News
Latest breaking cybersecurity news
iTrust: A Tool for Today’s Cybersecurity Challenges
Blog Organizations worldwide are grappling with safeguarding their digital assets against escalating threats. These threats encompass traditional cyber-attacks and include more insidious risks that lurk within the vast amounts of data organizations generate...
Cyber Security Posture in 2024: All You Need to Know
Blog Cyber security posture refers to an organization's overall defensive stance against cyber threats, encompassing its policies, practices, and technologies designed to protect digital assets and sensitive information from unauthorized access, theft, or...
Launching a Safer Future: Meet GhostWatch and iTrust from TrustNet
Blog TrustNet is a cybersecurity and compliance industry leader renowned for innovative and robust solutions. We are dedicated to safeguarding digital ecosystems against the evolving threats of today. With an ever-increasing reliance on technology, TrustNet...
Coming Soon: Exciting New Solutions from TrustNet in 2024
Blog As we usher in a new year, TrustNet continues its unwavering commitment to innovation in cybersecurity. With an established track record of providing robust and reliable solutions, we are launching a series of transformative offerings in 2024 that will...
TrustNet’s 2023 Journey: Celebrating Our Growth and Successes in Cybersecurity
Blog In 2023, TrustNet marked an impressive year of growth and success in the dynamic field of cybersecurity. This year's milestones are a testament to our unwavering commitment to excellence as we navigated complex security landscapes, innovated, and...
Educational Institutions Also Need To Pay Attention To Cybersecurity, Here’s Why
Blog The Education Cybersecurity Summit 2023 took place in New York City on December 8, 2023. This event allowed technology professionals in the government and educational sectors to learn about the latest efforts to defend against cyber threats. This issue...
Data Connectors Cybersecurity Conference Atlanta November 2023
Blog The Data Connectors Cybersecurity Conference, which took place in Atlanta on November 30th, 2023, was a significant event for anyone involved in cybersecurity. Held at the Cobb Galleria Centre, this conference allowed attendees to learn about the latest...
Banking On Security: Digital Transformation In Banking & Insurance Summit
Blog The inaugural Digital Transformation in Banking & Insurance (SEA) Summit is a beacon of insight in an era of digital transformation rapidly reshaping industries. This trailblazing event is an essential platform for thought-provoking discussions and...
How Does Open Source Data Change The Cyberdefense Game (Open Source Data Summit 2023)
Blog The Open Source Data Summit 2023 was a live virtual summit held on November 15th, 2023. This premier event united open-source developers, technologists, and community leaders to collaborate, share information, and solve real-world problems. Open source...
TrustNet Congratulates iWave For Their Recent Acquisition of NonprofitOS
Blog iWave, one of the industry's top-rated fundraising intelligence providers, recently announced their acquisition of Nonprofit Operating System (NonprofitOS), a revolutionary generative AI platform designed by fundraisers for fundraisers. NonprofitOS is...
Health Is Wealth, Even In Data Security (Official Cyber Security Healthcare & Pharma Summit)
Blog In today's digital world, the need for robust cybersecurity measures is critical. This is especially true in the healthcare and pharmaceutical sectors. Essential data and infrastructure must be secure from ever-evolving cyber threats, and it's no small...
TrustNet’s Takeaways from CyberDefenseCon 2023
Giving their take on CyberDefenseCon’s 2023 agenda, TrustNet brings forward their expertise in detecting cyber threats and ensuring rapid response before events escalate. They explore how these capabilities play a crucial role in defending against cyberattacks and maintaining business continuity.
FutureCon’s Theme at San Diego Is Actually an Action Item
Managed security and compliance leader TrustNet shares their well-proven approach to the emerging challenges explored at the FutureCon San Diego CyberSecurity Conference.
TrustNet Congratulates Logistics Plus for Global Trade Recognition
Logistics Plus, Inc., a global leader in transportation, logistics, and supply chain solutions, has been named one of America’s top third-party logistics providers by Global Trade magazine.
Key GRC Takeaways from the 2023 IANS Information Security Forum
GRC expert services provider TrustNet shares thoughts on the 2023 IANS Information Security Forum in Atlanta.
TrustNet team attends RSA Conference 2023: Our Impression and Thoughts
TrustNet team attends RSA Conference 2023 to stay ahead of cybersecurity, receive awards, and decipher Frisco’s charms Every year since 1991, IT companies showcase their products and services at a venue where the world’s preeminent organizations and thought leaders...
