Vulnerabilities

Why Companies Need to Extend Penetration Testing to OT Environments

penetration testing, Vulnerabilities /

Why Companies Need to Extend Penetration Testing to OT Environments 2025-01-02 at 20:08 By Allen Numerick As companies continue to integrate their operational technology (OT) and IT environments, they’re coming to grips with the fact that this move opens them up to new avenues for cyber threats. This article is an excerpt from Trustwave Blog […]

React to this headline:

Loading spinner

Why Companies Need to Extend Penetration Testing to OT Environments Read More »

Analyzing Salt Typhoon: Telecom Attacker

data breach, Emerging Threats, Microsoft Security, Vulnerabilities /

Analyzing Salt Typhoon: Telecom Attacker 2024-12-12 at 23:34 By Unveiling Salt Typhoon: A New Wave in Cyber EspionageDiscover how this advanced Chinese-speaking threat actor targets telecom giants, using sophisticated tools like SparrowDoor and Demodex to breach and exfiltrate sensitive data. The Who, What, and Why of Salt Typhoon’s AttacksGain insights into Salt Typhoon’s history, tactics,

React to this headline:

Loading spinner

Analyzing Salt Typhoon: Telecom Attacker Read More »

‘Tis the Season for Artificial Intelligence-Generated Fraud Messages

Artificial Intelligence, email security, Emerging Threats, Vulnerabilities /

‘Tis the Season for Artificial Intelligence-Generated Fraud Messages 2024-12-10 at 16:19 By The FBI issued an advisory on December 3rd warning the public of how threat actors use generative AI to more quickly and efficiently create messaging to defraud their victims, echoing earlier warnings issued by Trustwave SpiderLabs. This article is an excerpt from Trustwave Blog

React to this headline:

Loading spinner

‘Tis the Season for Artificial Intelligence-Generated Fraud Messages Read More »

When User Input Lines Are Blurred: Indirect Prompt Injection Attack Vulnerabilities in AI LLMs

Artificial Intelligence, Emerging Threats, Vulnerabilities /

When User Input Lines Are Blurred: Indirect Prompt Injection Attack Vulnerabilities in AI LLMs 2024-12-10 at 16:19 By Tom Neaves It was a cold and wet Thursday morning, sometime in early 2006. There I was sitting at the very top back row of an awe-inspiring lecture theatre inside Royal Holloway’s Founder’s Building in Egham, Surrey (UK) while

React to this headline:

Loading spinner

When User Input Lines Are Blurred: Indirect Prompt Injection Attack Vulnerabilities in AI LLMs Read More »

CVE-2024-11477: 7-Zip Flaw Allows Remote Code Execution

Emerging Threats, News, Security Research, Vulnerabilities /

CVE-2024-11477: 7-Zip Flaw Allows Remote Code Execution 2024-11-27 at 18:50 By Pauline Bolaños On November 20th, 2024, Zero Day Initiative (ZDI) researchers disclosed a critical flaw in 7-Zip. This article is an excerpt from SpiderLabs Blog View Original Source React to this headline:

React to this headline:

Loading spinner

CVE-2024-11477: 7-Zip Flaw Allows Remote Code Execution Read More »

Why a Zero Trust Architecture Must Include Database Security

data breach, Database Protection, Vulnerabilities /

Why a Zero Trust Architecture Must Include Database Security 2024-11-27 at 16:03 By Whether the means of a cyber-attack are phishing, ransomware, advanced persistent threat, malware, or some combination, the target is ultimately the same: your data. This article is an excerpt from Trustwave Blog View Original Source React to this headline:

React to this headline:

Loading spinner

Why a Zero Trust Architecture Must Include Database Security Read More »

Rockstar 2FA Phishing-as-a-Service (PaaS): Noteworthy Email Campaigns

email security, Emerging Threats, Security Research, Vulnerabilities /

Rockstar 2FA Phishing-as-a-Service (PaaS): Noteworthy Email Campaigns 2024-11-27 at 16:03 By Diana Solomon and John Kevin Adriano Welcome to the second part of our investigation into the Rockstar kit, please check out part one here. This article is an excerpt from SpiderLabs Blog View Original Source React to this headline:

