Showing 23 results for: Global Security Report ×

Trustwave 2015 Global Security Report Available Now

Today, we reveal our Trustwave 2015 Global Security Report. We've spent months analyzing hundreds of our data breach investigations over the past year, and culling threat intelligence from our industry-leading security research and data collected from technology managed by our...

2014 Trustwave Global Security Report Available Now

Today we released our annual 2014 Trustwave Global Security Report, an analysis of compromise and threat statistics that we gathered from 691 data breach investigations conducted across the world, telemetry pulled from our deployed technologies and our 24/7 global security...

Corporate Passwords Part 1

With the vast amount of research and content that was done by SpiderLabs for the Global Security Report, it made it impractical to include all of the content that was written for this year's password study. But instead of letting...

Analysis of Malicious Document Files Spammed by Cutwail

In our Global Security Report, we highlighted a zero day vulnerability in the Windows Common Controls affecting Microsoft Office (CVE-2012-0158). This was reportedly being used for targeted attacked against NGOs and human rights activist. Over the past week, the Cutwail...

New Year, New Data, Same Mistakes: Passwords

Like a late-arriving christmas, one of the gifts of the new year is the release of SpiderLabs' annual white paper, the Global Security Report. As a supplement to this year's report, we're going to share some highlights of the corporate...

Choppy Regulatory Waters ahead for EU SMEs?

There's been a reasonable amount of coverage of the (proposed) data protection legal framework changes for the European Union, which the European Commission summarizes [1] as: The legal framework consists of two legislative proposals: A proposal for a Regulation of...

Hey, I just met you, and this is crazy, but here's my hashes, so hack me maybe?

Those familiar with password cracking know that KoreLogic's rule set for John the Ripper has become the de facto standard for password cracking.However, as with anything technology related, the rules are slightly starting to show their age, specifically with rules designed to take into account years. So, I decided to take on the task of making a few modifications to the rule set, this includes updating them to take into account the current and prior year, but also reworking some of the rules to eliminate some redundancy.

Exploiting Users By Non-technical Means; or, "S*** Users Do"

Numerous technical articles emerge each day about the latest vulnerabilities, flaws, exploits, and whatnot. That's great and all (who hasn't simultaneously groaned and cheered when they find an MS08-067 exploitable machine on a pentest, 4+ years after the vulnerability was...

Five E-Commerce Security Myths (Part 1)

Compromises of e-commerce websites are increasingly common. In our 2012 Global Security Report we reported that 20% of our incident response investigations related to e-commerce sites. This was up from 9% the year before. In my part of the world...

Five E-Commerce Security Myths (Part 2)

In part 1 of this series I gave an introduction into how most merchants accept payments and how most bad guys steal this data. In this post, I'm going to delve into the misconceptions about e-commerce security that we hear...

Update from Trustwave SpiderLabs EMEA, London

It was a hectic week in London. In case you hadn't heard its was InfoSec europe week, but we were also busy with the SC Awards dinner (where PenTest Manager won the innovation award), Bsides London, 44 café, speaking at...

#TWContest: The correct data aggregation technique is...

On Tuesday we posted our fifth question of the Trustwave 2012 Global Security Report Twitter Contest. The question was… "Jeopardy Style: This data aggregation attack technique obtains data while it is being processed or access by a system or application....

#TWContest: The top "origin" of attack is...

On Monday we posted our fourth question of the Trustwave 2012 Global Security Report Twitter Contest. The question was… "What was the top "origin" of attack as seen through Trustwave SpiderLabs investigations in 2011?" The answer is... "Unknown" or "Unknown...

#TWContest: The 7th most popular password is...

On Friday we posted our third question of the Trustwave 2012 Global Security Report Twitter Contest. The question was… "What was the 7th most popular password found during a Business Password Analysis of over 2M hashes by Trustwave SpiderLabs?" The...