Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As always in cybersecurity, hardly a dull day went by in 2024. So much happened we thought it might be helpful to remind everyone what went down over the last 12 months. At least from a Trustwave SpiderLabs perspective. Here are the top SpiderLabs’ blogs, as voted by viewer readership analytics: Trustwave SpiderLabs would like to thank all its readers and we hope we informed, inspired and maybe made you laugh a few times in 2024. See you all next week in 2025.

We’re excited to share new updates and enhancements for December, including: For more information on these updates and others, please read the complete list below and follow the links for more detailed articles.

Digital forensics, which is sometimes called the "science of the digital age," is very important for finding digital proof and solving cybercrimes. Because of how connected everything is these days and how almost everything leaves a digital trail, digital forensics gives us the methods and tools to find, collect, study, and keep data for future investigations.

In this digital age, where cyber threats are always evolving, keeping private data safe has become important for both people and businesses. Encrypting passwords is an important part of data security because it keeps user information hidden from attackers who shouldn't have access to them. Advanced algorithms are used to encrypt passwords into unreadable form. This makes encryption a strong defense against breaches and identity theft.

A newly discovered critical vulnerability, CVE-2024-53677, in Apache Struts enables remote code execution (RCE) and is actively exploited in the wild using a publicly available Proof-of-Concept (PoC). Apache Struts is an open-source framework for building Java-based web applications. It helps developers create scalable software solutions, that powers everything from e-commerce websites to financial systems and government platforms.

The WAN landscape is evolving at a rapid pace, driven by demands of cloud, mobility, and globalization. MPLS (Multiprotocol Label Switching), a legacy transport technology, once the gold standard, now struggles to meet modern business requirements.

In an era where data breaches make headlines almost weekly and cybercrime costs businesses billions annually, states across the U.S. are taking decisive action to protect their residents’ sensitive information. From California’s groundbreaking privacy laws to New York’s rigorous cybersecurity requirements for financial institutions, state-level regulations are rapidly evolving to address the complex challenges of digital data protection.

As 2024 comes to a close, today, I’m reflecting on some of the key events and trends that shaped my offensive security research this year. From publishing my first book to writing regular blogs on some of cybersecurity’s hottest topics, each piece has contributed to a clearer understanding of the evolving digital landscape.

Compare compliance and risk management, including how they are similar but ultimately different, and learn important best practices for unifying these strategies.

California Governor Gavin Newsom’s recent veto of SB 1047, a proposed AI safety bill, has sparked a hot debate on the balance between innovation and regulation in the artificial intelligence (AI) space. California has over a dozen AI related bills that have been signed although this bill sought to establish rigorous safety testing requirements for large-scale AI models and introduce an emergency "kill switch" for situations where systems might become dangerous.