In the wake of the Russia-Ukraine conflict, Chicago cybersecurity experts at Trustwave have raised awareness of phishing emails pretending to raise money for displaced people in Ukraine. Kory Daniels, Chief Information Security Officer at Trustwave, says “If you look at the maximum upside of damage, yeah, so it opens up a lot of different variables in terms of what they do. You know, leveraging this messaging of preying upon individuals' empathy and support of what we see for fundraising in Ukraine.”
Chameleon phishing attack brings bad karma to email users
New research by Trustwave SpiderLabs has uncovered a phishing attack that is able to adapt itself to the user's email service in order to trick them into revealing their login credentials
FBI: BlackByte ransomware breached US critical infrastructure
Following the BlackByte attack on the San Francisco 49ers, it was reported that data from the football organizations servers was stolen and almost 300MB worth of files were leaked. Trustwave created and released a free BlackByte decryptor that enables victims to restore their files after the ransomware gang used the same decryption/encryption key in multiple attacks.
Researchers find new way to neutralize side-channel memory attacks
When it comes to side-channel memory attacks, ""these kinds of attacks are very uncommon,"" says Karl Sigler, manager of SpiderLabs Threat Intelligence at Trustwave. Sigler reports there haven’t been records of public exploitation of these types of vulnerabilities.
Hacktivists Stoke Pandemonium Amid Russia’s War in Ukraine
Stemming from Trustwave’s Dark Web Insights blog, security researchers at SpideLabs released findings on a pro-Russia entity (JokerDNR) that has been posting blogs to embarrass Ukrainian officials, claiming to dox government workers and military members.
Hacker Recruitment Campaigns
In a Dark Web Insights report from Trustwave SpiderLabs, Ukraine and Russia have been using different strategies to recruit hackers to work for them. Trustwave noted that people advocating for Russia have appeared to be lone operatives and those for Ukraine have utilized Facebook and other large social media platforms.
Russia Releases List of IPs Domains Attacking Its Infrastructure with DDoS Attacks
Russian government released thousands of IP addresses and domains behind a series of DDoS attacks aimed at Ukraine’s domestic infrastructure. Trustwave SpiderLabs researchers stated “lone-wolf and organized threats actors who possess the proper cyber skills may directly attack their nation's enemy or recruit others to join in a coordinated attack”
The Art of Non-boring Cybersec Training–Podcast
Darren Van Booven, Lead Principal Consultant at Trustwave visited the Threatpost podcast with Lisa Vaas to talk about how the right cybersecurity awareness program should be conducted at the right pace by well-informed instructors.
FBI warns BlackByte ransomware is targeting US critical infrastructure
As the BlackByte ransomware gang has made a comeback, three U.S. critical infrastructure sectors were targeted, according to the FBI. As the gang hit a rough patch, Trustwave helped BlackByte victims recover their files by releasing a free decryption tool.
Hacking group is on a tear hitting US critical infrastructure and SF 49ers
Servers belonging to the San Francisco 49ers were hacked from BlackByte a few days after the FBI warned of critical infrastructure being compromised in the US. BlackByte’s early ransomware had a flaw the allowed Trustwave to release a free decryptor tool to recover data
Cybercriminals Hunt For Medical Data. Zero Trust As The Only Good Option To Keep The Healthcare System Secure
Healthcare institutions are becoming the main vector of cybercriminal attacks as medical data is extremely attractive and intruders know very well how to cash them. Trustwave’s 2019 Trustwave Global Security Report reveals medical data may cost up to $250 per record on the black market, while stolen payment card data is sold for $5.40. The best place to defend attacks are from the most crowded areas such as employees of clinics or hospitals.
Data Privacy: Experts Share How Far We’ve Come and How Far We Have to Go - Part 4
Luke Kenny, Lead Security Principal at Trustwave, covers the essence of data privacy and how it’s not solely based on day-to-day protection and compliance.
Flaw in Polkit's pkexec Puts Linux Users at Risk
Reegun Jayapaul, Lead Threat Architect at Trustwave SpiderLabs, provides pertinent information and a threat hunting guide for the security community during the PwnKit vulnerability.
Microsoft patches Outlook URL formatting bypass
Microsoft has patched an Outlook vulnerability discovered by Trustwave SpiderLabs researcher Reegun Richard Jayapaul. The vulnerability and associated bypass allowed malicious emails to get through to Microsoft Outlook users.