React to this headline:

Loading spinner

Rockstar 2FA Phishing-as-a-Service (PaaS): Noteworthy Email Campaigns Read More »

Rockstar 2FA: A Driving Force in Phishing-as-a-Service (PaaS)

Database Protection, email security, Emerging Threats, Security Research, Vulnerabilities /

Rockstar 2FA: A Driving Force in Phishing-as-a-Service (PaaS) 2024-11-26 at 18:33 By Diana Solomon and John Kevin Adriano Trustwave SpiderLabs has been actively monitoring the rise of Phishing-as-a-Service (PaaS) platforms, which are increasingly popular among threat actors. This article is an excerpt from SpiderLabs Blog View Original Source React to this headline:

React to this headline:

Loading spinner

Rockstar 2FA: A Driving Force in Phishing-as-a-Service (PaaS) Read More »

A House of Cards: Third-Party Risks Are Undermining Businesses Resilience Strategies

DFIR, Emerging Threats, Managed Detection and Response, Managed Security Services, Vulnerabilities /

A House of Cards: Third-Party Risks Are Undermining Businesses Resilience Strategies 2024-11-26 at 16:03 By Kory Daniels Resilience strategies are failing. Despite their known importance, why is it so difficult to implement them effectively? This article is an excerpt from Trustwave Blog View Original Source React to this headline:

React to this headline:

Loading spinner

A House of Cards: Third-Party Risks Are Undermining Businesses Resilience Strategies Read More »

CISA Releases Seven Critical ICS Advisories to Address Vulnerabilities in Industrial Control Systems

CISA, Vulnerabilities, vulnerability /

CISA Releases Seven Critical ICS Advisories to Address Vulnerabilities in Industrial Control Systems 2024-11-26 at 13:03 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) published seven detailed security advisories to address critical vulnerabilities in various Industrial Control Systems (ICS). These advisories cover a range of products, from web-based control servers to automated

React to this headline:

Loading spinner

CISA Releases Seven Critical ICS Advisories to Address Vulnerabilities in Industrial Control Systems Read More »

How Prices are Set on the Dark Web: Exploring the Economics of Cybercrime

Database Protection, Emerging Threats, Vulnerabilities /

How Prices are Set on the Dark Web: Exploring the Economics of Cybercrime 2024-11-25 at 16:03 By Finding the exact price of any product is now easier than ever. A quick check with your favorite online retailer will show that a GE Profile Dryer goes for $989, a 10-pack of Play-Doh can be had for

React to this headline:

Loading spinner

How Prices are Set on the Dark Web: Exploring the Economics of Cybercrime Read More »

Upping An Offensive Security Game Plan with Pen Testing as a Service

penetration testing, Vulnerabilities /

Upping An Offensive Security Game Plan with Pen Testing as a Service 2024-11-22 at 16:16 By Ed Williams While most security professionals recognize the value of penetration testing, they too often conduct pen tests only sporadically – maybe quarterly at best. Pen Testing as a Service (PTaaS) is a way to change that equation, enabling companies to conduct

React to this headline:

Loading spinner

Upping An Offensive Security Game Plan with Pen Testing as a Service Read More »

10 Tips to Help Holiday Shoppers to Stay Safe from Scams and Cyberattacks

data breach, email security, Managed Security Services, Tips & Tricks, Vulnerabilities /

10 Tips to Help Holiday Shoppers to Stay Safe from Scams and Cyberattacks 2024-11-20 at 19:03 By The holiday season is here, and with it comes the thrill of Black Friday deals and holiday shopping sprees. But it’s not just shoppers who are gearing up – cybercriminals are ready to take advantage of the holiday

React to this headline:

Loading spinner

10 Tips to Help Holiday Shoppers to Stay Safe from Scams and Cyberattacks Read More »

Managed Vulnerability Scanning: Key Findings and the Importance of Regular Patching

Database Protection, Threat Intelligence, Vulnerabilities /

Managed Vulnerability Scanning: Key Findings and the Importance of Regular Patching 2024-11-19 at 20:54 By There is no doubt about the value of conducting Managed Vulnerability Scanning. Trustwave has posted multiple blogs on the topic, (just check here, here, and here) for a look at how Trustwave approaches this very important cybersecurity procedure. This article is an excerpt

