This week, federal guidelines were published to assist owners and operators in the water and wastewater systems (WWS) sector on best practices for cyber incident response. Guideline are great, but they are just suggestions unless there are the resources for the WWS operators to enable them and some form industry monitoring to ensure they are met.

In this ever-evolving landscape of cyberthreats, email has become a prime target for phishing attacks. Cybercriminals continue to adapt and employ more sophisticated methods to effectively deceive users and bypass detection measures. One of the most prevalent tactics nowadays involves exploiting legitimate platforms for redirection through deceptive links.

This is another one of those blog posts from me about how I independently carried out some security research into a thing and found something, but I was just too late to the party once again . However, I want to share the journey because I still think there is some value in doing so.

Trustwave SpiderLabs is tracking a spike in usage of the Greatness phishing kit to attack Microsoft 365 users to distribute malicious HTML attachments that steal login credentials. Greatness is a phishing-as-a-service platform developed by a threat actor known as "fisherstell," and has been available since mid-2022 that provides a ready-made infrastructure and tools for anyone to launch phishing campaigns charging $120 per month in Bitcoin.

The discovery of what has been dubbed the Mother of all Data Breaches (MOAB), reportedly containing 12TB or 26 billion records representing 3,800 separate data breaches, should remind everyone of the need to maintain strong passwords and change default credentials.

Not every criminal illegally entering a business is looking to steal cash, equipment, or merchandise; some are looking to take something a bit more ephemeral. This scenario is particularly true for organizations, such as offices, insurance offices, or law firms not traditionally targeted by your everyday, run-of-the-mill burglar. The threat actors are out for information, giving them access to the organization’s network, which can lead to serious damage.

The proliferation of artificial intelligence tools worldwide has generated concern among governments, organizations, and privacy advocates over the general lack of regulations or guidelines designed to protect against misusing or overusing this new technology.

Ransomware poses a pervasive threat to businesses, with no foolproof method to completely ward it off. However, organizations can adopt practical measures to reduce their vulnerability and bounce back swiftly in the face of an attack. While all organizations are potential targets by ransomware threat groups, Trustwave SpiderLabs’ most recent threat intelligence report noted the manufacturing sector is the most impacted industry by ransomware.

Trustwave Government Solutions (TGS) is proud to announce its designation as “In Process Program Management Office (PMO) Review" by the Federal Risk and Authorization Management Program (FedRAMP) for its Government Fusion platform. TGS expects to receive full authorization in early 2024.

Trustwave has observed a surge in attacks exploiting vulnerabilities in Apache ActiveMQ hosts. In certain cases, these host malicious Java Server Pages (JSP) web shells. The web shells are concealed within an unknown binary format and are designed to evade security and signature-based scanners. Notably, despite the binary's unknown file format, ActiveMQ's JSP engine continues to compile and execute the web shell.

In the murky waters of cyber threats, one tactic has steadily gained wide adoption: URL redirection in phishing attacks. This stealthy technique allows cybercriminals to cloak malicious links, making them appear harmless to unsuspecting users. Among the vast expanse of online services, various Google Services stand out as frequent targets for exploitation. Cybercriminals find it opportune ground to hide their nefarious intents behind seemingly innocuous links.

Compliance is a cornerstone for organisations, especially in countries such as the United States. One would expect that mature US-based organisations would be well-versed in navigating compliance-based frameworks, ensuring their operations align with established standards. However, when these same US-based organisations seek to align their systems with the Australian Government, a challenging mindset shift is often required to adhere to a more risk-focused approach.

Social engineering is a technique commonly used by adversaries to manipulate individuals or groups of people into divulging confidential information, performing certain actions, or giving up access to valuable resources. These attacks can take many forms and are typically carried out through electronic communication channels or in-person interactions.

For years, Microsoft has been making significant inroads in the security space, earning number-one rankings from top industry analyst firms IDC and Forrester for its endpoint and extended detection and response (XDR) security tools. Taking full advantage of these tools, however, requires some significant know-how and 24x7 staffing, prompting many to turn to a managed detection and response (MDR) service provider for help.

When I’m carrying out security research into a thing, I generally don’t like to Google prior research right away. I know, this completely goes against how you would (and should!) carry out any research; starting with a literature review to find the lay of the land and existing research done in the area to then expand upon. However, I have a habit of getting that light bulb idea or concept and acting upon it right away, rolling up my sleeves and putting my wellies on, ready to get dirty.

The European Union’s Digital Operational Resilience Act (DORA) is set to go into effect on January 17, 2025, and with it will come new information security and risk management requirements placed on EU financial service providers and their associated critical third-party technology entities.

After serving as its steward for over a decade, Trustwave has agreed to transfer the reins of the renowned open-source web application firewall (WAF) engine, ModSecurity, to the Open Worldwide Application Security Project (OWASP). This landmark move promises to inject fresh energy and perspectives into the project, ensuring its continued evolution as a vital line of defense for countless websites worldwide.

Kyocera’s Device Manager is a web-based application that allows network administrators to monitor and manage large fleets of Kyocera printers and multi-function devices. It provides a dedicated server and a unified interface to discover, organize, and manage devices, install applications, program alerts, schedule reports, and more. The latest versions of Kyocera’s Device Manager support installation on Windows Server 2012/2016/2019/2022 and Windows 10 and 11.

Trustwave today is proud to share that we have officially closed the deal that sees The MC² Security Fund, the private equity fund of The Chertoff Group, acquire Trustwave. Today’s news marks a significant milestone for us and endorses our continuing industry leadership. I am thrilled to be leading the team that will take Trustwave into the next phase of our cybersecurity journey.

The Iranian government has made the claim that a cyber threat group, identified as Gonjeshke Darande or "Predatory Sparrow" in Persian, is linked to Israel and has taken responsibility for the disruption of gasoline pumps throughout Iran on December 18, 2023. Gonjeshke Darande’s (Predatory Sparrow) Telegram channel statement claiming an attack against Iranian gas pumps. In many instances, statements and claims of this nature often prove to be unsubstantiated.