Loading...

Celebrating 25 Years

November 2020 marks a special month for Trustwave as we celebrate our 25th anniversary. Since our journey began, we have become a global leader in threat detection and response.

Growth and Success Through Focus

From modest beginnings to two thousand security-minded employees, multiple security operation centers and locations around the globe, Trustwave was built around a single focus - fighting cybercrime. Today we help protect the world’s largest organizations across all major industries 365 days a year.

Example Section Title

November 11, 2020

25 Years of Threats: How Cybersecurity Has Evolved Since 1995

To celebrate the 25th anniversary of Trustwave, we wanted to look back at how our profession has changed – specifically in regard to the evolution of threats, attacks and scams. As the leader of the renowned Trustwave SpiderLabs global security research team, Ziv Mador was the perfect person to interview for this topic.

November 03, 2020

Discussing US Election Security with Ziv Mador

The Trustwave SpiderLabs teams recently announced the discovery of massive databases containing information on almost all United States voters and consumers for sale on cybercriminal forums. To learn more, we interviewed Ziv Mador, Vice President of Security Research for Trustwave SpiderLabs.

November 02, 2020

Trustwave Celebrates 25 Years of Cybersecurity Leadership

November 2020 marks a special month for Trustwave as we celebrate our 25th anniversary. Read more about our journey from our founding in 1995 as a small PCI consultancy to our transformation into a global cybersecurity giant and recognized leader in managed security services.

Trustwave Through the Years

Follow this timeline to discover key company milestones, big moments in cybersecurity history and major finds by Trustwave SpiderLabs that have helped shape and strengthen the global security community.

2020

Trustwave Discovers GoldenSpy, Advanced Malware Hidden in Mandatory Tax Software

Trustwave SpiderLabs has discovered a new malware family, dubbed GoldenSpy, embedded in tax payment software that a Chinese bank requires corporations to install to conduct business operations in China.

Massive U.S. Voter Database Discovered for Sale Heading into the Elections

Voting in the U.S. elections started recently and there is a real concern over interference and disinformation campaigns that might impact their outcome. During investigations around the elections, the Trustwave SpiderLabs team discovered massive databases with detailed information about U.S. voters and consumers offered for sale on several hacker forums.

2019

Trustwave Fusion Platform Redefines Cloud-Based Cybersecurity

Facebook Data Leak Exposes 540 Million Records of its Users

Innovative Sextortion Scams Uncovered

Another round of sextortion scam emails with a pdf attachment were pushed out recently claiming to be from the Central Intelligence Agency (CIA). What's new in this batch of spams is that this is the first time we have seen the scammers use an online web platform in collecting the ransom.

2018

Trustwave SpiderLabs Fusion Center Opens

The California Consumer Privacy Act (CCPA) Signed Into Law

Trustwave Discovers the Make-A-Wish Foundation Got Cryptojacked

After coming back from a vacation, the first thing to do is catch up with what happened while you were gone. That is what I did earlier this week, going over the telemetry of the detections we had while I was away. At first, I didn't see anything out of the ordinary, loads of CoinHive and other Cryptojacking malware hits, which is a pretty common sight these days. Then I noticed one specific CoinImp detection on a ".org" domain.

Hacking Online Coupons

We all shop online. How many times, just before placing an online order, have you noticed the Coupon Code option and wondered – Could I get it cheaper if I had a coupon code? Most of us will drop the order to go and look for an available coupon code. Some will skip this thought and continue with the purchase, feeling a bit gullible. A hacker, on the other hand, will probably have other ideas in mind...

2017

Chicago's Mayor Helps Trustwave Open New Headquarters

WannaCry and NotPetya Ransomware Affects Computer Systems Across the Globe Impacting Operations and Costing Hundreds of Millions of Dollars in Damages

Operation Grand Mars: Critical Research on the Notorious Carbanak Gang

The Trustwave SpiderLabs team has been actively tracking a malicious campaign conducted by the well-known Carbanak Cybercrime group for the latter part of 2016 and into 2017. Carbanak is one of the most prolific organized Russian cybercrime groups and is responsible for the theft of billions of dollars from legitimate economies to the criminal underground.

Windows Zero-Day Discovered for Sale on the Dark Web by Trustwave Researchers

Over the years we've seen practically exponential growth in the underground economy. Criminals are organizing their efforts online on a scale we haven't seen before. Capitalizing on the anonymity of private forums, cryptocurrency and anonymous networks, cybercriminals have evolved their techniques and tactics tremendously.

