#Trustwave

Phishing-as-a-Service “Rockstar 2FA” Targets Microsoft 365 Users with AiTM Attacks

by

November 29, 2024 at 05:33AM Researchers warn of a phishing-as-a-service (PhaaS) toolkit, Rockstar 2FA, targeting Microsoft 365 credentials through email campaigns. Utilizing adversary-in-the-middle (AitM) attacks, it bypasses multi-factor authentication (MFA). Promoted features assist cybercriminals in executing campaigns with minimal expertise, leading to significant potential financial losses for victims. ### Meeting Takeaways – Cybercrime / Cloud … Read more

Cybereason and Trustwave Announce Merger

by

November 14, 2024 at 05:39AM Cybereason Chairman & CEO Eric Gan envisions that the merger with Trustwave could enhance the company’s success in various international markets. The announcement highlights a strategic move aimed at strengthening their global presence. **Meeting Takeaways:** 1. **Merger Announcement**: Cybereason has announced a merger with Trustwave. 2. **Leadership Insight**: Eric Gan, … Read more

Malicious Ads on Google Target Chinese Users with Fake Messaging Apps

by

January 26, 2024 at 05:48AM Chinese-speaking users have been targeted with malicious Google ads for restricted messaging apps like Telegram in an ongoing malvertising campaign. The threat actor abuses Google advertiser accounts to direct users to pages where they unknowingly download Remote Administration Trojans. Additionally, phishing-as-a-service platform “Greatness” is being used to create legitimate-looking credential … Read more

Godzilla Web Shell Attacks Stomp on Critical Apache ActiveMQ Flaw

by

January 22, 2024 at 06:09PM A new wave of cyberattacks is targeting a critical remote code-execution vulnerability in Apache ActiveMQ, using the Godzilla Web shell to gain control. The vulnerability, CVE-2023-46604, affects multiple versions of ActiveMQ and allows for malicious port scanning, code injection, and other activities. Over 3,400 vulnerable servers have been identified, leading … Read more

Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell Attacks

by

January 21, 2024 at 11:03PM Cybersecurity researchers have observed an increase in threat actor activity exploiting a vulnerability in Apache ActiveMQ by delivering the Godzilla web shell. The web shells are concealed within an unknown binary format to evade security measures. This vulnerability has been actively exploited to deploy ransomware, rootkits, cryptocurrency miners, and DDoS … Read more

Chertoff Group Affiliate Completes Trustwave Acquisition

by

January 9, 2024 at 08:57AM MC2 Security Fund, affiliated with The Chertoff Group, acquired Trustwave, a managed security services provider specializing in cybersecurity services and managed detection and response. The deal aims to expand Trustwave’s global reach and align with MC2’s private equity investments in security and risk management companies. The sale by Singtel for … Read more

Cybersecurity M&A Roundup: 31 Deals Announced in October 2023

by

November 7, 2023 at 05:24AM October 2023 saw a total of 31 cybersecurity-related merger and acquisition (M&A) deals. Some notable acquisitions include Arctic Wolf’s acquisition of Revelstoke to enhance its security orchestration, automation, and response (SOAR) capabilities, and Okta’s acquisition of Uno to accelerate the release of its consumer password manager. Other acquisitions were made … Read more

Cybersecurity M&A Roundup for First Half of October 2023

by

October 18, 2023 at 07:00AM In the first half of October 2023, there were over a dozen cybersecurity-related merger and acquisition (M&A) deals announced. Some notable acquisitions include Arctic Wolf’s acquisition of Revelstoke to enhance their security orchestration capabilities, KPMG’s acquisition of IMagosoft to expand their identity and access management services, and Okta’s acquisition of … Read more