Three Years of Cyber Warfare: How Digital Attacks Have Shaped the Russia-Ukraine War 俄乌战争进入第三个年头，网络战成为重要战场。俄罗斯和乌克兰及其支持者通过网络攻击破坏对方关键基础设施、窃取数据并传播宣传。涉及的威胁组织包括APT44、Turla和Core Werewolf等，使用恶意软件如WhiteCat Log Cleaner和AcidPour，并利用零日漏洞进行攻击。... 2025-2-20 21:52:41 | 阅读: 17 | 收藏 | SpiderLabs Blog - www.trustwave.com ukraine ukrainian aim apt44 disrupt

Trustwave Becomes First Pure-Play MDR Provider to Achieve FedRAMP Authorization Trustwave的Government Fusion平台获得FedRAMP授权，成为唯一纯MDR提供商。该平台为联邦和州机构提供MDR和协同管理SIEM/SOC服务，具备24/7实时监控、威胁检测等功能，并满足严格的安全标准和“美国眼睛”要求。... 2025-2-20 14:0:0 | 阅读: 13 | 收藏 | Trustwave Blog - www.trustwave.com fedramp security mdr cloud stateramp

Unlock the Full Potential of Microsoft FastTrack with Trustwave 微软FastTrack是一项免费服务，帮助企业高效部署和采用Microsoft 365解决方案。作为微软合作伙伴，Trustwave提供额外支持和安全服务，助力客户最大化投资价值。... 2025-2-19 20:37:12 | 阅读: 12 | 收藏 | Trustwave Blog - www.trustwave.com microsoft fasttrack security adoption maximize

Building a Sustainable PCI DSS 4.0 Compliance Culture PCI DSS 4.0引入目标风险分析（TRA），提供灵活性以适应组织需求，但也带来安全漏洞风险。需通过定期审计、持续监控、培养合规文化和更新文档来应对挑战。... 2025-2-18 21:27:18 | 阅读: 12 | 收藏 | Trustwave Blog - www.trustwave.com tra security dss flexibility

The Rise of Email Marketing Platforms for Business Email Compromise Attacks 文章揭示了商业电邮诈骗（BEC）的现状与趋势，指出2013年至2023年期间全球损失超550亿美元。诈骗者利用邮件营销平台如Mailjet、SendGrid和Mailgun发送垃圾邮件，借助其批量发送、自动化及绕过垃圾过滤功能扩大攻击范围。... 2025-2-18 19:35:14 | 阅读: 11 | 收藏 | SpiderLabs Blog - www.trustwave.com invoice bec mass sendgrid mailgun

The Threat Within: Understanding the Role of Malicious Insiders in Cyberattacks 本文探讨了金融行业内部威胁的演变及其驱动因素，包括恶意员工和网络犯罪分子利用员工权限进行攻击。文章指出，内部威胁因经济利益、个人不满和意识形态等因素而加剧，并强调金融机构需通过强化背景调查、持续监控和严格访问控制等措施来应对这一日益严重的风险。... 2025-2-13 18:28:7 | 阅读: 8 | 收藏 | Trustwave Blog - www.trustwave.com insider malicious threats insiders spiderlabs

How AI-powered Secure Email Gateways Fight Back vs. AI-armed Bad Actors 文章指出，网络攻击者利用生成式AI（如WormGPT和FraudGPT）制作更逼真的钓鱼邮件和欺诈网站。为应对这一威胁，Trustwave的MailMarshal通过PageML系统结合AI技术检测可疑URL和网页内容，在过去六个月内成功识别1450万个独特威胁。... 2025-2-12 14:0:0 | 阅读: 12 | 收藏 | Trustwave Blog - www.trustwave.com pageml threats mailmarshal phishing security

Cyber and Physical Security Considerations for Returning to the Office 文章指出，在后疫情时代员工重返办公室之际，企业需重新审视并加强物理和网络安全措施。这包括更新访问控制、检查设备安全、强化员工安全意识以及防范网络威胁。企业需通过培训和政策调整，确保员工适应办公室环境并避免远程工作期间养成的不良习惯。... 2025-2-11 14:0:0 | 阅读: 9 | 收藏 | Trustwave Blog - www.trustwave.com security remote phishing