Cybercriminals Are Getting Faster at Exploiting Vulnerabilities
The race continues over which side of cybersecurity will gain the upper hand in the next few years. There are some good news and a few alarming ones. But one detail stands out in the 2022 study by Rapid7: the bad side appears to be gaining speed. Rapid7's...
Microsoft Sounds Alarm on Ransomware Threats to Apple’s MacOS
Apple's macOS, known for its security features and stability, has long been considered a haven for users who want to keep their devices and data secure. However, recent findings by Microsoft security researchers suggest that this perception may no longer be accurate....
Drizly CEO Facing Unprecedented Sanctions for Data Privacy Violations
Online alcohol delivery service company, Drizly and its former CEO are facing a series of sanctions from the Federal Trade Commission (FTC) for violating data privacy rules. The FTC has imposed unprecedented personal liability on the former CEO, which will impact him...
Hack the Pentagon 3.0: Shifting Focus to Facility Control Systems
The Department of Defense's bug bounty program, known as Hack the Pentagon, is launching its third iteration. This time, it will focus on the facility control system network. The third iteration of the program, which is known as Hack the Pentagon 3.0, will look into...
Code-Injection Bugs Bite Google, Apache Open-Source GitHub Projects
Two of the most popular open-source ventures have identified several weaknesses, Google and Apache. The vulnerabilities may be used to access various proprietary information stealthily and provide access to lateral movement in a firm. Moreover, the glitch may be used...
AICPA Updates SOC 2 Guidance: What’s Changed?
The AICPA has revised and updated the SOC 2 guidelines. There are no changes to the SOC 2 trust services criteria (commonly referred to as control objectives) however, there are new and revised “points of focus.” At the core, the points of focus provide...
Corporate Employees Conned by Sneaky Stealers Using Fake Zoom Downloads
A new sneak attack is hitting the computer systems of corporate workers by redirecting users to fake download sites for popular productivity software, such as Zoom. Researchers at Cyble revealed that the attackers behind the new strain, which is known as Rhadamanthys...
Trends and Predictions for Cybersecurity 2023
The field of cybersecurity is constantly evolving due to the rapid advancements in technology and the constantly changing threat of cybercrime. To stay informed and be prepared for the future, it is important to understand what experts predict for cybersecurity in...
ChatGPT: Cybersecurity Threat or Not Really?
Artificial intelligence (AI) has become commonplace in many aspects of our lives in recent years. We have seen AI used to automate customer service helplines, improve the accuracy of facial recognition software, and even power...
Biden Administration to Release National Cyber Strategy
The Biden Administration is set to release a comprehensive National Cyber Strategy that will work to strengthen the security of our nation's digital infrastructure and protect us from malicious cyber threats. This strategy comes when cybersecurity is more important...
Holiday Breaches and Scams 2022-2023
For most Americans, the holidays are full of shopping, festive candlelight dinners, and family gatherings. However, for some consumers, one number on their credit card statement stands out among all those other numbers—the dollar amount from unauthorized charges made...
Notice of Recent Security Incident: LastPass
A security breach has been discovered within the LastPass password manager service. More information to come in the coming weeks. Keep your LastPass account safe by changing your master password and creating a new unique one-time recovery key. The LastPass team is...
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Twilio and Cloudfare employees have seen targeted attacks against them in a much larger phishing campaign. The phishing campaign has successfully compromised 9,931 accounts across 130 different organizations. The campaign focused on the abuse of identity and access...
Python Developers are Targeted by WASP Stealer in an Ongoing Attack on Supply Chain
An ongoing supply chain attack has seen the spread of the W4SP Stealer virus. So far, the malicious Python packages have infected over 100 persons. In a technical write-up, Checkmarx researcher Josef Harush echoes that the threat actor is still active and sending out...
Zero-Trust Initiatives Stall, as Cyberattack Costs Rocket to $1M Per Incident
Both large and medium-sized organizations need help to offset increasing data losses and a steep increase in downtime. As if this was not enough, organizations must also be content with high recovery costs after a cyber-attack. A cyberattack costs an organization...
Former Uber CISO Joe Sullivan Found Guilty Over Breach Cover-Up
Sullivan was arrested and charged with two felonies: obstruction of justice and misprision. During his tenure as Chief Security Officer (CSO) at Uber (April 2015–November 2017), the firm suffered a data breach in which over 50 million customers and drivers' personal...
Windows Mark of the Web Zero-Days Remain Patchless
Microsoft's Mark of the Web (MOTW) is a security feature that prevents malicious files and attachments from being downloaded or opened. However, two independent vulnerabilities exist in various versions of Windows that allow attackers to bypass this protection. Will...
Are You Ready for the New ISO 27001:2022?
