Podcasts about trustwave

Get your FREE Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcastEd Williams, Vice President of EMEA Consulting and Professional Services (CPS) at TrustWave, shares his two decades of pentesting and red teaming experience with Cyber Work listeners. From building his first programs on a BBC Micro (an early PC underwritten by the BBC network in England to promote computer literacy) to co-authoring award-winning red team security tools, Ed discusses his favorite red team social engineering trick (hint: it involves fire extinguishers!), and the ways that pentesting and red team methodologies have (and have not) changed in 20 years. As a bonus, Ed explains how he created a red team tool that gained accolades from the community in 2013, and how building your own tools can help you create your personal calling card in the Cybersecurity industry! Whether you're breaking into cybersecurity or looking to level up your pentesting skills, Ed's practical advice and red team “war stories,” as well as his philosophy of continuous learning that he calls “Stacking Days,” bring practical and powerful techniques to your study of Cybersecurity.0:00 - Intro to today's episode2:17 - Meet Ed Williams and his BBC Micro origins5:16 - Evolution of pentesting since 200812:50 - Creating the RedSnarf tool in 201317:18 - Advice for aspiring pentesters in 202519:59 - Building community and finding collaborators 22:28 - Red teaming vs pentesting strategies24:19 - Red teaming, social engineering, and fire extinguishers27:07 - Early career obsession and focus29:41 - Essential skills: Python and command-line mastery31:30 - Best career advice: "Stacking Days"32:12 - About TrustWave and connecting with EdAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.

Hoje, o entrevistado é Celso Hummél, engenheiro eletrônico e Sales Director Latam na Appdome. Ele atuou em empresas globais como Trustwave, ReturnPath, NetIQ e SonicWall. Possui amplos conhecimentos em cibersegurança, com mais de 40 anos de experiência em setores como serviços financeiros, serviços públicos, governo, telecom e varejo. É membro de várias entidades, como a OWASP, ISSA Brasil e WOMCY. Iremos falar sobre o desafio da segurança de dados, quais são as principais ameaças emergentes que enfrentaremos nos próximos anos, como a inteligência artificial e o aprendizado de máquina serão utilizados para melhorar a defesa cibernética no futuro, os desafios éticos relacionados à cibersegurança, Internet das Coisas (IoT), 5G, computação em nuvem e blockchain, além da colaboração internacional entre empresas e países para combater as ameaças cibernéticas em uma escala global. Vale a pena conferir!

Many of us fall into L&D - and some of us make sacrifices in order to do so. At a time when many of us have faced layoffs and unexpected setbacks, we wanted to spotlight career journeys that had tough times and what our guests did to overcome these. In this episode, I'm speaking with Jennifer Sutherland, Global Leader of Culture, Learning & Development at Trustwave, about her incredible career and the lessons we can all learn from her. KEY TAKEAWAYS Very few people follow a linear path into L&D. This is good because they bring varied business skills to the role. If you do not have any training or L&D experience to put on your resume seek it out. Jennifer shares several ways to do that. Be authentic, especially during presentations, and develop your own style. Listen to feedback but recognise who the outliers are and factor that in before deciding whether to pivot. Take your time when switching roles. Lots of L&D professionals inadvertently end up in a role that is not a good fit for them. Use other L&D professionals as a sounding board and help each other. Understand how humans learn and stay up to date with the research. Stay curious and stay up to date with the tech. Build good relationships with all stakeholders and network. BEST MOMENTS “You created the opportunity that helped you gather the experience that you needed to be taken seriously by those L&D hiring managers.” “Words matter … how you fill in the silence is so critical.” “Frankly, that role was not the right fit for me.” “The career path that I'm on looks bananas, but gave  me all these skills, resources, knowledge, community and networks.” “Create your own sandwich of tech to create what you need.” “The world limits you already. Don't be the one that limits yourself.”   Jennifer Sutherland Bio Jennifer is the Global Leader of Culture, Learning & Development at Trustwave, where she is responsible for driving employee engagement and developing enriching learning experiences. Her team focuses on initiatives such as change management and sales enablement, essential for a dynamic global workforce across EMEA, APAC, and North America. Concurrently, as an Adjunct Professor at Davenport University, Jennifer leverages her expertise to educate the next generation in HR and Learning & Development.  You can follow and connect with Jennifer via: LinkedIn: https://www.linkedin.com/in/jennifernsutherland Website: https://sutherlandtalentsolutions.com The Nonlinear Training Career article - https://trainingindustry.com/magazine/spring-2024/the-nonlinear-training-career https://www.toastmasters.org   VALUABLE RESOURCES The Learning And Development Podcast - https://podcasts.apple.com/gb/podcast/the-learning-development-podcast/id1466927523 L&D Master Class Series: https://360learning.com/blog/l-and-d-masterclass-home ABOUT THE HOST David James  David has been a People Development professional for more than 20 years, most notably as Director of Talent, Learning & OD for The Walt Disney Company across Europe, the Middle East & Africa.  As well as being the Chief Learning Officer at 360Learning, David is a prominent writer and speaker on topics around modern and digital L&D.  CONTACT METHOD  Twitter:  https://twitter.com/davidinlearning LinkedIn: https://www.linkedin.com/in/davidjameslinkedin L&D Collective: https://360learning.com/the-l-and-d-collective Blog: https://360learning.com/blog L&D Master Class Series: https://360learning.com/blog/l-and-d-masterclass-home

This week in the enterprise security news, Upwind Security gets a massive $100M Series B Trustwave and Cybereason merge NVIDIA wants to force SOC analyst millennials to socialize with AI agents Has the cybersecurity workforce peaked? Why incident response is essential for resilience an example of good product marketing who is Salvatore Verini, Jr. and why does he have all my data? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-384

This week in the enterprise security news, Upwind Security gets a massive $100M Series B Trustwave and Cybereason merge NVIDIA wants to force SOC analyst millennials to socialize with AI agents Has the cybersecurity workforce peaked? Why incident response is essential for resilience an example of good product marketing who is Salvatore Verini, Jr. and why does he have all my data? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-384

