Feeds

Articles about Trustwave

management strategy2

Insight Enterprises grabs Trustwave EMEA marketing director

Insight Enterprises has raided Trustwave's reservation and made off with EMEA marketing director Jill Murray, El Chan can reveal. She is not a direct replacement for Ashley Gatehouse, who ran Insight's marketing activities across mainland Europe and the UK until last year, as her remit will cover only Blighty. Sources told us …
Paul Kunert, 14 May 2014

Trustwave gobbles up Application Security, gorges itself on tech

Data security biz Trustwave has acquired fellow data security provider Application Security, a startup that specialises in automated database security scanning technologies. Financial terms of the deal, announced on Monday, were undisclosed. Privately-held Application Security develops security software for relational databases …
John Leyden, 12 Nov 2013

Banks lob sueball at Trustwave, Target over breach

A group of banks has filed a class action lawsuit against Target over its recent data breach, and has named security company Trustwave as a co-defendant. The late-2013 security breach resulted in at least 40 million customers' credit cards being compromised, after a Maryland contractor's systems provided a bridge into the retail …
The Register breaking news

Secure cloud biz Trustwave equips M86 anti-malware guns

Cloud-security firm Trustwave has bought web security and anti-malware firm M86 Security. Financial terms of the acquisition, announced Tuesday, were undisclosed. Trustwave said the deal allowed it to add web security to its portfolio of compliance, application, network and data security products and services. It promised that …
John Leyden, 07 Mar 2012
The Register breaking news

Users still slack about passwords: Trustwave

Trustwave's SpiderLabs has completed an analysis of the passwords dumped on the Internet in this month’s eHarmony breach, and reached the depressing conclusion that too few people really seem to care about password strength. Having recovered 80 percent of the 1.5 million passwords in the dump file, the company says only 0.5 …
The Register breaking news

Trustwave admits crafting SSL snooping certificate

Certificate Authority Trustwave has revoked a digital certificate that allowed one of its clients to issue valid certificates for any server, thereby allowing one of its customers to intercept their employees' private email communication. The skeleton-key CA certificate was supplied in a tamper-proof hardware security module ( …
John Leyden, 09 Feb 2012
The Register breaking news

Trustwave to escape 'death penalty' for SSL skeleton key

Trustwave's admission that it issued a digital "skeleton key" that allowed an unnamed private biz to spy on SSL-encrypted connections within its corporate network has sparked a fiery debate about trust on the internet. Trustwave, an SSL certificate authority, confessed to supplying a subordinate root certificate as part of an …
John Leyden, 14 Feb 2012
Bitcoin bloodbath

Pony up: Botnet succesfully targets Bitcoin

Another $US200,000-plus worth of Bitcoins has been lifted, according to Trustwave, which has identified a new Pony botnet targeting crypto-currencies. News of the heist comes hard on the heels of Mt Gox withdrawing from the Bitcoin foundation and killing off its social media accounts. Pony isn't a horse of a completely …
Infosec

Who needs hackers? 'Password1' opens a third of all biz doors

Hundreds of thousands of hashed corporate passwords have been cracked within minutes by penetration testers using graphics processing units. The 626,718 passwords were harvested during penetration tests over the last two years conducted across corporate America by Trustwave infosec geeks. The firm's threat intelligence manager …
Darren Pauli, 15 Aug 2014
Spam image

spɹɐʍʞɔɐB writing is spammers' new mail filter avoidance trick

Spammers are writing emails backwards in an attempt to sneak past spam filters, security researcher Brian Bebeau has found. The pests were using left-to-right override code intended to facilitate the use of bi-direction text, such as a document that included English and Hebrew. The Trustwave researcher said the tactic had a …
Darren Pauli, 12 Sep 2014

Two million TERRIBLE PASSWORDS stolen by malware attackers

Researchers have uncovered a massive cache of stolen account credentials which could impact some two million users. Security firm Trustwave said that its SpiderLabs reconnaissance team has detected a malware operation which has been able to pilfer account credentials on infected machines and build an archive of lifted passwords …
Shaun Nichols, 04 Dec 2013
Iphone_hard_case

Put down that iPad! Snoopware RECORDS your EVERY gesture, TAP on iOS, Android

A security researcher has developed a proof-of-concept malware capable of capturing the actions of users on touchscreen devices. Senior security consultant Neal Hindocha and his colleagues at Trustwave were able to brew up similar strains of prototype malicious code for both rooted Android and jailbroken iOS devices. The line of …
John Leyden, 05 Feb 2014

iOS 7: Even if you don't jailbreak your iPhone, bugs STILL CREEP IN

The comforting notion that unmodified iOS phones are more or less immune to security threats has been shaken to the core with the release of new research that shows mobile monitoring applications can bypass Apple’s app review process and successfully exploit non-jailbroken iOS 7 kit. Background monitoring mobile (AKA snooping) …
John Leyden, 25 Feb 2014
IE8 patch

Back-to-school Patch Tuesday: Critical updates for Internet Explorer, Adobe Reader