This year has seen the first significant update to ISO 27002 since 2013. These modifications reflect in Annex A's security controls for organizations with ISO 27001 certification. ISO 27001 is a standard for ISMS (information security management systems) that...
Effects of Cloud Complexities on Cybersecurity
Venafi, a company that makes artificial ID solutions, recently conducted a study to learn more about the effects of cloud complexities on cybersecurity. According to a poll conducted by Venafi among 1,101 security decision-makers (SDMs) at enterprises with over 1,000...
VMware ESXi Hypervisors Vulnerable to a New and Deadly Attack Method
According to the security firm, a threat actor headquartered in China utilized tainted vSphere Installation Bundles to plant multiple backdoors in targeted computers. VMware published urgent new mitigation measures and advice for customers of its vSphere virtualized...
Capital One Phishing Attack Displays a Growing Trend in Bank-Brand Targeting
Phishers keep an eye on the news and use this knowledge to their advantage, as evidenced by the Capital One lures, which took advantage of the bank's recently formed collaboration with Authentify. Capital One's recent cooperation with Authentify has been used in a...
US Government Issues Guidance for Software Developers to Secure Software Supply Chain
Blog Enhancing the security of the software supply chain is just as important as ensuring that physical goods and components can move smoothly from the origin to the endpoint to reach their destinations successfully. To that end, three federal agencies, the...
Student Loan Breach Exposes 2.5 Million Records
The Oklahoma Student Loan Authority (OSLA) and EdFinancial recently announced that over 2.5 million loanees were the victims of a severe data breach that has compromised their personal information. The target of the attack was a Lincoln, Nebraska-based web portal and...
Microsoft Cloud Providers Move to Ban Basic Authentication
Flaws in the authentication process mean compromised security for businesses that contract with major cloud providers for services, data storage, and protection. One of the most significant weaknesses in their armor occurs when customers are allowed to enter usernames...
Chrome Bug Allows Webpages to Replace Clipboard Contents
Browsers restrict webpages from accessing various forms of user data, and the user retains their right to share information with a website. However, a recent discovery reveals that Google Chrome has a security flaw that allows websites to change data contained in the...
Code-Injection Bugs Bite Google, Apache Open-Source GitHub Projects
Two of the most popular open-source ventures have identified several weaknesses, Google and Apache. The vulnerabilities may be used to access various proprietary information stealthily and provide access to lateral movement in a firm. Moreover, the glitch may be used...
2022: Ransomware Attacks Are on the Rise
Cyberspace has enjoyed relative peace over the past few years due to a significant decline in ransomware attacks. This tranquility may be attributed to the combined efforts of several international intelligence agencies and various tech companies to eradicate...
Zero-Day Vulnerability Exploited to Hack Over 1,000 Zimbra Email Servers
Hackers use a zero-day vulnerability in Zimbra to inject a malicious payload onto vulnerable webmail servers using the PGP decryption exploit they ported during a recent Black Hat 2022 conference. To take control of the victim's email account, the hacker would first...
Zeppelin Ransomware Resurfaces with New Compromise
A Zeus variant that first surfaced in August 2016 called Zeppelin has resurfaced and is now being used to compromise Web servers to distribute its payload. The threat researchers at Forcepoint Security Labs said they first started seeing new Zeppelin malware samples...
DEF CON returns with “Hacker Homecoming”
Organizers of DEF CON, the world's largest hacker conference, have announced a date for its 20th anniversary in Las Vegas. The event took place from August 7 to August 10, just after Black Hat USA in a move organizers say will allow both events to grow and be...
Sneaky Orbit Malware Backdoors Linux Devices
Researchers have discovered a devious malware for Linux: backdooring devices and stealing data. The malware can alter the overall functioning of any device that it gets into. Popularly known as Orbit, the malware works differently from regular Linux threats. The...
The U.S. Health Organizations Targeted With Maui Ransomware
North Korea's state-sponsored ransomware operators have launched a campaign targeting healthcare organizations in the United States. This is according to an advisory issued by the Federal Bureau of Investigations (FBI) and the Infrastructure Security Agency (CISA)....
Vulnerabilities Found in Widely Used Robustel Industrial Routers
The Cisco Talos Threat Analytic and Research Unit has picked up several threats and vulnerabilities in the popularly used industrial cellular gateway IoT. The affected device, called the R1510, was created by a Chinese company called Robustel. The product is designed...
CISA Suggests That Organizations Use the Most Recent Version of Google Chrome
Blog Users and administrators should update to a new version of Chrome released by Google last week to address seven flaws in the browser, according to the US Cybersecurity and Infrastructure Agency (CISA). Google published an advisory on January 6, 2019....