Cybersecurity Insights: Malvertising, Phishing Trends, and North Korean Hackers In this weekend edition of 'Cybersecurity Today,' host Jim Love brings together experts Terry Cutler from Cyology Labs, David Shipley from Beauceron Security, and Greg Monson from Trustwave. The panel explores the latest trends in cybersecurity, including a deep dive into a report on 'Malvertising,' the use of social media advertising to distribute malware. They also discuss a significant rise in phishing attempts and the challenges of detecting them, revealing a worrying leakage rate of up to 50%. The panel delves into a fascinating and concerning trend: North Korean hackers being hired as remote workers to infiltrate companies. Finally, they analyze the recent Delta lawsuit against CrowdStrike and Microsoft's involvement in the case. Tune in for expert insights, practical advice, and the latest updates in the ever-evolving field of cybersecurity. 00:00 Introduction and Panelist Introductions 01:27 Malvertising: A New Cyber Threat 04:13 The Rise of Alternative Communication Channels 07:39 Corporate Dangers of Facebook Account Takeovers 12:04 North Korean Hackers in Remote Work 20:11 Navigating Reference Checks and Hiring Challenges 20:27 The Intricacies of the Prisoner Swap 21:49 CrowdStrike's Legal Battle with Delta 24:24 The IT Professional's Dilemma 30:25 Phishing Email Statistics and Security Measures 35:59 Concluding Thoughts and Future Topics

When looking at industrial cybersecurity, more attention is being paid to how workers are logging in to access critical machinery, software or data. And according to Trustwave Threat Intelligence's recent Manufacturing Threat Landscape report, 45 percent of attacks experienced by manufacturers stemmed from the bad guys accessing credentials.Whether by utilizing brute-force tactics, submitting fake support tickets, or purchasing logins on the Dark Web, this seems to prove that hackers would much rather log in than break in. The report also cited the rise of Initial Access Brokers, or groups that focus specifically on obtaining and selling log-in data to other hackers. One example cited by Trustwave saw an IAB offering access to a leading steel manufacturer for just over $60,000. Unfortunately, this is not a unique circumstance, which is why we're talking to David Cottingham, president of rf IDEAS to weigh in on the ongoing challenges surrounding secure access throughout the OT environment.Listen as we discuss:The importance of simplifying security processes to keep people engaged with them.Why no manufacturer is too small to be a target for credential-based attacks.Overcoming the bad behaviors that can result from operations personnel dealing with over 25 passwords.Avoiding punitive actions surrounding people-based security vulnerabilities.Why dual factor authentication strategies are key to ongoing security developments. Best practices for mobile device use.How VPNs, firewalls and password wallets are simultaneously solutions and vulnerabilities.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

This episode of Voices of CLO features a conversation with Jennifer Sutherland, global leader of culture, learning and development at Trustwave.

Trent Fitz holds over 20 years of experience in the tech industry. Currently a C-level Product Strategy and Technical Marketing Leader at Zenoss. He is an expert in global marketing, product strategy, business development in cloud computing, cybersecurity, and AI. Repeatedly proving his effectiveness in the industry by leading solutions to projects in innovative company's such as IBM, Sailpoint, Trustwave and other various startups. Key takeaways:- APM tools such as Dynatrace, AppDynamics, and New Relic are key, and their integration has been aided by standards like open telemetry.- AI governance is crucial on technical, business process, and enterprise strategy levels.- The maturity models for AIOPs involve governance, decision making, and data/information architecture.- There is a general lack of appreciation for data and content within IT organizations.- AIOPs includes machine learning, and there's a need to educate about structured data and AI capabilities.Quote of the show:"At the core of AIOPs lies a fundamental need to not just visualize but truly understand the staggering complexity of modern IT environments. It's not just about piles of data or sophisticated algorithms; it's about cultivating a genuine appreciation for the significance of that data and how we can harness it to drive smarter, more proactive operations." — Trent FitzLinks:LinkedIn: https://www.linkedin.com/in/trent-fitz/Website: https://www.zenoss.comWays to Tune In:Earley AI Podcast: https://www.earley.com/earley-ai-podcast-home Apple Podcast: https://podcasts.apple.com/podcast/id1586654770 Spotify: https://open.spotify.com/show/5nkcZvVYjHHj6wtBABqLbE?si=73cd5d5fc89f4781 iHeart Radio: https://www.iheart.com/podcast/269-earley-ai-podcast-87108370/ Stitcher: https://www.stitcher.com/show/earley-ai-podcast Amazon Music: https://music.amazon.com/podcasts/18524b67-09cf-433f-82db-07b6213ad3ba/earley-ai-podcast Buzzsprout: https://earleyai.buzzsprout.com/ Thanks to our sponsors: CMSWire Earley Information Science AI Powered Enterprise Book

In episode 062 of Making Better, we explore the intersection of learning and technology with the insightful Jennifer Sutherland from Trustwave. Jennifer shares her rich, varied journey in various industries and the value of diverse experiences in driving innovation. Host Matt Gjertsen and Jennifer discuss the critical role of human knowledge in nuanced situations and the importance of building strong connections in corporate learning environments. They also dive into the structures within learning and development teams, the continuous learning culture, and the power of curiosity. Tips on aligning L&D with business objectives and the impact of leadership in fostering learning round out a conversation full of valuable takeaways for any professional aiming to stay ahead of the curve.Make sure to check out the book recommendations from the episode:Daring Greatly: https://amzn.to/3vP8nqRTeam of Teams https://amzn.to/3HyxhgUWant more tips on effective training? Sign-up for our weekly newsletter, Making Better: https://www.bettereverydaystudios.com/newsletterVisit us at https://www.bettereverydaystudios.com

The tech that's helping social engineers expand current exploits, including credential harvesting.In this episode, we welcome Kory Daniels, CISO of Trustwave, a leading provider of industrial cyber risk solutions, to the show. The conversation spanned a number of topics, including:The double-edged sword of credential harvesting hacks.How data theft is providing greater visibility of an organization's supply chain and partners in helping cybercriminals accumulate more potential targets.The challenges of implementing and sustaining data hygiene practices.Using AI to to fill cybersecurity jobs.How new technology, like AI, is helping cybercriminals lower their operating costs.Understanding that you can't defend what you don't know or understand about your internal landscape.Embracing the benefits of IIoT, but understanding the security risks it carries.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

Kory Daniels, chief information security officer for cybersecurity firm Trustwave, breaks down the company's recent report examining the manufacturing industry's greatest vulnerabilities to cyberattacks and how manufacturers can mitigate these risks in a way that even non-security leaders can implement. Photo courtesy of Trustwave

In this episode of the Retail & Hospitality ISAC podcast, we kick off the RH-ISAC's 10th anniversary year with an interview series featuring RH-ISAC President Suzie Squier and the cybersecurity leaders who helped to found the organization in 2014. Then, host Luke Vander Linden is joined by Ziv Mador of Trustwave to discuss trending and emerging threats in the retail industry. Finally, we close out the CISO Spotlight interview series with a conversation between Luke and Colgate-Palmolive CISO, Alex Schuchman. 

