpiderLabs team conducted a multi-month investigation into the cyber threats facing the financial services sector and released the report 2023 Financial Services Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies.

Several U.S. federal agencies have proposed a rule, FAR Case 2021–019, and issued a call for public comment to standardize cybersecurity contractual requirements for unclassified federal information systems and a statute on improving the nation's cybersecurity.

Not every organization's security apparatus is built or funded at the same level. For smaller organizations or those with other needs competing for budget, here are some points that show it's possible to do more with less. To drive meaningful progress and ensure a robust security posture, it's the C-suite and the board must collaborate and focus on three key areas: coverage, consolidation, and assurance.

The digital world relies on data, which because of its considerable value, is constantly targeted by skilled cybercriminals who have spent years developing methods and tools to gain access to even the most secure databases. Never mind those databases whose owners only pay lip service to security. Traditional security approaches that focus on network perimeters are no longer sufficient in today's evolving threat landscape.

Calendars are great and serve a wide range of purposes. Paper calendars, digital calendars, calendars with Garfield or Peanuts comics, they all have the ability remind us of birthdays, the first day of school, garbage pick-up day and holidays. So, let’s make sure your calendar has October marked down as Cybersecurity Awareness Month.