Trustwave Named a Top 100 Security MSP by CRN for 6th Consecutive Year 这篇文章总结了Trustwave连续第六年入选CRN的2025 MSP 500名单中的Security 100类别。Trustwave通过其全球渠道合作伙伴计划提供了广泛的网络安全产品和服务，满足企业在威胁检测、响应、漏洞和风险管理方面的需求。该计划还为合作伙伴提供了资源、培训和支持，并通过多样化的协作机会推动了IT渠道的发展。此外，Trustwave最近还获得了多项行业奖项和认可。... 2025-2-10 15:0:0 | 阅读: 8 | 收藏 | Trustwave Blog - www.trustwave.com security msp crn recognizing consecutive

Will the UK's Ransomware Proposal Work? Trustwave Weighs in on the Potential Impact 英国政府提出新提案，禁止关键基础设施和公共部门支付勒索赎金，并要求受害者在支付前向政府报告。专家认为这可能迫使勒索团伙转向其他国家，但执行细节和例外情况仍需明确。该提案目前处于公众咨询阶段。... 2025-2-6 19:47:29 | 阅读: 10 | 收藏 | Trustwave Blog - www.trustwave.com ransomware proposal cni security shawn

Penetration Testing ROI: How to Convince Leadership to Invest in Cybersecurity 这篇文章讨论了首席信息安全官（CISO）在推动企业渗透测试项目时面临的挑战。CISO需要向非技术人员解释风险和价值，强调内部团队的局限性以及专业渗透测试公司的必要性。文章还提到高管对第三方信任的担忧，并介绍了Trustwave SpiderLabs的专业能力。... 2025-2-5 20:55:1 | 阅读: 17 | 收藏 | Trustwave Blog - www.trustwave.com security cisos executives firm

Trustwave SpiderLabs: Examining How New Ransomware Groups Emerge 2025年，Hunters International和Qilin两个新勒索软件团伙崛起，取代LockBit成为能源和公用事业部门的主要威胁。LockBit于2024年被执法部门破坏后，这两个团伙迅速活跃起来，并采用先进的技术和策略进行攻击。... 2025-2-4 20:46:9 | 阅读: 13 | 收藏 | Trustwave Blog - www.trustwave.com qilin hunters ransomware lockbit newcomers

Beyond the Chatbot: Meta Phishing with Fake Live Support February 04, 2025 4 Minute Read... 2025-2-4 14:0:0 | 阅读: 18 | 收藏 | SpiderLabs Blog - www.trustwave.com phishing salesforce hxxps php facebook

Accelerate Your Journey with the Microsoft End Customer Investment Funds (ECIF) Program January 31, 2025 3 Minute Read... 2025-1-31 16:44:46 | 阅读: 8 | 收藏 | Trustwave Blog - www.trustwave.com microsoft ecif security funds qualified

How Trustwave’s Fusion Platform Analyzes Ransomware Tactics in the Energy Sector: A Comprehensive Overview January 30, 2025 2 Minute Read... 2025-1-30 14:0:0 | 阅读: 16 | 收藏 | Trustwave Blog - www.trustwave.com fusion spiderlabs lateral remote facing

Inside APT34 (OilRig): Tools, Techniques, and Global Cyber Threats January 29, 2025 8 Minute Read... 2025-1-29 18:37:35 | 阅读: 30 | 收藏 | Trustwave Blog - www.trustwave.com apt34 oilrig iranian sectors phishing

Trustwave SpiderLabs December 2024: Phishing and Email Security Insights January 27, 2025 4 Minute Read... 2025-1-27 14:0:0 | 阅读: 11 | 收藏 | Trustwave Blog - www.trustwave.com phishing mailmarshal bec threats spiderlabs

Cracking the Giant: How ODAT Challenges Oracle, the King of Databases January 27, 2025 10 Minute Read... 2025-1-27 14:0:0 | 阅读: 12 | 收藏 | SpiderLabs Blog - www.trustwave.com odat database machine reverse tns

Ransomware’s Evolution: Key Threat Groups Targeting the Energy and Utilities Sector in 2025 January 24, 2025 2 Minute Read... 2025-1-24 14:0:0 | 阅读: 12 | 收藏 | Trustwave Blog - www.trustwave.com ransomware hunters spiderlabs extortion radar

Trustwave SpiderLabs: The Ransomware Trends Confronting the Energy and Utilities Sector Increasing frequency, new threat groups emerging, the rise of ransomware-as-a-service (RaaS) attack... 2025-1-23 14:0:0 | 阅读: 11 | 收藏 | Trustwave Blog - www.trustwave.com ransomware spiderlabs radar threats lockbit