Microsoft is planning a light edition of Patch Tuesday for September with just four bulletins, only one of which covers critical vulnerabilities. But an upcoming Adobe critical update for its Reader software around the same time means sysadmins are still likely to have their hands full next Tuesday. The sole critical update for …
John Leyden, 05 Sep 2014
IE8 patch

Internet Explorer stars in monster October Patch Tuesday

October is stacking up to be a bumper Patch Tuesday update with nine bulletins lined up for delivery — three rated critical. Cloud security firm Qualys estimates two of the lesser "important" bulletins are just as bad however, as they would also allow malicious code injection onto vulnerable systems. Top of the critical list is …
John Leyden, 10 Oct 2014
Printed key

French gov used fake Google certificate to read its workers' traffic

A French government agency has been caught signing SSL certificates and impersonating Google. The bogus certificates were endorsed by the certificate authority of the French Treasury, DG Trésor. And the Treasury's own authorisation certificate was, in turn, vouched for by IGC/A (Infrastructure de Gestion de la Confiance de l' …
John Leyden, 10 Dec 2013
toilet

Posh potty owners flushed by dodgy Bluetooth password

A high-tech toilet that takes care of everything except wiping its owner has been left wide open to attackers thanks to a basic security flaw. toilet Bluetooth blunder leaves bollocks prone to blasting The Satis toilet, a $5,686 (£3,821) appliance built by Japanese (of course) manufacturer Lixil, is designed to open itself …
Iain Thomson, 05 Aug 2013
Windows XP BSOD

Final Windows XP Patch Tuesday will plug Word RTF vuln

The final Patch Tuesday for Windows XP will bring four bulletins, including a critical fix for a zero-day Word vulnerability uncovered last week. The critical 0-day vulnerability - already the object of targeted attacks - opens the door to remote code execution nasties if a user opens a RTF file in Word 2010 or in Outlook while …
John Leyden, 04 Apr 2014

Easily picked CD-ROM drive locks let Mexican banditos nick ATM cash

Lax security at Mexican banks has allowed cybercriminals to put their own malware-ridden CDs into ATM machines in order to gain control of the easily-compromised cash machines. The Ploutus malware was installed after "criminals acquired access to the ATM’s CD-ROM drive and inserted a new boot CD into it". The ruse was possible …
John Leyden, 11 Oct 2013
exchange_coffee

Microsoft pulls faulty Exchange 2013 patch HOURS after release

Microsoft has pulled a security update for Exchange 2013 after problems emerged with the latest patch to the email server software just hours after its release. The critical MS13-061 security update for Exchange Server 2013 broke the message index service, preventing Exchange 2013 email users from searching their mailboxes. …
John Leyden, 15 Aug 2013
The Register breaking news

Clear next Tues: Incoming Outlook, IE, Windows critical security patches

Microsoft will squash 14 sets of security vulnerabilities - four of which are deemed critical - in the next edition of its monthly batch of Patch Tuesday updates, due next week. Those four critical patches will address flaws in the Sharepoint server software, the Outlook component of Microsoft Office 2007 and 2010, Internet …
John Leyden, 06 Sep 2013

Happy 10th b-day, Patch Tuesday: TWO critical IE 0-day bugs, did you say?

Microsoft delivered no fewer than eight bulletins to mark the tenth anniversary of Patch Tuesday, including a fix covering two zero-day vulnerabilities in Internet Explorer. A critical patch for all supported versions of IE covers a well-anticipated fix for the CVE-2013-3893 vulnerability, which has been associated with cyber …
John Leyden, 09 Oct 2013
The Register breaking news

Bank Trojan crooks trouser £800k from 30,000 Brits

Trustwave SpiderLabs has revealed how criminals stole more than £800,000 (€1m) from UK bank accounts using the Zeus Windows PC malware. The scam - which ran from June to November last year - targeted customers of six banks in Britain. It began with a flurry of emails that tricked marks into clicking on a link to a fake Facebook …
John Leyden, 05 Jul 2012
The Register breaking news

PHP devs lob second patch at super-critical CGI bug

The developers of PHP have released updates to thwart fresh attacks against systems that use the scripting language to dynamically generate web pages. All users are encouraged to upgrade to PHP 5.4.3 or PHP 5.3.13, as appropriate, after a serious security bug in PHP-CGI-based setups was disclosed. Developers attempted to fix …
John Leyden, 09 May 2012
The Register breaking news

Microsoft to slap 9 patches on Windows junkies on Tuesday

Microsoft is lining up nine patches - two critical - as part of the April edition of its regular Patch Tuesday update cycle. The nine bulletins due on 9 April affect all versions of Windows, some Office and Server components as well as Windows Defender on Windows 8 and RT. The first of the two critical updates covers all …
John Leyden, 05 Apr 2013
The Register breaking news

Password hints easily snaffled from Windows PCs

Punters' password hints are easily extracted from the latest Microsoft Windows machines, security researchers have discovered. TrustWave SpiderLabs uncovered a key called "UserPasswordHint" during wider research into how the Redmond operating system stores password hashes. Subsequent studies showed it was easy to extract and …
John Leyden, 23 Aug 2012
The Register breaking news

