4 Reasons the Vulnerability Disclosure Process Stalls
May 24, 2017
The relationship between a manufacturer or vendor and security researchers can be filled with tension and unease, and it's most often put to the test during the vulnerability disclosure process. Although their intentions are pure, researchers often feel they are being shut out of the process, while vendors may see disclosure deadlines as a threat from researchers looking to produce headlines.
Trustwave signs up e92plus for push into security channel
May 24, 2017
Trustwave looks to put more business through the channel as it broadens out from traditional compliance business
Security Issues Place More Pressure on IT Pros
May 23, 2017
As organizations wade deeper into digital technology, the pressure grows on IT and security professionals to keep systems up and running. What's more, as budgets shrink and the time required to manage and maintain security systems swells, the stress levels keep rising. A recent report from Trustwave, ""2017 Security Pressures Report,"" offers some perspective on how organizations are addressing these issues, and how IT and security teams are faring.
Security experts find clues to ransomware worm's lingering risks
May 18, 2017
FRANKFURT (Reuters) - Two-thirds of those caught up in the past week's global ransomware attack were running Microsoft's Windows 7 operating system without the latest security updates, a survey for Reuters by security ratings firm BitSight found.
Security experts find clues to ransomware worm's lingering risks(1)
May 18, 2017
Two-thirds of those caught up in the past week's global ransomware attack were running Microsoft's Windows 7 operating system without the latest security updates, a survey for Reuters by security ratings firm BitSight found.
Outsourcing security: Would You Turn Over the Keys to a Third Party?
May 17, 2017
Tom Bain, vice president of marketing at CounterTack, believes organizations want to ""collapse the stack"" and move to fewer providers and platform offerings. They want less agents and ultimately not as many providers under the hood. “Taking technologies into a managed deployment gives an enormous advantage to MSSPs who can remove the burden from operators, monitoring and responding to threats on their behalf,” he said.
Trustwave adds space and employees at new Loop HQ
May 16, 2017
In the past year, Trustwave has hired 160 people in Chicago, increasing headcount here about 30 percent to more than 500 people. Worldwide, Trustwave is up to 1,650 employees. It's a workforce heavy on engineering talent. McCullen doesn't expect the growth to slow down. The company has 50 open positions in Chicago. There isn't enough talent anywhere in tech, but the challenge is particularly steep in cybersecurity. ""We need really skilled people,"" he said. ""Even our customers can't find them.""
Secure IT: Profile of a White Hat hacker
May 05, 2017
Ever wondered who these ‘hush-hush’ people are that help to keep our networks safe? Here we talk to Lawrence Munro, director of SpiderLabs EMEA for Trustwave, about the role of the ‘White Hat hacker’.
This elite cybercrime group is wreaking havoc on the U.S. restaurant industry
May 03, 2017
A sophisticated hacking group with suspected ties to cybercrime gangs operating in Eastern Europe is now actively targeting and breaching prominent brand-name restaurants in the U.S.
Tech-Savvy Innovative Hotels Are More Vulnerable to Data Breaches
May 03, 2017
The race to become the most innovated and tech-savvy hotel is on. Hotels have increasingly begun working with technology companies to offer more innovative and enhanced guest experiences. Guests at many hotels can now bypass the need to go to the front desk by using their mobile devices to select a room, check-in, receive texts when their room is ready, and even unlock the door to their room. Guests can also customize their stay by requesting items, ordering room service, planning activities, or purchasing upgrades. Everything a guest may want is only a few clicks or taps away, and soon, the data collected by these programs will allow hotel operators to anticipate guests’ requests and needs.
Carbanak Hackers Refine Intrusion Tactics
May 03, 2017
The Carbanak group, also known as Anunak, was exposed in 2015 after it managed to steal an estimated $1 billion from more than 100 banks across 30 countries. In early 2016, the group continued to target banks, mainly in the Middle East and U.S.
Behold the spear phish that just might be good enough to hook you
May 02, 2017
To understand why Carbanak is one of the Internet's most skilled and successful criminal groups, consider the recent spear-phishing campaign it used to infect computers in the hospitality and restaurant industries with malware that steals banking credentials.
What to look for when evaluating an Incident Response Services Provider
May 02, 2017
With Australia’s mandatory data breach notification laws set to take effect by 23 February 2018, protecting sensitive information and data privacy has moved up the burgeoning list of an organisation’s IT security priorities.
Pressure is on Australian CSOs as cybersecurity breaches are found to be near-ubiquitous
April 20, 2017
The risk of cybersecurity compromise has become ubiquitous across business and government sectors, with new figures suggesting that nine out of every 10 Australian organisations dealt with an attempted or successful cybersecurity breach during fiscal 2015-16 – and that 58 percent had been successfully compromised.