Solarwinds fires back at the SEC! It's about to go down! Trustwave has some great insight on hacking medical devices, don't be tempted! The Okta breakdown of what happened and when. Github releases some "AI" to help with security "left of boom." And more on this episode!

Today we interview Shane Sims, CEO of Kivu Consulting. We'll be talking about the current state of cybercrime and insights from incidents his consulting firm has recently worked. We'll discuss some of the latest stats and trends related to ransomware, as well as thoughts on future cybercrime trends. Shane will also share some stories from his time as an FBI agent, working undercover as a cybercriminal. Segment Resources: Report - Mitigating Ransomware Risk: Determining Optimal Strategies for Business One of the biggest challenges in security today is organizations' reluctance to share attack information. Perhaps legal teams are worried about liability, or maybe execs are just embarrassed about security failures. Whatever the reason, this trend makes it difficult for organizations to help each other. CrowdSec's mission is to make this process automated, anonymized, and seamless for security teams. We talk to Phillip Humeau, one of CrowdSec's founders, about what it's like to build a such an unconventional cybersecurity business - one based around crowdsourcing and open source software. This week, in the enterprise security news, AI dominates new funding rounds (I'm shocked. This is my shocked face.) The buyer's market continues, with lots of small acquisitions SingTel sells off Trustwave at a significant loss Yubico goes public (actually, a month ago, sorry we missed it) Yubico can also now ship pre-registered security keys New cybersecurity tools for board and exec-level folks Lessons learned from recent ransomware attacks Healthcare is increasingly under attack A study on CISO tenure - longer than you might think! Don't miss today's squirrel stories at the end! All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw-336

Today we interview Shane Sims, CEO of Kivu Consulting. We'll be talking about the current state of cybercrime and insights from incidents his consulting firm has recently worked. We'll discuss some of the latest stats and trends related to ransomware, as well as thoughts on future cybercrime trends. Shane will also share some stories from his time as an FBI agent, working undercover as a cybercriminal. Segment Resources: Report - Mitigating Ransomware Risk: Determining Optimal Strategies for Business One of the biggest challenges in security today is organizations' reluctance to share attack information. Perhaps legal teams are worried about liability, or maybe execs are just embarrassed about security failures. Whatever the reason, this trend makes it difficult for organizations to help each other. CrowdSec's mission is to make this process automated, anonymized, and seamless for security teams. We talk to Phillip Humeau, one of CrowdSec's founders, about what it's like to build a such an unconventional cybersecurity business - one based around crowdsourcing and open source software. This week, in the enterprise security news, AI dominates new funding rounds (I'm shocked. This is my shocked face.) The buyer's market continues, with lots of small acquisitions SingTel sells off Trustwave at a significant loss Yubico goes public (actually, a month ago, sorry we missed it) Yubico can also now ship pre-registered security keys New cybersecurity tools for board and exec-level folks Lessons learned from recent ransomware attacks Healthcare is increasingly under attack A study on CISO tenure - longer than you might think! Don't miss today's squirrel stories at the end! All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw-336

This week, in the enterprise security news, AI dominates new funding rounds (I'm shocked. This is my shocked face.) The buyer's market continues, with lots of small acquisitions SingTel sells off Trustwave at a significant loss Yubico goes public (actually, a month ago, sorry we missed it) Yubico can also now ship pre-registered security keys New cybersecurity tools for board and exec-level folks Lessons learned from recent ransomware attacks Healthcare is increasingly under attack A study on CISO tenure - longer than you might think! Don't miss today's squirrel stories at the end! All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-336

This week, in the enterprise security news, AI dominates new funding rounds (I'm shocked. This is my shocked face.) The buyer's market continues, with lots of small acquisitions SingTel sells off Trustwave at a significant loss Yubico goes public (actually, a month ago, sorry we missed it) Yubico can also now ship pre-registered security keys New cybersecurity tools for board and exec-level folks Lessons learned from recent ransomware attacks Healthcare is increasingly under attack A study on CISO tenure - longer than you might think! Don't miss today's squirrel stories at the end! All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-336

Singapore shares opened on a positive note today after global equities ended the week mixed. In early trade, the Straits Times Index (STI) was up 0.3 per cent to 3,226.54 points after 50.4 million securities changed hands in the broader market.  In terms of companies to watch for today, we have Seatrium, after its unit Estaleiro Jurong Aracruz refinanced an existing facility due December 2023.  Meanwhile, from more on Sembcorp Industries and Singtel to Google making laptops in India, more corporate headlines remain in focus.  On Market View, The Evening Runway's finance presenter Chua Tian Tian unpacked the developments with David Kuo, Co-founder, The Smart Investor.See omnystudio.com/listener for privacy information.

Thoughts on the recent RNC candidate debate where cybersecurity never came up, super. China is using Linkedin to recruit spies, how can you know when you are targeted? Trustwave published new research on BEC hacks, what do we get from that research? Two guys are arrested for laundering money via crypto, is that a treasonous act? MAC's get some new malware, hurray! Ransomware group deletes a providers entire customer base's data, whoops! Those and more on this one!