Beware the ‘Secret Agent’ Cloud Middleware
Last Thursday, at RSA Conference in San Francisco, the researchers from Wiz.io unveiled an open-source cloud middleware database on GitHub that details the particular middleware agents that Amazon Web Services (AWS), Google, and Microsoft put on their cloud customers'...
TrustNet Wins “Editor’s Choice in Managed Security Service Provider (MSSP)” at #RSAC 2022
Blog SAN FRANCISCO (BUSINESSWIRE) JUNE 6, 2022 – TrustNet is proud to announce we have won the following award from Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine: “Editor’s Choice in Managed Security Service...
Biometric Data Provides Increased Security, There Are Risk Factors
As the use of biometric data becomes more widespread, it is important to consider the potential risks associated with its use. While biometric data can provide increased security, there are a number of factors that should be considered when using this type of data....
ChromeLoader Browser Hijacker Provides Gateway to Bigger Threats
Although ChromeLoader may appear to be a run-of-the-mill browser hijacker that merely reroutes users to advertising sites, its use of PowerShell might represent a greater danger by allowing for further and more sophisticated malicious activity such as the spread of...
Follina: A New Microsoft Zero-Day Attack is Now Underway
Worried about fraud, employers are shifting to authentication technologies that are both secure and user-friendly. But there's a catch. Adversaries are actively exploiting a readily exploitable vulnerability in the Microsoft Support Diagnostic Tool (MSDT) in Windows,...
Zyxel Firewall Bug is Active and Being Used After PoC Exploit Demo Debut
Zyxel firewalls are currently (as of May 2022) under a cyberattack after a critical security flaw was disclosed last week, allowing unauthenticated, remote arbitrary code execution. The flaw, CVE-2020-9054, exists in the XML parser of Zyxel's network-attached storage...
‘Sysrv’ Botnet Targeting Recent Spring Cloud Gateway Vulnerability
Microsoft has discovered a new variant of the Sysrv botnet that includes a recent Spring Cloud Gateway vulnerability in its arsenal. Since at least late 2020, the Sysrv botnet has been active, attempting to exploit known security flaws in access interfaces in order to...
Novel Phishing Trick: Unusual Links to Trick Spam Filters
Researchers have identified a never-before-seen method for sneaking malicious links into email inboxes. A novel form of phishing takes advantage of a disparity between how browsers and email inboxes read web domains. According to a Monday report by Perception Point,...
Log4j Attack Surface Remains Massive
Four months ago, the remote code execution hole exposed in the Apache Log4j logging tool still had a wide range of potential victims. Using the Shodan search engine, Rezilion discovered more than 90,000 Internet-exposed servers with a vulnerable version of the...
Defending Your Business Against Russian Cyber Warfare
As the West tightens its sanctions and supplies further assistance to Ukraine, we may anticipate Russian state-sponsored assaults to increase. The conflict in Ukraine is drawing attention from around the world. Russia has launched cyberattacks against Ukraine first,...
Former Uber Chief Security Officer To Face Wire Fraud Charges because of Failed Cybersecurity
Over the past few years, the road has not been smooth for former Uber Chief Security Officer Joseph Sullivan. On December 21, 2021, three additional wire fraud charges were added to the felony obstruction and misprision counts he was already facing due to his alleged...
NVIDIA Confirms Employee Credentials Stolen in Cyberattack
NVIDIA, famous for designing graphics processing units and integrated circuits, recently became the latest victim of a serious cyberattack. Officials confirm that the incident occurred on February 23, 2022, resulting in the online leaking of employee credentials. "We...
Nearly Two-Thirds of Ransomware Victims Paid Ransoms in 2021
Leading research and marketing firm CyberEdge Group, which serves companies in the cybersecurity industry, just published its ninth Cyberthreat Defense Report (CDR). This report acts as the standard for gauging organizations’ security postures, documenting the...
New US Law to Require Cyber Incident Report
Cybersecurity concerns have gained even greater significance in the recent Russia-backed SolarWinds sabotage and the Ukrainian war. In response, the US House and Senate will soon pass the Cyber Incident Reporting for Critical Infrastructure Act of 2022. Shortly after...
Multiple Security Flaws Discovered in Popular Software Package Managers
Recent security vulnerabilities in popular software package managers are raising concerns among digital safety experts. When these flaws compromise machines, it may be possible for hackers to get their hands on sensitive information, including source code and access...
Mobile Threats Skyrocket
Although mobile devices are portable, powerful, and convenient, their use in employees' jobs is coming at a price. The very features that make them compelling also render them especially vulnerable to hacking. Data shows that nearly one-third of zero-day attacks now...
