Attackers Switch to Self-Extracting Password-Protected Archives to Distribute Email Malware
October 20, 2022
In recent spam campaigns observed by Trustwave, attackers distributed ZIP or ISO archives disguised as invoices. Both file types can be opened natively on Windows without the use of additional applications.
7 Critical Steps to Defend the Healthcare Sector Against Cyber Threats
October 18, 2022
As attackers continue to target the healthcare sector, Trustwave SpiderLabs’ Ed Williams shares how the same level of preparation as medical emergencies is increasingly essential for cyber threats.
XSS Flaw in Prevalent Media Imaging Tool Exposes Trove of Patient Data
September 29, 2022
Trustwave’s research and intelligence team SpiderLabs published research about bugs in Canon Medical's Virea View that could allow cyberattackers to access several sources of sensitive patient data.
Cybersecurity Penetration Testing
September 29, 2022
In an interview with TechStrong’s Mike Vizard, SpiderLabs Senior Security Research Manager Karl Sigler explains how penetration testing is being used for both good and bad.
Cybersecurity Professional Shortage Less About Numbers and More About
September 07, 2022
Trustwave shares how organizations are falling short when it comes to skilled cybersecurity professionals; however, the reason may be less about the number of professionals in the industry and more about the number of professionals with the right level of skills and training.
Up to 35% More CVEs Published So Far This Year Compared to 2021
August 25, 2022
A new Trustwave report shows that significantly more CVEs will be published this year, and that some organizations are still vulnerable from older, unpatched CVEs.
The Number of CVEs Published This Year is on Track to Exceed 2021
August 25, 2022
Threat actors continuously scan the internet to gain the advantage of organizations with slow or outdated patching process. A new Trustwave report shares why having a proactive approach to identifying and patching vulnerabilities is incredibly important to having a good security posture.
Poor Healthcare Cybersecurity is a Thread to Public Health
August 23, 2022
Trustwave customer Children’s National Hospital shares how it’s improving its security posture in the growing threat environment with Trustwave. Breaches, hacks, and ransomware attacks are not only incredibly costly — they are ultimately a public health threat because they can compromise hospitals and healthcare workers’ abilities to provide care.
How Russia is Harnessing Cyber Warfare in its Conflict with Ukraine
August 19, 2022
A new report from Trustwave shows that Ukraine is fighting a battle with Russia in cyber space, as well as a physical war. Russia has been using 'cyber warfare' on Ukraine since the physical invasion started in late February.
Russian Use of Cyberweapons in Ukraine and the Growing Threat to the West
August 18, 2022
A study from Trustwave looks at the many Russian state cyberweapons subsequently unleashed against Ukraine. There is one common factor: they are all targeted specifically at and within Ukraine.
Thinking Holistically: Rethinking OT Security Strategy
August 17, 2022
Trustwave’s Cyber Advisory Practice Lead Darren Van Booven shares why OT security needs to be a primary concern and organizations must urgently re-evaluate their security strategy.
How Cybercriminals Sell Credit Card and VPN Data on the Dark Web
August 05, 2022
Stolen credit card data, VPN access credentials and other confidential info can be bought for as little as $8 on dark corners of the web. That’s according to researchers at SpiderLabs, the hacking and investigation team of cybersecurity company Trustwave, who conducted an extensive study into what cybercriminals charge for stolen data on the dark web.
A Ransomware Explosion Fosters Thriving Dark Web Ecosystem
August 05, 2022
Trustwave's SpiderLabs, which keeps tabs on prices for various products and services on the Dark Web, describes VPN credentials as the most expensive records in underground forums. According to Trustwave, prices for VPN access can go as high as $5,000 — and even higher — depending on the kind of organization and access it provides.
IPFS Sites Increasingly Used for Phishing Attack
August 01, 2022
Over 3,000 emails had phishing URLs using IPFS during the last 90 days, indicating the growing popularity of IPFS for phishing sites, a study from Trustwave revealed.
Four Smart Cybersecurity Investments for CISOs to Bridge the Talent Shortage
July 28, 2022
Trustwave CISO Kory Daniels shares the ways to be most effective at addressing the cybersecurity talent shortage by maximizing investments in talent, technologies, and services.