Host Jeremy C. Park talks with Steve Baer, Field CTO, America with Trustwave and Trustwave Government Solutions, who also serves on the board of directors for the US Secret Service Electronic Crimes Task Force in Chicago, and discusses cyber crime and the true cost of a cyber attack, along with some of the preventative measures companies and individuals can take to better protect themselves.During the interview, Steve highlights Trustwave, which is a leader in managed detection and response (MDR), managed security services (MSS), consulting and professional services, database security, and email security. He talks about being part of the Stillwater Ecosystem and working with companies like Higginbotham to assist and support clients in proactive cyber security and resilience, then proper response with breach investigations and restoration.During the interview, Steve shares examples in how a $56k payment can lead to more than $16 million in true cost damages and then provides a number of valuable tips and recommendations to help individuals and companies shift their mindset, think like a spy, and create a structure for success.Visit www.trustwave.com to learn more.

Trent Fitz is the Chief Product Officer at Zenoss after having spent two decades in product and marketing leadership roles at companies like Trustwave and SailPoint.Trent owns product strategy and marketing at one of the pioneers in the space. Zenoss was founded in 2005 and has continued to reinvent itself. With the advent of generative AI, it's more relevant than ever.We've explored the topics of service assurance and monitoring in the past with great guests like Colin Fletcher who coined the term AIOps while at Gartner and Gareth Rushgrove from Snyk who publishes the popular DevOps Weekly newsletter.The field of monitoring is evolving rapidly as new architecture patterns emerge and the data exhaust they generate continues to increase. Listen and learn...Trent's history lesson in system monitoringThe role of AI in monitoring and operationsTrent's perspective on the evolution of monitoring tool sprawlWhat is AIOps vs. observability, monitoring, or event managementHow service-centric monitoring is essential for dynamic apps based on microservicesThe difference between generation one and two AIOpsWhere are manual rules insufficient and real AI is needed to monitor appsHow LLMs are being used to improve observabilityWhy Big Cloud won't own monitoring of cloud-native appsWill there be a time when AI will replace DevOps engineers?References in this episode...Colin Fletcher from Gartner on AI and the Future of WorkGareth Rushgrove from Snyk on AI and the Future of WorkCharity Majors on AI and the Future of Work

In this episode of Tech Talks Daily, I welcome Ed Williams, VP, Consulting, Professional Services at Trustwave, a global leader in managed security services. Ed brings invaluable insights into the challenges and strategies around communicating cybersecurity risks and solutions within an organization, particularly between CISOs and the less technically inclined C-suite. Ed kicks off the conversation by sharing his unique journey into the cybersecurity field and his experiences, including an unexpected appearance in a Bollywood film. We then delve into the heart of the matter - the struggle CISOs face when conveying technical risks to the C-suite. Ed provides his top tips for effective communication, highlighting the importance of simplifying language, prioritizing key security topics, and aligning these with business metrics to demonstrate their impact on the bottom line. Our conversation further explores the critical role regular communication and collaboration play in building a resilient cybersecurity infrastructure. Ed emphasizes how understanding an organization's risk appetite helps shape an effective security strategy, debunking the misconception of cybersecurity as merely a cost and highlighting it as a business enabler. We also touch upon the importance of identifying and presenting meaningful cybersecurity metrics to the board. Ed suggests methods for engaging the C-suite in these discussions, ensuring their understanding, and keeping them abreast of the latest cybersecurity trends. Finally, we explore how Ed's team stays updated on AI and machine learning developments, with Ed sharing his favourite resources, including the Trustwave SpiderLabs team's insightful blog on the latest threats and vulnerabilities. Join us for this enlightening episode as we demystify the art of cybersecurity communication within an organization, and understand its pivotal role in fostering a secure business environment.

In the latest episode the Risk Roundtable, Andy and Dave welcome in Angie Gad to run through the hits. The topics discussed include: Drones Russia's Drone Barrage Ineffective Due to 'Poor Targeting Processes'—U.K. Inside Ukraine's secretive drone program Russia says shoots down Ukraine-launched drones over Crimea, Kursk Gate 15 Resource Links: Drones AI Oh ****, maybe we did start building SkyNet… AI Threat Placed on Par With Pandemics, Nuclear War More than 350 people signed a statement released by the Center for AI Safety, an organization that said it works to reduce AI risks. AI-Controlled Drone Goes Rogue, 'Kills' Human Operator in USAF Simulated Test They Plugged GPT-4 Into Minecraft—and Unearthed New Potential for AI Cyber News Microsoft is attributing the these attacks to Cl0p ransomware. CISA Adds One Known Exploited Vulnerability to Catalog. CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-34362 Progress MOVEit Transfer SQL Injection Vulnerability New York State Department of Financial Services MOVEit Transfer Vulnerability MOVEit: The Week in Ransomware - June 2nd 2023 - Whodunit? HuntressLabs, Mandiant, Rapid7, TrustedSec, and Trustwave have published more details on the attacks targeting MOVEit file-transfer appliances. Article: CISA orders govt agencies to patch MOVEit bug used for data theft Deployed publicly accessible MOVEit Transfer? Oh no. Mass exploitation underway New MOVEit Transfer zero-day mass-exploited in data theft attacks Joint Cybersecurity Advisory: ⁠U.S., ROK Agencies Alert: DPRK Cyber Actors Impersonating Targets to Collect Intelligence⁠, ⁠PDF⁠ ⁠'The Comm': The Group Linked to a Nationwide Swatting Rampage⁠ ⁠The 2024 race promises to be ‘very, very active' in terms of foreign and domestic meddling, says former CISA chief⁠ Blended Threats - ⁠Study: Severe Weather–Related Power Outages Pose Increasing Threat to Patients Who Rely on Electronic Medical Equipment⁠ ⁠What the debt ceiling deal means for U.S. cyber agency⁠ Hurricanes. CSU released its second forecast for the 2023 Atlantic hurricane season on Thursday, 1 June The 2023 Atlantic Hurricane Season Is Here – Here Are The Key Things You Should Know 2023 Atlantic Hurricane Season Has Officially Begun – Here's What Is Typical In June And July Here's How To Get Ready For Hurricane Season Pride Month Concerns. Tree of Life synagogue: Gunman driven by 'malice and hate'⁠⁠MSU reports gunman watched campus tours, searched school shootings prior to mass shooting⁠ Layton Target evacuated after bomb threats reported at multiple Utah stores. Spotlight: Culture War Rhetoric Escalate to Physical Threats. ⁠At Least 9 Target Stores Received Fake Bomb Threats Over Pride Merchandise⁠ ⁠FBI investigating threats of violence to Omaha religious centers⁠. “According to authorities, the author of the note claims to represent Jane's Revenge — an abortion rights extremist group that Homeland Security has linked to arson attacks against buildings of ideological opponents.” ⁠Recent attacks put staffers on edge as authorities look for answers; Threats cut across party lines⁠ ⁠Experts warn against canceling Pride campaigns after extremists threaten Target⁠ ⁠Target Pride backlash exposes 'rainbow capitalism' problem, designer says⁠ ⁠Pride Month is a war. Brands are the battlefield.⁠ Motorists Face Hate Messages After White Supremacists Hack Interstate Road Sign FB-ISAO Threat Level Update, June 2023. Based on this review, we have determined to maintain all threat levels at GUARDED, meaning that FB-ISAO is aware that a general risk of incidents exists, but there are no target or time specific threats requiring an escalation in our overall preparedness at this time.  