React to this headline:

Loading spinner

Managed Vulnerability Scanning: Key Findings and the Importance of Regular Patching Read More »

Top Database Security Tools for Enhanced Vulnerability Assessment and Compliance

Compliance, data breach, Database Protection, database security, Managed Security Services, Vulnerabilities /

Top Database Security Tools for Enhanced Vulnerability Assessment and Compliance 2024-11-14 at 22:03 By Let’s take a look at how traditional vulnerability assessment (VA) tools compare to those built specifically to assess database security. This article is an excerpt from Trustwave Blog View Original Source React to this headline:

React to this headline:

Loading spinner

Top Database Security Tools for Enhanced Vulnerability Assessment and Compliance Read More »

Lessons from a Honeypot with US Citizens’ Data

data breach, Database Protection, database security, Government, Security Research, Vulnerabilities /

Lessons from a Honeypot with US Citizens’ Data 2024-11-13 at 20:15 By Radoslaw Zdonczyk and Nikita Kazymirsky Prior to last week’s US Presidential Election, the Trustwave SpiderLabs team was hard at work investigating potential risks and threats to the election system, from disinformation campaigns to nation-state actors looking to exploit vulnerabilities. This article is an

React to this headline:

Loading spinner

Lessons from a Honeypot with US Citizens’ Data Read More »

IT Vulnerability Report: Exposed Fortinet Vulnerabilities Approach 1 Million

Vulnerabilities, vulnerability /

IT Vulnerability Report: Exposed Fortinet Vulnerabilities Approach 1 Million 2024-11-13 at 16:18 By Paul Shread Cyble Research and Intelligence Labs (CRIL) researchers investigated 18 vulnerabilities and 10 dark web exploits in the last week – including an actively exploited Fortinet vulnerability with nearly 1 million exposed assets on the internet. Other vulnerabilities analyzed by Cyble

React to this headline:

Loading spinner

IT Vulnerability Report: Exposed Fortinet Vulnerabilities Approach 1 Million Read More »

HPE Aruba Access Points have Critical Command Injection Vulnerabilities

Vulnerabilities, vulnerability /

HPE Aruba Access Points have Critical Command Injection Vulnerabilities 2024-11-12 at 15:49 By daksh sharma Overview Hewlett Packard Enterprise (HPE) Aruba Networking has identified multiple critical security vulnerabilities affecting its Access Points running Instant AOS-8 and AOS-10. The vulnerabilities, tracked under several CVEs including CVE-2024-42509 and CVE-2024-47460, could allow unauthenticated attackers to remotely execute commands

React to this headline:

Loading spinner

HPE Aruba Access Points have Critical Command Injection Vulnerabilities Read More »

Analyzing Play and LockBit: The Top Ransomware Threats Facing Retailers

data breach, Database Protection, Emerging Threats, Security Research, Threat Intelligence, Vulnerabilities /

Analyzing Play and LockBit: The Top Ransomware Threats Facing Retailers 2024-11-07 at 16:03 By This blog is the latest in a series that delves into the deep research conducted daily by the Trustwave SpiderLabs team on major threat actor groups currently operating globally. This article is an excerpt from Trustwave Blog View Original Source React

React to this headline:

Loading spinner

Analyzing Play and LockBit: The Top Ransomware Threats Facing Retailers Read More »

$500,000 HHS Fine Underscores the Need for Security and Compliance in Healthcare

Compliance, data breach, Database Protection, DFIR, Managed Detection and Response, Vulnerabilities /

$500,000 HHS Fine Underscores the Need for Security and Compliance in Healthcare 2024-11-01 at 15:02 By With the rise in cyberattacks and ransomware incidents, healthcare organizations face an increasing risk of data breaches that threaten patient privacy and HIPAA compliance. This article is an excerpt from Trustwave Blog View Original Source React to this headline:

React to this headline:

Loading spinner

$500,000 HHS Fine Underscores the Need for Security and Compliance in Healthcare Read More »

Scroll to Top