Outlook Security Feature Bypass Allowed Sending Malicious Links
Trustwave SpiderLabs researcher Reegun Richard Jayapaul has discovered a new technique to completely bypass a security feature of Microsoft Outlook and deliver a malicious link to the recipient.
Experts Urge Firms to Patch Trivial-to-Exploit Flaw in Linux PolicyKit
Karl Sigler, Senior Security Research Manager, Trustwave, shares his insights on the widespread PwnKit vulnerability affecting Linux distributions.
Best Practices for Manufacturers During the Cybersecurity Era
Darren Van Booven, Lead Principal Consultant at Trustwave, discusses the proper security fundamentals and best practices for the manufacturing industry to take on during a time of heightened attacks.
REvil gang member arrests strike fear among cybercriminals on the Dark Web
Through Dark Web forums, Trustwave has uncovered conversation between cybercriminals reacting to the FSB arrests revealing that cybercriminals seem worried about being arrested, while those in Russia are concerned that their home country is no longer a safe haven.
After ransomware arrests some dark web criminals are getting worried
According to analysis of chatter on Dark Web forums by cybersecurity researches at Trustwave SpiderLabs, the recent arrests, particularly those by Russia, appear to have scared cyber criminals, some of whom appear to be worried that they might be next.
Russia Takes Down REvil Ransomware Operation Arrests Key Members
Russia has taken down REvil ransomware members at the request of the United States government. Chatter on the forums that Trustwave monitored showed a level of apprehension from Russian threat actors about law enforcement in the country tracking them down.
Trustwave releases tool to aid financial institutions with resurgent QakBot malware
Within the past year, Qakbot malware has made an aggressive return as Karl Sigler, Trustwave SpiderLabs senior security research manager points out, Qakbot is the Swiss Army Knife of financial malware. Trustwave SpiderLabs released a new decryption tool in efforts to aid financial services institutions and root out Qakbot Trojan.
FIN7 Mails Malicious USB Sticks to Drop Ransomware
As malicious USB drives are circulating from ransomware gangs, the FBI points fingers towards FIN7. Karl Sigler, Trustwave SpiderLabs senior security research manager, says ongoing security-awareness training “should include this type of attack and warn against connecting any strange device to your computer.”
Taking a Data-Centric Security Approach to Accommodate Cloud Misconfigurations
Experts at Trustwave outline a data-centric security approach to reducing cloud misconfigurations and protecting organizations.
Why the Zero-Trust Journey Requires Strong Database Security
As the threat landscape continues to evolve, the government is finalizing zero-trust adoption guidance adhering to the cybersecurity executive order to advance toward zero trust architecture. Bill Rucker, President of Trustwave Government Solutions, highlights the zero-trust journey and the need for strong database security.
Security implications in 2022 of the exponential increase in ransomware
Ed Williams, EMEA Director of Trustwave SpiderLabs discusses the security implications in 2022 of the exponential increase in ransomware.
Predictions for 2022 by cybersecurity vendors
This time of year, CISOs want to have an understanding of what’s to come. Ziv Mador, vice-president of security research at Trustwave SpiderLabs, predicts “the advent and increasing frequency of attacks that use a ransomware-as-a-service (RaaS) offering indicate that such attacks will not slack off during the coming year.”
Do these four things for a cybersafe summer holiday break this year
Trustwave GM of Pacific Jason Whyte outlines the top cybersecurity tips for keeping things safe at the office during Australia/New Zealand’s long holiday break.
What you should do after a ransomware rampage
As the saying goes, hope for the best and plan for the worst. In the aftermath of a ransomware attack, it’s easy to get caught up in the immediate challenge of getting the business beck on its feet. However, response plans need to include long term actions to mitigate the risk of a delayed or repeat attack.
What to Do While Waiting for the Log4J Updates
Researchers are warning that attackers are actively exploiting the newly publicized unauthenticated remote code execution vulnerability in Log4j, the Java-based logging tool from Apache. Karl Sigler, Senior Security Research Manager, Trustwave SpiderLabs comments: “Any java application using the affected log4j versions and accessible over the network can be exploited, and many of those applications are likely third-party and out of the user's hands administratively.”
The Log4j vulnerability is bad. Here’s the good news
A vulnerability has been discovered in Log4j, an open-source Apache logging library. The threat from this vulnerability can enable attackers to access and control devices remotely. Karl Sigler, senior security research manager at Trustwave SpiderLabs explains, “Since this vulnerability is a component of dozens if not hundreds of software packages, it could be hiding anywhere in an organization’s network, especially enterprises with massive environments and systems.”