If 2022 felt like the year of the ‘perfect storm' for cyber incidents, then it's likely the weather will not improve in 2023 as banks along with many other enterprises continue to build, harden and invest in their cyber security capabilities, using new technologies and new approaches. We ask Rene Morel from Deloitte and Nick Ellsmore from Trustwave, both experienced cyber security specialists, what went wrong and where the next threats are coming from. 

DigiCert, Inc., a leading global provider of digital trust, have releases DigiCert® Trust Lifecycle Manager, a comprehensive digital trust solution unifying CA-agnostic certificate management and public key infrastructure (PKI) services. Trust Lifecycle Manager tightly integrates with DigiCert's best-in-class public trust issuance for a full-stack solution governing seamless management of corporate digital trust infrastructure. The 2022 State of Digital Trust Survey revealed the cost of poor security practices, finding that almost half of consumers have stopped doing business with a company after losing confidence in its digital trust competency. Trust Lifecycle Manager brings together: • Certificate lifecycle management, streamlining IT operations with certificate discovery, management, notification, automation and integration. • PKI services, streamlining identity and authentication with private certificate issuance for users, devices, servers and other IT resources, and management of the CA hierarchy. This unified management of a company's digital trust fabric delivers: • A full-stack solution in a single pane of glass that offers superior performance, handling and automation, with single vendor accountability. • Certificate profiles and tools facilitating self-service issuance. • Flexibility for cloud, on-premises or hybrid models, enabling companies to manage their PKI use cases according to their security policy preferences. • Centralised visibility and control over a company's certificate landscape, reducing risk of business disruption and securing identity and access across the organisation. • Deep integration into user and enterprise technologies, supporting existing business systems and processes. We speak with Brian Trzupek, Senior Vice President of Product at DigiCert. A crypto and security tech by day and night, Brian brings nearly two decades of expertise on many security subjects to the team. He's constantly innovating use cases for enterprise PKI. He previously worked for more than six years as VP of Managed Identity and Authentication at Trustwave where he helped fight cybercrime, protect data, and reduce security risk. While at Trustwave, he testified before a congressional panel on the Dec. 2013 Target breach. Prior to Trustwave, he was a founder of Creduware Software, Inc., a company that automated credential password and digital certificate renewal and installation, as well as policy based application monitoring. Trust Lifecycle Manager is generally available now as part of the DigiCert® ONE platform. To learn more, visit www.digicert.com/trust-lifecycle-manager

The fifth chapter in my book, "Angelic 8s: A Letter To Zara" is title Communication is Not How Well We Are Able to Use Words. Jennifer Sutherland, Leader of Global Learning & Development at Trustwave, and I talk about the importance of true communication and meeting people where they are, not where you are. #BaxtersBuzz #Communication #Leadership #Business #Goals "Angelic 8s: A Letter To Zara" and is available now. #BaxtersBuzz Link - https://amzn.to/37BIX44 --- Support this podcast: https://anchor.fm/baxter-hall/support

Trustwave Government Solutions Managed Security Services (MSS) is the combination of the industry's best preventive and detective tools under a world-class managed services umbrella with unrivaled global threat intelligence.

A daily look at the relevant information security news from overnight.Episode 239 - 20 May 2022Log4J exploit - https://www.bleepingcomputer.com/news/security/lazarus-hackers-target-vmware-servers-with-log4shell-exploits/SQL brute - https://www.securityweek.com/new-brute-force-attacks-against-sql-servers-use-powershell-wrapperPhishing with Chat - https://www.bleepingcomputer.com/news/security/phishing-websites-now-use-chatbots-to-steal-your-credentials/Jupiter flawed - https://threatpost.com/vulnerability-wordpress-themes-site-takeover/179672/Flux flaw - https://portswigger.net/daily-swig/rogue-cloud-users-could-sabotage-fellow-off-prem-tenants-via-critical-flux-flawVidar delivery- https://www.zdnet.com/article/fake-domains-offer-windows-11-installers-but-deliver-malware-instead/Hi, I'm Paul Torgersen. It's Friday May 20th, 2022, and after a couple days under the weather, this is a look at the information security news from overnight. From BleepingComputer.com:The North Korean hacking group Lazarus is exploiting the Log4J remote code execution vulnerability on VMware Horizon servers. They use the weakness to execute a PowerShell command and ultimately install the NukeSped backdoor. Details in the article. From SecurityWeek.com:Microsoft has warned organizations of a new wave of brute force cyberattacks that target SQL servers and use a living-off-the-land binary. Specifically, the attackers rely on a legitimate utility called sqlps.exe to achieve fileless persistence on SQL servers that use weak or default passwords. From BleepingComputer.com:Phishing attacks are now using automated chatbots to guide visitors through the process of handing over their login credentials to the threat actors. How nice of them. Actually, the presence of a chatbot lends a sense of legitimacy to the malicious sites. See the full Trustwave report in the article. From ThreatPost.com:A critical privilege escalation flaw found in two WordPress site themes, can allow the threat actors to take over the sites completely. The Jupiter and JupiterX Core Plugin affect more than 90,000 sites. The vulnerability affects Jupiter Theme 6.10.1 or earlier, and JupiterX Core Plugin 2.0.7 or earlier. Updated versions have patched the flaws. From PortSwigger.net:A critical vulnerability in Flux2, the continuous delivery tool for Kubernetes, can enable rogue tenants in multi-tenancy deployments to sabotage their neighbors that are using the same off-premise infrastructure. The remote code execution flaw arises through improper validation of kubeconfig files, which “can define commands to be executed to generate on-demand authentication tokens”. In a single tenant deployment, this flaw is only a 6.8 severity. In multi tenant deployments, that rating jumps to a 9.9 And last this week, from ZDNet.comNewly registered domains that just appeared in April, mimic a legitimate Microsoft Windows 11 OS download portal. Unfortunately, what you actually get is a nasty little information stealer called Vidar. Link to the full Zscaler report in the article. That's all for me this week. Remember to LIKE and SUBSCRIBE. And as always, until next time, be safe out there.