Microsoft Santa gifts you with 5 critical fixes in Xmas Patch Tuesday

December's Patch Tuesday brought seven bulletins from Microsoft, five of which cover critical security vulnerabilities. A critical update for MS Word (MS12-079) is rated by security watchers as the most important of the batch. A flaw in Rich Text Format (RTF) processing poses a severe risk because Microsoft Outlook automatically …
John Leyden, 12 Dec 2012
bug on keyboard

Remember Anna Kournikova? Come with us on a tour of bug-squishing history

Brain. No, it’s not some Skynet AI drone, nor is it the blob that was always out to get the Teenage Mutant Hero Turtles. It is the name of the first PC virus, dating back to 1986. The two Pakistani brothers, Basit and Amjad Farooq Alvi, who wrote it did not have malicious intentions: they simply wanted to scare people running …
Tom Brewster, 03 Jun 2014
The Register breaking news

Firefox 'death sentence' threat to TeliaSonera over gov spy claims

Firefox-maker Mozilla could issue a "death sentence" to TeliaSonera's SSL business over allegations the telecoms giant sold Orwellian surveillance tech to dictators. The punishment would be an embarrassing blow to the company: it would effectively cut off HTTPS-encrypted websites verified by TeliaSonera from Firefox users, who …
Gavin Clarke, 16 Apr 2013
The Register breaking news

Dexter malware targets point of sale systems worldwide

You could be getting more than you bargained for when you swipe your credit card this holiday shopping season, thanks to new malware that can skim credit card info from compromised point-of-sale (POS) systems. First spotted by security firm Seculert, the malware dubbed "Dexter" is believed to have infected hundreds of POS …
Neil McAllister, 14 Dec 2012
The Register breaking news

Hellish XML demon exorcised from Windows, IE bug stays

Microsoft released two "critical" patches and five "important" security updates on Tuesday - but none of the fixes address a zero-day vulnerability in Internet Explorer discovered two weeks ago. The two critical patches tackle a remote-code execution vulnerability in the Windows Print Spooler (MS13-001) and similarly serious …
John Leyden, 09 Jan 2013
The Register breaking news

Jesus Phone saved from being man-in-the-middled

Apple has released another security update for iPhones and fondleslabs less than a fortnight after a security fix intended to prevent the tightly controlled devices being jailbroken. The latest update to iOS 4.3.5 tackles a digital certificate validation flaw that created a possible mechanism for man in the middle attacks on …
John Leyden, 29 Jul 2011
The Register breaking news

IT staffers on ragged edge of burnout and cynicism

A survey of stress levels among IT security staff, thought to be the first of its kind, has shown that an alarming number of staffers are suffering dangerous levels of cynicism, leaving them depressed and unable to function properly. The survey (securityburnout.org) was organized by Jack Daniel, founder of the Security B-Sides …
Iain Thomson, 27 Feb 2012
The Register breaking news

Femtocells wilt under attack

Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope. Researchers working for TrustWave will present details of their successful attacks against femtocells at the ShmooCon security conference next week in Washington …
Bill Ray, 02 Feb 2010
The Register breaking news

'Devastating' Apache bug leaves servers exposed

Maintainers of the Apache webserver are racing to patch a severe weakness that allows an attacker to use a single PC to completely crash a system and was first diagnosed 54 months ago. Attack code dubbed “Apache Killer” that exploits the vulnerability in the way Apache handles HTTP-based range requests was published Friday on …
Dan Goodin, 24 Aug 2011
The Register breaking news

Sophos downplays Android malware threat

Android users have little reason to fear an immediate onslaught of malware despite the demonstration of a rootkit-based attack at last week's Defcon conference, according to a leading anti-virus supplier. Researchers at Spider Labs demonstrated proof-of-concept malware that could access messages and emails on an Android …
John Leyden, 03 Aug 2010
The Register breaking news

Researcher barred from demoing ATM security vuln

A talk demonstrating security weaknesses in a widely used automatic teller machine has been pulled from next month's Black Hat conference after the machine vendor placed pressure on the speaker's employer. Juniper Networks, a provider of network devices and security services, said it delayed the talk by its employee Barnaby Jack …
Dan Goodin, 30 Jun 2009
The Register breaking news

Data-sniffing trojans burrow into Eastern European ATMs

Security experts have discovered a family of data-stealing trojans that have burrowed into automatic teller machines in Eastern Europe over the past 18 months. The malware logs the magnetic-stripe data and personal identification number of cards used at an infected machine and provides an intuitive interface for retrieving the …
Dan Goodin, 03 Jun 2009
The Register breaking news

Research spies holes in Fortune 1000 wireless nets

Overlooked design weaknesses in a widely used type of wireless network are seriously jeopardizing the network security of the retailers and manufacturers that rely on them, a security expert has determined. So-called FHSS, or frequency-hopping spread spectrum, networks are an early form of the 802.11 wireless data standard. …
Dan Goodin, 06 Apr 2009