Microsoft has disclosed a critical (CVSS 9.8) TCP/IP remote code execution (RCE) vulnerability that impacts all Windows systems utilizing IPv6. To conduct this attack, threat actors can repeatedly send IPv6 packets that include specially crafted packets. By doing this, an unauthenticated attacker could exploit this vulnerability, leading to remote code execution. Systems that have IPv6 disabled are not susceptible to this vulnerability.

Once an attacker enters your network, one of their first actions will be to try and hide their tracks by blending in, using methods of deception such as mimicking normal user activities. A cyber defender can also use methods of deception to detect and slow the advance of these adversaries. This is known as an active defense. This article will discuss some methods of using Active Defences, sometimes referred to as ’deceptions,’ as one part of a comprehensive cyber defense strategy.

Australia's business leaders face a complex and rapidly evolving market landscape that is highly competitive, globally interconnected, and demands a proactive approach to risk management. As continued technological innovation drives business development, efficiency, and success, it simultaneously empowers malicious threat actors to evolve and attack successful businesses more sophisticatedly.

The Microsoft 365 E5 license gives you access to a slew of valuable Microsoft Security products that will cover you quite well for all your enterprise security monitoring needs. However, monitoring is only part of the security equation; the resources and services you add to it will help you get real value from E5.

Tectonic shifts are occurring across the cyber landscape, and organizations are increasingly turning to Microsoft as a cornerstone of their security strategy. At Trustwave, we have been at the forefront of this trend, partnering with Microsoft for years to deliver unparalleled security solutions and outcomes for our clients. Microsoft 365 E5 has become a compelling option for many organizations due to its robust suite of productivity tools and integrated security features.

The digital landscape constantly shifts, presenting exciting opportunities and lurking threats for businesses of all sizes. In this ever-evolving environment, maintaining a secure network is no longer a luxury; it's a necessity. However, achieving true security requires more than just firewalls and antivirus software. It demands a comprehensive understanding of your network's vulnerabilities – the chinks in your digital armor that attackers could exploit.

The introduction, adoption, and quick evolution of generative AI has raised multiple questions about implementing effective security architecture and the specific requirements for protecting all aspects of an AI environment as more and more organizations begin using this technology. Recent security reports on vulnerabilities that expose Large Language Model (LLM) components and jailbreaks for bypassing prompting restrictions have further shown the need for AI defenses.

This report is the first in a series of blogs that will delve into the deep research the SpiderLabs Threat Intelligence team conducts daily on the major threat actor groups currently operating globally. The information gathered is part of a data repository to help SpiderLabs identify possible intrusions as it conducts threat hunts, vulnerability scans, and other offensive security tasks.

Drones are becoming ubiquitous. They are sold as toys, used in industry, and as weapons of war, so the possibility of one becoming co-opted by a threat actor could result in severe damage, disruption of services, or data theft. In response, CISA and the FBI released a notification and guidance on Chinese-manufactured unmanned aircraft systems (UAS) aka drones, that could have vulnerabilities enabling data theft or that could facilitate network compromises.

Drawing on extensive proprietary research, Trustwave SpiderLabs believes the threat actors behind the Facebook malvertising infostealer SYS01 are the same group that developed the previously reported Rilide malware. Facebook Malvertising Epidemic – Unraveling a Persistent Threat: SYS01 – Part 2 lays out evidence tying the latest Rilide (V4) version to SYS01. The report noted the code from the two malware types overlaps in too many areas to be a simple coincidence.