Travis Quinn, Principal Security Advisor at Trustwave, joins the show to discuss his Cyber career in Canberra. This industry profile is part of a series looking at those working in the cyber industry in Canberra. Trustwave is a leading cybersecurity and managed security services provider focused on threat detection and response. Offering a comprehensive portfolio of managed security services, consulting and professional services, and data protection technology, Trustwave helps businesses embrace digital transformation securely. Trustwave is a Singtel company and the global security arm of Singtel, Optus and NCS, with customers in 96 countries. For more information visit trustwave.com and you can connect with Travis on LinkedIn. Canberra is where industry meets government and researchers to partner and solve the big problems in cyber security. Working and studying in Canberra cyber gets you close to the best cyber business, education and career opportunities. The Canberra Cyber Hub connects and strengthens the unique Canberra cyber ecosystem. Demand for skilled workers in cyber security is booming, while careers in the industry are getting more diverse and rewarding. Canberra is the place to grow a career in cyber security. The Canberra Cyber Hub has been co-designed with the Canberra cyber ecosystem and is funded by the ACT Government, to help close the cyber security skills gap and support the growth of the ecosystem. For more information, including profiles, news, events, and information on career pathways, education providers and employers, visit canberracyberhub.com.au.See omnystudio.com/listener for privacy information.

It is time for YusufOnSecurity, welcome onboard to this week's show.Often it is not about what came in but rather what has been left behind. This week we will look at introducing digital forensics and what is involved when carrying out this painstaking process. Also coming up, a couple of pertinent security news that you might find relevant, including MITTRE Evaluation round 4 is out. Gitlab vuln that might need your attention. - https://www.cynet.com: 2022 MITRE ATT&CK Evaluation Results Overview - https://attack.mitre.org: ATT&CK- https://about.gitlab.com: Critical security release GitLab 14-9-2 released- https://en.wikipedia.org: Digital forensics-https://trustwave.com: 2019 Trustwave global security report. Please review this within the context of today more recent version. -https://www.verizon.com: Data Breach Investigations Report-https://www.cisco.com: Security outcomes study report- https://talosintelligence.com: Incident Response EmergencyBe sure to subscribe!    If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com   You will find a list of all previous episodes in there too.

Merhaba teknoloji sever, hem seni daha iyi tanımak hem de içeriklerimizi senin daha çok işine yarayacak hale getirmek için bir anket hazırladık. Ankete buraya tıklayarak ulaşabilirsin, bizim için fikirlerin çok önemli. Mail bültenimize abone olmak için tıklayın. 5 Dakikada Teknoloji Gündemi Tarih: 28 Mart 2022 Yerli eğitim girişimi Düşyeri, 35 milyon dolar değerleme üzerinden 3.7 milyon dolar yatırım aldı. Spotify, sesli komutlarla çalışacak yeni bir Araba Modu test etmeye başladı. Siber güvenlik şirketi Trustwave, Microsoft yardım dosyaları içerisine kötü amaçlı yazılım Vidar'ın gizlendiğini duyurdu. Instagram, Hikayeler için sesli yanıt özelliği üzerinde çalışıyor. Podcast Boş İşler'de Önceki Bölümlerimiz

Die Frage ist schon lange nicht mehr, ob ein Cyberangriff erfolgreich ist. Die Frage lautet: Wann und vor allem wie schnell man den Cyberangriff stoppt! Netzpalaver sprach diesbezüglich via Remote-Session mit Fred Tavas, Director Sales Europe bei Trustwave, darüber, wie ein Managed-Security-Service-Provider Unternehmen helfen kann, die allgegenwärtige Gefahr durch Cyberattacken zu minimieren und welche Vorteile ein MSSP zusätzlich offeriert.

With human error being the common factor in most cyberattacks, employee training has got to get better. To that end, Trustwave cybersec training expert Darren Van Booven explains the importance of fish stress balls and management buy-in.

Listen to experts discuss database security best practices to assist in meeting the Presidential Executive Order on Cybersecurity.

An apparent cyberespionage campaign targets the Iranian diaspora. Babadeda is an emerging crypter seeing use against alt-coin and NFt speculators. RATDispenser is out in the wild, a malware-as-a-service operation. Proofs-of-concept published for Microsoft exploits. Apple sues NSO Group. Group-IB's founder asks President Putin for clemency. Caleb Barlow on the difference between working for a company that is funded by VCs, PEs, angels or is public. Our guest today is Karl Sigler from Trustwave on the results of the 2021 Trustwave SpiderLabs Telemetry Report. And there's a guilty plea in the Wolf of Sophia case. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/226

Cyberattacken führen zu immer größeren Schäden bei Unternehmen. Die Angriffe werden viel zu spät erkannt. Nicht nur der Fachkräftemangel in der Security zwingt die Unternehmen in die Defensive. Wie kann Managed Detection and Response (MDR) helfen? Worauf kommt es bei MDR an? Das Interview von Oliver Schonschek, Insider Research, mit Marco Rossi von Trustwave liefert Antworten.

