Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Trustwave

The Two Sides of ChatGPT: Helping MDR Detect Blind Spots While Bolstering the Phishing Threat

ChatGPT is proving to be something of a double-edged sword when it comes to cybersecurity. Threat actors employ it to craft realistic phishing emails more quickly, while white hats use large language models (LLMs) like ChatGPT to help gather intelligence, sift through logs, and more. The trouble is it takes significant know-how for a security team to use ChatGPT to good effect, while it takes just a few semi-knowledgeable hackers to craft ever more realistic phishing emails.

Trustwave MailMarshal Email Security Protects Against WinRAR Vulnerability CVE-2023-38831

The importance of email security cannot be understated. Proof of this can be seen in some recent research conducted by the Trustwave SpiderLabs team around our email security product MailMarshal. The team recently ran an experiment on known Zero Day CVE-2023-38831 found in RARLabs WinRAR that is currently being exploited in the wild in WinRAR versions 6.23 and earlier. WinRAR is a compression, archiving, and archive managing software tool.

Bah, Humbug! Grinchbots and Freebie Bots Attempt to Ruin Holiday Shopping for Consumers and Retailers

If the holiday classic “How the Grinch Stole Christmas” was remade in 2023, the mean green guy might be played by an Internet bot. Sure, these bots may not come down your chimney and steal a tree or holiday dinner, but threat actors have designed them to help ruin retailer and consumer holiday shopping experiences. Trustwave SpiderLabs exposed how the two primary bot variants, Grinchbots and Freebie Bots, operate in the team's recent report.

Trustwave MDR: The Pivot Point That Enhances Multiple Security Tools

Several years ago, Trustwave, already a leader in Managed Security Services (MSS), recognized the shift in market needs and fully pivoted to its future as a Managed Detection and Response (MDR) leader. Trustwave's leadership chose this course because it understood that a leading cybersecurity solution provider could no longer be effective without all the weapons MDR brings to the fight.

Trustwave Threat Intelligence Briefing: The 2023 Retail Services Sector Threat Landscape

The holiday shopping season is teed up for its annual explosion of spending. Retailers know this, consumers know this, cybercriminals know this, and are unfortunately ready to take advantage of any weak link that can be found to steal vital consumer and business data. However, unlike gift buyers heading to stores or shopping online on Black Friday and Cyber Monday, these adversaries are not seasonal actors.

The 2023 Retail Services Sector Threat Landscape: A Trustwave Threat Intelligence Briefing

The annual holiday shopping season is poised for a surge in spending, a fact well-known to retailers, consumers, and cybercriminals alike. The latter group, however, is poised to exploit any vulnerabilities they can find to pilfer valuable consumer and business data. Unlike holiday shoppers flocking to stores or browsing online during Black Friday and Cyber Monday, these adversaries don't adhere to a seasonal schedule.

Unlocking the Power of Co-Managed SOC: A Strategic Solution for Maximizing SIEM Effectiveness and Cybersecurity Success

Security information and event management (SIEM) systems play a pivotal role in cybersecurity: they offer a unified solution for gathering and assessing alerts from a plethora of security tools, network structures, and software applications. Yet, the mere presence of a SIEM isn't a magic bullet. For optimal functionality, SIEM systems must be appropriately set up, governed, and supervised round-the-clock.

Pwning Electroencephalogram (EEG) Medical Devices by Default

Overall Analysis of Vulnerability Identification – Default Credentials Leading to Remote Code Execution During internal network testing, a document was discovered titled the “XL Security Site Administrator Reference.pdf.” It appeared to be a guide for the specific configuration of the SQL service running on NeuroWorks Natus. Being that this was a guide, it was extensive and detailed the software in-depth.

Trustwave Measures the Pros and Cons of President Biden's Executive Order to Regulate AI Development

President Joe Biden, on October 30, signed the first-ever Executive Order designed to regulate and formulate the safe, secure, and trustworthy development and use of artificial intelligence within the United States. Overall, Trustwave’s leadership commended the Executive Order, but raised several questions concerning the government’s ability to enforce the ruling and the impact it may have on AI’s development in the coming years.

Managing Risk Appetite: Balancing Cybersecurity and Business Growth

Determining, dealing with, and accepting a certain level of risk will always be a top priority for the members of any C-Suite. Eliminating risk is likely not a possibility, especially when it concerns cybersecurity. Simply put, the threat landscape changes so rapidly that fully solving this problem is likely beyond our reach. That means organisations must focus on what they can control and how much they are willing to leave up to chance.