The Trustwave SpiderLabs team conducted a multi-month investigation into the cyber threats facing the hospitality industry worldwide and has released a detailed report displaying not only how threat actors conduct attacks, methodologies used, but what organizations can do to protect themselves from specific types of attacks.
The human resources firm Brandon Hall Group honored Trustwave for "Best Advance in Corporate Culture Transformation" in its coveted 2023 HCM Excellence Awards™. The Brandon Hall Group Excellence Awards recognize best practices for initiatives in Learning and Development, Talent Management, Leadership Development, Talent Acquisition, Human Resources, Sales Performance, Diversity, Equity & Inclusion, and the Future of Work.
In our previous blog, we found a lot of phishing and scam URLs abusing Cloudflare services using pages.dev and workers.dev domains, respectively. We’re now seeing a lot of phishing emails with URLs abusing another Cloudflare service which is r2.dev.
Arguably, the most used device by an organization’s employees is their smartphone. Ensuring that anyone, from the CEO to a newcomer being onboarded, knows how to keep this device safe should be paramount. Why? Globally, more than 2 million attacks on mobile devices are reported each month, according to Statista. While the number of attacks has dropped precipitously from its peak of 6.5 million in October 2020, it is still dangerously high and a favorite threat actor attack vector.
In the realm of cybersecurity, danger hides where we least expect it and threats never, ever, go out of style! Over the past few months, Trustwave SpiderLabs has seen a rising trend in threat actors employing PDF documents to gain initial access through email-borne attacks. Though the use of PDF files as a malicious vector is not a novel approach, it has become more popular as threat actors continue to experiment with techniques to bypass conventional security controls.
The Cybersecurity & Infrastructure Security Agency (CISA) has released its 2024-2026 Cybersecurity Strategic Plan, which the agency says will change the trajectory of our national cybersecurity risk by focusing not just on how to defend but developing metrics to measure progress.
There are few security tasks more important, yet more difficult, to conduct than a vulnerability scanning program. A properly conducted scanning program requires a team of human-led experts with the technology to search for issues that might give a threat actor access to a network. Only the largest organizations with equally large wallets can afford to take on this task, but there is an option.
In this blog post, we will explore how the computer security landscape has expanded to reach below the operating system levels, aiming to address areas that are often overlooked or completely neglected in cybersecurity. Attackers have discovered techniques to establish long-term persistence in compromised hosts by injecting malicious code to run before the operating system loads in areas commonly referred to as Basic Input Output System (BIOS).
QR Codes, the square images that contain coded information that can be scanned by a smartphone, are becoming increasingly popular. With the number of smartphone users reaching 6.92 billion this year, access to the information within these ingenious images is within reach by around 86% of the world’s population. Since most, if not all, of the smartphones today feature QR scanners and for those that don’t come so equipped, free apps can be downloaded to add this functionality.
As the world shifted into remote work and distant learning during the pandemic lockdown, e-commerce accelerated as more consumers turned to online shopping apps and websites. Customers who shop online are familiar with email confirmation for their orders. But what if you receive an email confirmation for something that you never bought? It might be a fake order scam, and they are now being sent through Google Groups.