ZDNet Security Update: Danny Palmer talks to Ed Williams, Director of SpiderLabs EMEA at Trustwave, about how cyber criminals get into networks and what they actually do once inside. Learn more about your ad choices. Visit megaphone.fm/adchoices

    Coolness is an aesthetic of attitude, behavior, comportment, appearance and style which is generally admired. Because of the varied and changing connotations of cool, as well as its subjective nature, the word has no single meaning. It has associations of composure and self-control and often is used as an expression of admiration or approval. Although commonly regarded as slang, it is widely used among disparate social groups and has endured in usage for generations.  -- Wikipedia     On today's No Name Security Podcast, Matt Stephenson welcomes 3 people doing very cool things in a very cool industry… and… they happen to be to very cool people. Kurtis Minder is the co-founder and CEO at GroupSense, Tom Pace is the co-founder and CEO at NetRise and Scott Scheferman is the Chief Strategist at Eclypsium. They are each legendary incident response types who were at Black Hat for a multitude of reasons. Why were they there…? Stick around and find out!     About Kurtis Minder     Kurtis Minder (@kurtisminder) is the founder of GroupSense, a threat intelligence company. He leads a team of analysts and technologists providing custom cybersecurity intelligence to brands around the globe. The company's analysts conduct cyber research and reconnaissance and map the threats to client risk profiles. He arrived at GroupSense after more than 20 years in role-spanning operations, design and business development at companies such as Mirage Networks (acquired by Trustwave), Caymas Systems (acquired by Citrix) and Fortinet (IPO).     About Tom Pace       Tom Pace (@TommyPastry) is the co-founder and CEO of NetRise, an automated, cloud-based platform that provides comprehensive insight into the risks present in a firmware image.   Prior to founding NetRise, Tom spent 16 years working in security across multiple roles and disciplines. From serving in the United States Marine Corps, being responsible for ICS security within the Department of Energy and most recently serving as Global Vice President for Cylance, he has been a leader and innovator within cybersecurity. Tom has also responded to hundreds of security incidents globally and shared his experience at multiple security conferences such as RSA and Black Hat.     About Scott Scheferman     Scott Scheferman (@transhackerism) is the founder of Armanda Intelligence, LLC, with a mission of providing CxO/board advisement, strategy and threat intelligence.  He is also Principal Strategist for Eclypsium, Inc.   Scott keeps a hyper-current beat on the threat landscape and how it continues to fundamentally change business and mission cyber risk dynamics. Battle-hardened from years of red-teaming, incident response and cyber consulting, as well as having served as the technical lead and final security risk determination for the Navy's Certification Authority (thousands of systems per year, with over 800 validators and 30 risk analysts feeding these risk determinations), Scott draws his perspective from significant real-world high-stakes (multi-billion dollar programs and Fortune 10 enterprise) experience. If you want the truth about what is happening in the world of cybersecurity, Scott is a voice you want to be listening to. If you can't handle the truth… he may not be your guy… but that doesn't mean he won't keep telling it.     About Matt Stephenson     Matt Stephenson (@packmatt73) leads the Social Media team at Forescout, which puts me in front of people all over the world. Prior to joining Forescout, I hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. The new No Name Security Podcast will continue and expand upon that tradition as we seak out the leading minds in the security industry as well as those may break things every now again. And… just for fun, there will be some wildcard guests as well.   In 10 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty sure they weren't there for us, but you never know...   Whether at in person events, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy.   Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round...     If you tuned in to any of my previous podcasts, there's great news! The No Name Security Podcast is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as, GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts!   Make sure you Subscribe, Rate and Review!

During this podcast, hear from experts at Trustwave Government Solutions and IMPRES as they speak about toxic combinations of misconfigurations and vulnerabilities, understanding who has access to your data, and data security best practices for securing your databases.

During this podcast, experts from Trustwave Government Solutions spoke about how to implement a least-privilege approach to limit who has access and to what data in your databases, why security technology that is not purpose-built for databases are not enough to protect against breach, and how attackers target database weaknesses for more than just stealing data.

Netzpalaver sprach via Remote-Session mit Fred Tavas, Country Manager DACH & CEE bei Trustwave, über den Trend, dass Unternehmen zunehmend auf die Unterstützung von Managed-Security-Services in puncto Managed-Detection & Response zurückgreifen, ihre Sicherheit verstärkt mit dem MSSP als Hybrid-Security-Operations-Center betreiben oder die Sicherheit komplett dem MSSP übergeben und welche Faktoren jeweils unter Sicherheitsaspekten dafür ausschlaggebend sind.

    “The bad guys know they are bad guys—they are trying to pretend to be businesspeople… as long as you pretend with them that this is just a normal business transaction, it goes better.”  -- Kurtis Minder; Fortune, 01 June 2021   If you have been reading about or watching news shows discussing ransomware, more than likely, you have seen Kurtis Minder. He has been nearly omnipresent across multiple platforms because his team at Groupsense has been putting in the work to help the victims of ransomware attacks negotiate with attackers in order to get their data back. Here's the best part… we're not talking about that. Not that it's not important, but there is a lot more that Kurtis and his team have been up to. Kurtis has brought the knowledge on that specific topic to television, podcasts and many other mediums in order to spread the word.   He has a lot more to say about the state of cybersecurity.   That is what we are here to talk about. Okay… we do talk about ransomware negotiation a bit, BUT… we dig deep into so much more.   Matt Stephenson welcomes Groupsense CEO and co-founder Kurtis Minder for a discussion about the Seven Dirty Words of Cybersecurity. Depending on your definition of a Dirty Word, this may be a cautionary or inspirational tale. Either way, Kurtis and his team are busting their asses to help secure the data, prevent attacks and… in the worst case scenario… help victims get their data back so they can continue to do their work. And he may be doing it while riding cross country on a motorcycle…     About Kurtis Minder     Kurtis Minder (@kurtisminder) is the founder of GroupSense, a threat intelligence company. He leads a team of analysts and technologists providing custom cybersecurity intelligence to brands around the globe. The company's analysts conduct cyber research and reconnaissance and map the threats to client risk profiles. He arrived at GroupSense after more than 20 years in role-spanning operations, design and business development at companies such as Mirage Networks (acquired by Trustwave), Caymas Systems (acquired by Citrix) and Fortinet (IPO).     About Matt Stephenson     Matt Stephenson (@packmatt73) leads the Social Media team at Forescout, which puts me in front of people all over the world. Prior to joining Forescout, I hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. The new No Name Security Podcast will continue and expand upon that tradition as we seak out the leading minds in the security industry as well as those may break things every now again. And… just for fun, there will be some wildcard guests as well.   In 10 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty sure they weren't there for us, but you never know...   Whether at in person events, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy.   Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round...     If you tuned in to any of my previous podcasts, there's great news! The No Name Security Podcast is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as, GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts!   Make sure you Subscribe, Rate and Review!

