Offensive security has become a cornerstone strategy for organizations aiming to fortify their defenses against cyber threats. However, before one creates a suitably developed offensive security program, an organization must ensure it is properly scoped. This will ensure the final product is effective, efficient, and aligned with the organization's overall security objectives. Here's a guide to help organizations understand and implement a well-scoped offensive security program.

Ransomware-as-a-service (RaaS) threat groups are placing severe and continuous pressure on the financial and government services sectors in Latin America, according to data compiled by the elite Trustwave SpiderLabs team. RaaS is where developers working for threat actors manage and update the malware while affiliates carry out the actual ransomware attacks.

Trustwave MailMarshal solidified its leadership position in the email security space, being named a Trail Blazer by the analyst firm Radicati Group in its Secure Email Market Quadrant 2024 report. Radicati highlighted MailMarshal’s product features, multiple solutions available, and a long list of strengths as primary reasons why Trustwave earned Trail Blazer status.

Trustwave is partnering with Telarus, a leading technology services distributor (TSD), which will allow it to leverage Trustwave’s comprehensive offensive and defensive cybersecurity portfolio and give Trustwave a direct line to Telarus' vast network of technology advisors.

Know your enemy – inside and out. External Attack Surface Management tools are an effective way to understand externally facing threats and help plan cyber defenses accordingly. Let’s discuss what EASM is, how to use it, and what other pieces are involved to help one see through the fog of war that is your external network security posture.

This is Part 8 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The full series can be found here. If your organization has computers, and I’m sure it does, then it's likely it has an Endpoint Detection and Response (EDR) solution installed. Since the capabilities of EDR solutions have changed over the years, it’s recommended to re-evaluate the solution’s features periodically to ensure it is up to date.

Clients often conflate Offensive Security with penetration testing, yet they serve distinct purposes within cybersecurity. Offensive Security is a broad term encompassing strategies to protect against cyber threats, while penetration testing is a specific activity where security teams test system vulnerabilities. At its essence, Offensive Security isn't just about reacting to vulnerabilities; it's about actively hunting down and neutralizing potential threats before they wreak havoc.

April 16, 2024: UnitedHealth Group, parent of Change Healthcare, reported on April 16, 2024 in its Q1 results a negative impact of $872 million “in unfavorable cyberattack effects” due to cyberattack direct response costs and the business disruption impacts. The company anticipates additional costs associated with the attack.

Let’s explore how SpiderLabs created and incorporated user prompts, specifically Windows dialog boxes into its malware loader to make it more convincing to phishing targets during a Red Team engagement.

The (apparent) takedown of major ransomware players like Blackcat/ALPHV and LockBit and the threat groups’ (apparent) revival is a prime example of the Whack-a-Mole nature of combating ransomware gangs that often takes place. However, this level of difficulty doesn’t mean the pressure should be relieved.

Companies engage with a managed detection and response (MDR) provider to help ensure they detect cyber threats before they do any damage. The "response" part of the MDR moniker is key to that effort, making it vital to determine up front exactly what your chosen provider will do when it detects a threat in your environment.

This is Part 7 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The full series can be found here. Far too many organizations place Data Loss Prevention (DLP) and Data Protection at the bottom of their priority list due to the perceived difficulty in its deployment. When there are in fact some easy approaches to getting started with protecting your data.

A command injection vulnerability has been discovered in the GlobalProtect feature within Palo Alto Networks PAN-OS software for specific versions that have distinct feature configurations that may enable a remote, unauthenticated attacker to execute arbitrary code with root privileges on the firewall. These specific versions require configurations for GlobalProtect gateway and device telemetry enabled.

Despite investing in costly security solutions, keeping up with patches, and educating employees about suspicious emails, breaches still occur, leaving many organizations to wonder why they are vulnerable and which security areas need improvement.

Two of the greatest threats facing technology-focused organizations are their often-quick adoption of new technologies, such as artificial intelligence (AI), without taking security measures into consideration and a very high reliance on third-party vendors to operate their businesses.

New Mexico Governor Michelle Lujan Grisham issued an Executive Order to shore up the state’s cybersecurity readiness and better safeguard sensitive data by conducting a state-wide security assessment and adopting National Institute of Standards and Technology (NIST) standards by Nov. 1, 2024.

Recent cyberattacks and the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) research indicate the danger facing the healthcare industry is not subsiding, which means healthcare providers must maintain a high level of alert and continue to bolster their cyber defenses.

Trustwave SpiderLabs’ recent threat report on the hospitality industry included a reminder that people are the weakest link in most any cyber security plan, along with some sobering points demonstrating how employees are being challenged more than ever by bad actors armed with generative artificial intelligence (GenAI) tools.

We all know the cybersecurity industry loves its acronyms, but just because this fact is widely known doesn’t mean everyone knows the story behind the alphabet soup groups of letters, we must deal with on a regular basis. Let’s take a moment to discuss some of the more prominent security architectures specific to the cloud so we are all on the same page: CNAPP, CWPP, CIEM, and CSPM.

Recently, we observed a phishing campaign targeting the Latin American region. The phishing email contained a ZIP file attachment that when extracted reveals an HTML file that leads to a malicious file download posing as an invoice. Figure 1. Phishing email sample with zip file attachment Upon checking the email header, we see that it has an email address format that uses the domain ‘temporarylink’.

Among the due diligence a company should perform when signing with a managed detection and response (MDR) provider, one item that may not be top of mind is who owns custom content developed during the service. You may be surprised to find out it’s often the provider, not you. MDR content ownership becomes an issue when you change providers or bring in-house the monitoring capability.

Trustwave was named a Major Player in the IDC MarketScape: Worldwide Cybersecurity Consulting Services 2024 Vendor Assessment (doc # US50463223, March 2024). The report noted “The acquisition by MC2 Security Fund — the private equity fund of internationally recognized security advisory firm The Chertoff Group — successfully closed in January 2024.

Trustwave today added Threat Intelligence as a Service (TIaaS) to its offensive security portfolio to help organizations better understand the threats they face and provide detailed knowledge and mitigations of their security weaknesses. Trustwave TIaaS provides organizations with timely, contextualized, and prioritized threat intelligence based on factors relevant to their operations, enabling them to make risk-based and threat-informed decisions which benefit their organizations.

Trustwave today announced it will offer clients expert guidance on implementing and fully leveraging the just-released Microsoft Copilot for Security, a generative AI-powered security solution that helps increase the efficiency and capabilities of defenders to improve security outcomes.

This is Part 5 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The full series can be found here. The goal of this article is to provide a quick getting started guide to Zero Trust. To understand Zero Trust, it helps to first know a couple of terms: ZTA and ZTMM.