1000s of Phishing Attacks Blast Off from InterPlanetary File System
July 28, 2022
The distributed, peer-to-peer (P2P) InterPlanetary File System (IPFS) has become a hotbed of phishing-site storage: Thousands of emails containing phishing URLs utilizing IPFS are showing up in corporate inboxes. According to a report from Trustwave SpiderLabs, the company found more than 3,000 of these emails within its customer telemetry in the last three months.
The Decade in Vulnerabilities and Why They Persist
July 26, 2022
Trustwave’s research and intelligence team SpiderLabs published research on the most egregious network security flaws of the past decade - from 2011 to 2021.
Top 10 Cybersecurity Attacks of Last Decade Show What is to Come: Report
July 19, 2022
Overview: With a backdrop of the number of security incidents and vulnerabilities increasing in volume and sophistication, Trustwave shares the top 10 network vulnerabilities in no particular order that defined the decade and “won’t be forgotten.”
Malicious Messenger chatbots used to steal Facebook accounts
June 28, 2022
A new phishing attack is using Facebook Messenger chatbots to impersonate the company's support team and steal credentials used to manage Facebook pages.
Apparent hacktivism in Iran and Lithuanian. Bumblebee's rise to prominence. CISA adds to its Catalog. A look at DCRat.
June 28, 2022
A cyberattack has struck one of Iran’s major steel companies on Monday, forcing it to halt production, SecurityWeek reports. The attack struck the state-owned Khuzestan Steel Co. and two other major steel producers.
Facebook Business Pages Targeted via Chatbot in Data-Harvesting Campaign
June 28, 2022
A social-engineering campaign bent on stealing Facebook account credentials and victim phone numbers is targeting business pages via a savvy campaign that incorporates Facebook's Messenger chatbot feature.
New phishing technique lures users with fake chatbot
May 23, 2022
A new Trustwave report details phishing techniques cybercriminals use to trick users into providing their credit card data through fake chatbots. The phishing email appears to originate from DHL, stating there was a package delivery problem.
What We've Learned in the 12 Months Since the Colonial Pipeline Attack
May 06, 2022
Darren Van Booven, Lead Principal Consultant at Trustwave explains why the demand for operational technology security services demand has doubled since Colonial Pipeline as leaders call for security system audits and assessments, ransomware protection strategies, and detection and response capabilities for advanced threats, such as cybergangs.
The Danger to the Digital Supply Chain from Lapsus$ Doesn’t End with Lapsus$
March 25, 2022
Karl Sigler, Senior Security Research Manager, Trustwave SpiderLabs, shares his insights on how threats like the hacker gang Laspsus$ could continue to pose a big risk to organizations.
Watch Out For This Chameleon Phishing Scheme
March 25, 2022
Trustwave SpiderLabs encountered a phishing scheme that tricks victims into giving away their email credentials. The scheme acts like a chameleon by changing and blending its color based on its environment.
New Vidar Infostealer Campaign Hidden in Help File
March 24, 2022
Researchers at Trustwave SpiderLabs discovered an email malware campaign that demonstrates the complexity attackers are introducing to the delivery mechanism in order to avoid detection. The new campaign delivers an old but frequently updated infostealer: Vidar
Microsoft Help Files Disguise Vidar Malware
March 24, 2022
Cyber attackers are hiding malware in places you may not look. The new phishing attack, revealed by Trustwave SpiderLabs, is designed to plant Vidar infostealer on target machines. Trustwave reported that there was a notable uptick in this strategy dating back to 2019.
Vidar spyware is now hidden in Microsoft Help files
March 24, 2022
Cybersecurity researches at Trustwave SpiderLabs discovered the spyware, which is concealed in Microsoft Compiled HTML Help (CHM) files to avoid detection in email spam campaigns
Five Key Steps for Database Security in the Cloud Age
March 24, 2022
Mark Trinidad, Senior Manager of Database Security at Trustwave, covers the steps to mitigating security risks in complex cloud environments and leads discussion on how are organizations shifting to more data-centric security approaches that protect valuable data no matter where it is.
White House Turns Heads With Critical Infrastructure Hack Warning
March 22, 2022
As President Biden and the White House warned of potential Russian cyberattacks on U.S. critical infrastructure, Bill Rucker, president of cybersecurity services firm Trustwave Government Solutions, says the alert from the White House is not surprising. “The data [from the White House] wasn’t very detailed, but obviously there’s a credible threat about preparatory activity that they’ve seen,” Rucker said.