Viele Unternehmen setzen auf Managed Security Services Provider (MSSP). Da Angriffe weltweit auftreten, sollten MSSPs über globale Sicherheitsinformationen verfügen. Hierbei kann ein Co-managed Security Operations Center helfen. Wie kann man damit Cyber-Bedrohungen rund um die Uhr im Blick behalten? Das Interview von Oliver Schonschek, Insider Research, mit Fred Tavas von Trustwave liefert Antworten.

Guest Karl Sigler of Trustwave's SpiderLabs joins Dave Bittner to talk about their research: "Hidden Phishing at Free JavaScript Site". The research describes an interesting phishing campaign SpiderLabs encountered recently. In this campaign, the email subject pertains to a price revision, followed by some numbers. There is no email body, but there is an attachment about an ”investment.” The attachment’s convoluted filename contains characters the file-naming convention doesn’t allow, notably the vertical stroke, “|.” Even though "xlsx" is in the filename, double-clicking the attachment will prompt the user to open it with the default web browser. Thus, the file indeed appears to be an HTML document. Of course, it’s malicious. The research can be found here: HTML Lego: Hidden Phishing at Free JavaScript Site

Guest Karl Sigler of Trustwave's SpiderLabs joins Dave Bittner to talk about their research: "Hidden Phishing at Free JavaScript Site". The research describes an interesting phishing campaign SpiderLabs encountered recently. In this campaign, the email subject pertains to a price revision, followed by some numbers. There is no email body, but there is an attachment about an ”investment.” The attachment’s convoluted filename contains characters the file-naming convention doesn’t allow, notably the vertical stroke, “|.” Even though "xlsx" is in the filename, double-clicking the attachment will prompt the user to open it with the default web browser. Thus, the file indeed appears to be an HTML document. Of course, it’s malicious. The research can be found here: HTML Lego: Hidden Phishing at Free JavaScript Site

According to Gartner, 90 percent of ransomware attacks can be prevented. Don't be part of the 10 percent – learn how hackers are defeating your ransomware tools. Hear from Grayson Lenik, Cybersecurity Expert at Trustwave Government Solutions, as he shares the evolution of ransomware, Red Team simulation against ransomware tools, and a case study of a recent ransomware attack.

Interview with Craig Searle, Director, Consulting & Professional Services (Pacific) at Trustwave discussing the new SolarWinds vulnerabilities discovered - PLUS its Safer Internet Day 2021 #SID2021 Craig has been in the cyber security industry for nearly two decades. He has built cyber security ventures from the ground up most recently seeing Hivint, a new kind of professional services business, exit to Trustwave, an Optus Company in 2018. He now runs Trustwave (Pacific) consulting and professional services. At Trustwave, Craig continues to build on his extensive experience in the development, management & execution of IT security advice and assurance activities within large organisations, including banking and finance, critical infrastructure, ASX200 organisations and government (both state and federal). Two security vulnerabilities in SolarWinds Orion Platform (CVE-2021-25275 and CVE-2021-25274) and one vulnerability in SolarWinds Serv-U FTP for Windows (CVE-2021-25276). All three vulnerabilities are severe bugs, with the most critical one in SolarWinds Orion Platform (CVE-2021-25274) allowing remote code execution with high privileges. Trustwave - SpiderLabs Blog: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/full-system-control-with-new-solarwinds-orion-based-and-serv-u-ftp-vulnerabilities/ #MySecurityTV takeaway - Feb 9, 2021 - full episode, with an interview with Mark Lukie, Engineer Manager, Barracuda and a walk through how scammers have turned to Bots and automation to avoid detection - available here: https://mysecuritymarketplace.com/av-media/mysec-tv-live-today-joined-by-craig-searle-of-trustwave-and-mark-lukie-of-barracuda/

E-Mail ist einer der Hauptangriffswege für Internetkriminelle. Phishing, verseuchte Links und Anhänge sowie Spam-Mails sind lange bekannt, aber weiterhin ein steigendes Risiko. Was muss in der E-Mail-Sicherheit geändert werden? Wie kann man die E-Mail-Risiken in den Griff bekommen? Das Interview von Oliver Schonschek, News-Analyst Insider Research, mit Marco Rossi von Trustwave liefert Antworten.

Ever thought of hiring a ransomware negotiator, or becoming one yourself? On today's episode, Kurtis Minder of GroupSense tells us what makes a good ransomware negotiator, why setting the right tone is crucial in a successful negotiation and why, in the right situation, you can get away with referring to a ransomer as “grasshopper.” We're also excited to announce a new, hands-on training series called Cyber Work Applied. Every week, expert Infosec instructors and industry practitioners teach you a new cybersecurity skill and show you how that skill applies to real-world scenarios. You'll learn how to carry out different cyberattacks, practice using common cybersecurity tools, follow along with walkthroughs of how major breaches occurred, and more. And it's free! Check out the link below to start learning.– Learn cybersecurity with our FREE Cyber Work Applied training series: https://www.infosecinstitute.com/learn/ – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAs the CEO and co-founder of GroupSense, Kurtis Minder leads a team of world-class analysts and technologists providing custom cybersecurity intelligence to some of the globe's top brands. The company's analysts conduct cyber research and reconnaissance and map the threats to client risk profiles. Kurtis arrived at GroupSense after more than 20 years in roles spanning operations, design and business development at companies like Mirage Networks (acquired by Trustwave), Caymas Systems (acquired by Citrix) and Fortinet (IPO).About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It's our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.