Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Trustwave

Unveiling the CAPTCHA Escape: The Dance of CAPTCHA Evasion Using TOR

In this era, threat actors have proven to be tireless in their pursuit of exploiting vulnerabilities and gaining unauthorized access to online platforms using anything from simple to sophisticated attacks. Today, we delve into shedding light on how attackers employ methods to bypass one of the most common defenses against automated attacks. Particularly on using TOR networks to evade or bypass CAPTCHA.

Trustwave Threat Intelligence Briefing: The 2023 Financial Services Sector Threat Landscape

Cyberattacks striking the financial services industry are more prevalent, dangerous, and hitting faster than ever. To provide much needed guidance and recommended mitigation measures the elite Trustwave SpiderLabs team conducted a multi-month investigation into the cyber threats facing the financial services sector and released the report 2023 Financial Services Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies.

NASA, GSA, and Department of Defense Propose Rule to Standardize Cybersecurity Requirements for Federal Contracts

Several U.S. federal agencies have proposed a rule, FAR Case 2021–019, and issued a call for public comment to standardize cybersecurity contractual requirements for unclassified federal information systems and a statute on improving the nation's cybersecurity.

Focus on these 3 Areas to Develop a Strong Cybersecurity Posture With Fewer Resources

Not every organization's security apparatus is built or funded at the same level. For smaller organizations or those with other needs competing for budget, here are some points that show it's possible to do more with less. To drive meaningful progress and ensure a robust security posture, it's the C-suite and the board must collaborate and focus on three key areas: coverage, consolidation, and assurance.

10 Dynamic Principles for Crafting a Robust Database Security Strategy

The digital world relies on data, which because of its considerable value, is constantly targeted by skilled cybercriminals who have spent years developing methods and tools to gain access to even the most secure databases. Never mind those databases whose owners only pay lip service to security. Traditional security approaches that focus on network perimeters are no longer sufficient in today's evolving threat landscape.

Break Out the Decorations! Cybersecurity Awareness Month is Here

Calendars are great and serve a wide range of purposes. Paper calendars, digital calendars, calendars with Garfield or Peanuts comics, they all have the ability remind us of birthdays, the first day of school, garbage pick-up day and holidays. So, let’s make sure your calendar has October marked down as Cybersecurity Awareness Month.

Trustwave Attains Two Microsoft Partner Milestones

Trustwave has achieved two highly sought-after achievements from Microsoft, reaching Microsoft Verified Managed Extended Detection and Response (MXDR) Solution status and becoming a FastTrack Ready Partner for Microsoft 365. These achievements will allow Trustwave to utilize the skills of its elite SpiderLabs team to better secure clients and deeper security solutions and integration with Microsoft Sentinel and Defender.

Amazon (AWS) S3 Bucket Take Over

Let’s try something a bit different and take a look at some of Trustwave SpiderLabs’ Open Source Intelligence (OSINT) research findings, and exploitation of vulnerable buckets and domains. I published this research internally on February 3, 2023, and here are my findings. Today, I will share with you how deleted S3 buckets could become a liability or threat to your organization and highlight the importance of cybersecurity in data and asset management.

The Beauty of a Red Team Exercise: When One Discovery Leads to Potentially Saving Lives

What started out as a standard Red Team test designed to check the security capabilities of several Australian hospitals, led to a chain of events that eventually uncovered serious security flaws in remote-capable insulin pumps that, if abused could have had disastrous consequences. The hospitals, all of which are part of a connected healthcare system, had contracted with Trustwave to conduct the Red Team tests against several of their facilities.