Understanding and Discovering Open Redirect Vulnerabilities

One of the most common and largely overlooked vulnerabilities by web developers is Open Redirect (also known as "Unvalidated Redirects and Forwards"). A website is vulnerable to Open Redirect when parameter values (the portion of URL after "?") in an HTTP GET request allow for information that will redirect a user to a new website without any validation of the target of redirect.

2016

Trustwave Expands in Australia and Japan

The General Data Protection Regulation (GDPR) is Adopted by the European Union

Malicious Advertising Campaigns Target High Profile Websites

We have just discovered an advertising campaign that has been placing malicious advertisements on very popular websites both in the US and internationally.

Windows Zero-Day Discovered for Sale on the Dark Web by Trustwave Researchers

Over the years we've seen practically exponential growth in the underground economy. Criminals are organizing their efforts online on a scale we haven't seen before. Capitalizing on the anonymity of private forums, cryptocurrency and anonymous networks, cybercriminals have evolved their techniques and tactics tremendously.

CEO Fraud Scams and How to Deal With Them at the Email Gateway

Email scams known as "CEO Fraud" are very common right now. They are a type of "Business Email Compromise" (BEC). There have been numerous recent cases reported in the media, and we too, are seeing many reports by our customers.

2015

Trustwave Acquired By Singtel

Experian Data Breach Compromises Sensitive Data of Around 15 Million People

Changes in Oracle Database 12c Password Hashes

Oracle has made improvements to user password hashes within Oracle Database 12c. By using a PBKDF2-based SHA512 hashing algorithm, instead of simple SHA1 hash, password hashing is more secure. With this post, I'll explain some of the changes and their security implications.

HOW TO: Setting up Encrypted Communications Channels in Oracle Database

In this article, I will explain how to set up an encrypted communications channel in Oracle Database. This is the third in a series of blog posts I've published about encryption as it relates to databases.

2014

TrustKeeper Achieves 3 Million Enrollees

Sony Gets Hacked by the Guardians of Peace Who Stole 100 TB of Data

Trustwave Discovers Sophisticated POS Malware Dubbing it Cherry Picker

For the last five years Trustwave has been monitoring a threat across a number of forensic cases that we have dubbed "Cherry Picker". This targeted Point of Sale (PoS) memory scraper has enjoyed a very low detection rate in the wild for quite some time.

2013

Managed Security Testing Services Launched

Edward Snowden Leaks Classified NSA Documents Uncovering Numerous Global Surveillance Programs

2 Million Stolen Passwords Discovered

Trustwave security researchers uncovered a criminally controlled web server that contains nearly two million stolen account usernames and passwords for many popular sites, including Facebook, Twitter, LinkedIn, Google and Yahoo.

Hiding Webshell Backdoor Code in Image Files

Web attackers have have been using a method of stashing pieces of their PHP backdoor exploit code within the meta-data headers of these image files to evade detections. This is not a completely new tactic however it is not as well known by the defensive community so we want to raise awareness.

Sqlmap Tricks for Advanced SQL Injection

Sqlmap is an awesome tool that automates SQL Injection discovery and exploitation processes. I normally use it for exploitation only because I prefer manual detection in order to avoid stressing the web server or being blocked by IPS/WAF devices.

2012

Trustwave Files for 50th Technology Patent

Shamoon, a Modular Computer Virus was Used to Cripple Saudi Aramco, One of the World's Most Valuable Companies

Trustwave Discovers Large Theft Campaign Targeting Online Banking

An attack from one of the most sophisticated cybercrime groups. We will investigate every layer of the cyber-attack from infecting innocent users with bots to collecting their money into the cyber-gang hands. In this blog we will provide an overview of the attack and describe the spreading technique of the bot.

My 5 Top Ways to Escalate Privileges

During a penetration test, rarely will the tester get access to a system with the administrator privileges in the first attempt. You are almost always required to use privilege escalation techniques to achieve the penetration test goals. Several people have extensively discussed this topic, instead I decided to mention my top 5 favorite ways for accomplishing privilege escalation in the most practical ways possible.

2011

Trustwave Opens Denver Security Operation Center

Sony Playstation Network Breach Resulted in Personal Data Exposure of 77 Million Accounts and a Service Outage Lasting 23 Days

2010

Trustwave Expands to Waterloo, Canada

Stuxnet, a Highly Sophisticated Worm, Destroyed Centrifuges Belonging to Iran's Nuclear Facilities

2009

Trustwave Expands to Warsaw, Poland

2008

First Trustwave Global Security Report is Published

2006

First Asia Pacific Office Opened in Sydney

2005

Trustwave SpiderLabs Founded

2002

Trustwave Launches Legacy TrustKeeper Platform

1995

Trustwave Founded