Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Trustwave today is proud to share that we have officially closed the deal that sees The MC² Security Fund, the private equity fund of The Chertoff Group, acquire Trustwave. Today’s news marks a significant milestone for us and endorses our continuing industry leadership. I am thrilled to be leading the team that will take Trustwave into the next phase of our cybersecurity journey.

AT&T Alien Labs has identified a campaign to deliver AsyncRAT onto unsuspecting victim systems. During at least 11 months, this threat actor has been working on delivering the RAT through an initial JavaScript file, embedded in a phishing page. After more than 300 samples and over 100 domains later, the threat actor is persistent in their intentions.

In the cyber realm, where digital defense and offense is an ongoing game of cat and mouse, one of the most potent weapons in an attacker's arsenal is the web shell. A seemingly innocuous piece of code that, once embedded in a server, allows an attacker to maintain their access and control. The hidden danger of web shells is their stealthiness and versatility, making them a challenging threat to uncover and neutralize.

“Secure the endpoints!” This battle cry can sound like a meme, sure, but it also highlights arguably the most important part of modern cybersecurity today: are we securing the endpoints? A compromised network is likely to leave traces of anomalous and unauthorized activities that originate from network endpoints.

When it comes to cybersecurity governance, 2023 stood out as one of the most eventful in a very long time. With everything from the enactment of stronger new cybersecurity regulations around incident disclosure from the Securities and Exchange Commission (SEC) to significant changes afoot for financial and cloud services providers operating within the European Union, many companies worldwide will be called to adjust to a new normal in 2024.

First, let me say happy new year! The holiday season has come and gone—seemingly overnight—and just like that, 2024 is well underway. At SafeBreach, we are eagerly looking to the new year and all that it will bring, including new goals and new opportunities to empower customers with greater visibility into the efficacy of their security tools and programs.

Phishing isn’t anything new. It’s been a tried and true threat for nearly 30 years. Its age, however, doesn’t diminish its seriousness.

With an average cost of USD 4.45 million for data breaches, the gravity of website security threats cannot be overstated. These attacks result in financial losses due to customer attrition, downtime, and disruptions and undermine customer trust. The rising numbers, increasing scale, sophistication, and impact of website security threats underline the necessity for proactive prevention measures. This article delves into 5 of the most common threats today and ways to prevent them.

User Account Control (UAC) serves as a security feature in Windows, aiming to safeguard the operating system from unauthorized modifications. Whenever alterations demand administrator-level permissions, UAC prompts the user, allowing them to either authorize or reject the requested change.

With over half of organizations being the victim of password-based attacks in the last year, new data sheds light on the risk of phishing attacks and the use of password-based credentials. If you don’t think credentials are a key element in cyber attacks, I refer you back to an article of mine from the middle of last year where 15 billion (with a ‘b’) credentials are on sale on the dark web.