IT Professionals Feel Security Pressure From Cloud Others’ Breaches
April 14, 2017
IT Professionals Feel Security Pressure From Cloud, Others’ Breaches
Security Professionals Feel More Pressure to Deliver Cybersecurity
April 13, 2017
According to Trustwave’s 2017 Security Pressures Report, the answer is yes, a shift is happening, especially in who is putting the pressure on staff for improving cybersecurity efforts. Security is becoming more personal, the report said, with 24 percent of respondents citing pressure exerted by oneself to deal with cybersecurity, which is up 13 percent over last year’s report. Nearly half of the respondents did admit that they feel the pressure from executives and boards of directors, but that number is down 13 percent from last year.
Software often launched without security checks survey finds
April 13, 2017
Cybersecurity company Trustwave, which has its Canadian headquarters in Waterloo, released the results of its fourth annual Security Pressures Report on Wednesday. The survey is based on interviews with 1,600 IT and cybersecurity professionals around the world.
Tech workers are routinely pressured to roll out products that aren’t secure report says
April 12, 2017
The majority of tech professionals are pressured to roll out projects before they’ve undergone necessary security audits and hardening, according to a new security pressures survey from the security firm Trustwave.
InfoSec pros feel less external pressure take security more personally
April 12, 2017
Security professionals are feeling less pressure from management, less pressure to approve IT projects early, and are less worried about emerging technologies, according to a report released this morning. But they are also putting more pressures on themselves.
The Evolving Role of the Managed Security Service Providers
April 04, 2017
This issue includes: Identity and access management strategy: Time to modernize? Strong authentication methods: Are you behind the curve? Start redrawing your identity and access management roadmap
How to respond to device and software backdoors inserted or left by Vendors
March 28, 2017
It’s bad enough when black hat hackers insert malicious backdoors into systems and software after vendors/makers have sold these into the marketplace. It is another matter when the vendors who create these devices and programs unwittingly or purposely leave backdoors inside their products.
Shut The Backdoor! More IoT Cybersecurity Problems
March 22, 2017
We all know that what we mean by hacker around here and what the world at large thinks of as a hacker are often two different things. But as our systems get more and more connected to each other and the public Internet, you can’t afford to ignore the other hackers — the black-hats and the criminals. Even if you think your data isn’t valuable, sometimes your computing resources are, as evidenced by the recent attack launched from unprotected cameras connected to the Internet.
Chinese IoT devices containing a hidden backdoor – Trustwave
March 03, 2017
The built-in backdoor discovered by Trustwave in IoT devices enables access by the manufacturer and leaves the devices open to exploitation by others, which despite Trustwave following the responsible disclosure process, has repeatedly been left exposed by the vendor.
We found a hidden backdoor in Chinese Internet of Things devices – researchers
March 02, 2017
IoT devices from a Chinese vendor contain a weird backdoor that the vendor is refusing to fix, we're told. The vulnerability was discovered in almost all devices produced by VoIP specialist dbltek, and appears to have been purposely built in as a debugging aid, according to researchers at TrustWave. The infosec biz says that it followed a responsible disclosure process, but claims the manufacturer responded only with modifications to its firmware that leave access open
The rise of the chief digital officer and six other takeaways from RSA 2017
February 24, 2017
The cybersecurity industry wrestles with why the Internet isn’t safer after $75 billion in annual spending and how to handle ransomware at one of its marquee annual events.
I-Team Investigation on Phishing (features Trustwave's Shawn Kanady)
February 23, 2017
Millions use Amazon to shop, and many are used to receiving emails from the company. But the ABC 7 I-Team investigated emails that look like they could be from Amazon but are not.
Disclosure floodgates set to open as Australian breach notification passes Parliament after years of waiting
February 15, 2017
It took years of discussion and several revisions, but experts believe the long-awaited passage of Australia’s breach notification legislation will kick off a new era of transparency that will rapidly improve understanding of the country’s real cybersecurity threat climate. The enabling legislation – contained within the Privacy Amendment (Notifiable Data Breaches) Bill 2016 – passed both houses of Parliament after a series of readings since it was first formally introduced to Parliament last October. But the process of authoring, revising and discussing the legislation stretches back several years, with one security executive after another warning that continued inaction was hobbling Australia’s ability to improve its overall cybersecurity posture.
Trustwave introduces proactive threat hunting service
February 15, 2017
Trustwave announced at RSA Conference 2017 new and enhanced managed security and professional services designed to help short-circuit an attacker’s activities by detecting cybersecurity threats much earlier and shutting them down before real damage is done.
Incident Response and the role of Penetration Testing
February 14, 2017
Rapid7 and Trustwave in their articles will explain how crucial the connection between Incident Response and Penetration Testing is, while Kroll will show you practical examples of attack response. We hope you will enjoy these contributions , prepared for you by world-wide corporations.
He’s a super-sleuth on your side at Trustwave’s SpiderLabs
February 06, 2017
Trustwave does everything I can think of for security. The team that I’m a part of is the incident response team, and we’re within a bigger team called SpiderLabs. I tell my kids, “I work at SpiderLabs and I fight cybercrime, the bad guys.” And they absolutely love it.