Hacked US Companies to Face New Reporting Requirements
When cybercriminals target sensitive data or charge companies or agencies a ransom to retrieve their encrypted information, the consequences can be dire. In response, Congress has passed a bill that will require that entities who deal with critical US security-related...
High Severity WordPress Plugin Bug Hits Three Million
According to security experts, a popular WordPress plugin contains a bug that could compromise user data and even hijack vulnerable websites. The solution is to update as soon as possible. The plugin, UpDraftPlus, is commonly used to back up users' data. As a result,...
Security Concerns are Biggest Barrier to Cloud Adoption
The adoption of cloud-based services continues to accelerate. In fact, 97 percent of those surveyed in recent Confluera research indicated that their organizations expect to expand their cloud deployments. To that end, many are enhancing the scope and extent of their...
More Organizations Suffered Phishing Attacks in 2021 Than in 2020
Thanks to intense media focus on the issue, the end-users of digital products should be much more aware of the dangers of data breaches. Nevertheless, every indication is that cyber attacks such as phishing schemes continue to increase in severity. In fact, a...
Researchers Warn of New Log4Shell-Like Java Vulnerability
Security experts are driving our attention to the Log4Shell vulnerability in Java again. It has been around for several months. Although this new vulnerability known as CVE-2021-42392 has not yet been published in the National Vulnerability Database (NVD), experts are...
Google Docs Comments Exploit Allows for Distribution of Phishing and Malware
From students to corporate executives, workgroups of all types benefit from both Google Docs and the larger Google Workspace platforms. Due to the preponderance of remote work during the pandemic, groups have remained productive thanks to the productivity these...
Patch Log4j Now or Risk Major Fines
Your information security vigilance can never be allowed to flag. Recently, the Federal Trade Commission underscored the importance of that point about the newly discovered Log4 Shell vulnerability. Companies that fail to take preemptive action by installing a patch...
Growing Amount of Phishing Attacks During the Holiday Season
Along with the good cheer and gifts that are hallmarks of the holiday season comes a much less welcome phenomenon: phishing attacks. The vast majority, well over 90 percent, are conducted through a company’s email system. During that high-traffic time between...
TrustNet’s Response to Log4j Vulnerability CVE-2021-44228
On December 9, 2021, TrustNet security officials became aware of a vulnerability in the Log4j logging framework, CVE-2021-44228. Log4j is a frequently used open-source utility distributed under the Apache Software License used within Java applications to generate...
TSA Requires Rail and Airports to Strengthen Cybersecurity
Earlier this year, a ransomware attack on the Colonial pipeline severely interrupted the country’s fuel distribution system. In response, regulations were implemented in May that strengthened the cybersecurity infrastructure of the pipeline system. In light of this...
U.S. Gov Announces Support for ‘Paris Call’ Cybersecurity Effort
On November 10, 2021, U.S. Vice President Kamala Harris re-established the nation's presence on the international stage by formally announcing the country's support of the Paris Call for Trust and Security in Cyberspace. This initiative, first issued in 2018, is a...
Zoom Patches High-Risk Flaws in Meeting Connector, Keybase Client Video Messaging
The use of video conferencing applications skyrocketed throughout the pandemic of 2020 and 2021. Although vendors such as Zoom were lifesavers for businesses and their remote employees, their systems have proven to be vulnerable to attack by cybercriminals. Most...
House Passes Two Bills to Improve Small Business Cybersecurity
The U.S. Congress recently passed two bills aimed at bolstering data security measures for small businesses. These pieces of legislation would strengthen the Small Business Administration's oversight, mitigate vulnerabilities and give entrepreneurs the tools to manage...
Basic Security Lapses Pave the Way for Ransomware Attacks in 2021
On the surface, ransomware attacks seem sophisticated and complex. Seemingly out of nowhere, criminals gain access to a company's or institution's data or systems, locking the rightful owners out unless and until they pay a hefty price. Due to their random and...
Sun Tzu’s ‘The Art of War’ Applied to Cybersecurity
In roughly the 5th century BC, the Chinese strategist Sun Tzu wrote a treatise that has long been one of the most famous military classics in the entire world. Its themes have profoundly affected not only Asian warfare but also have expanded to influence legal...
Shades of SolarWinds Attack Malware Found in New ‘Tomiris’ Backdoor
Just when it seemed like the furor around the supply attack on SolarWinds by a Russian-affiliated threat actor, Dark Halo had died down, sobering new allegations came to the fore. Researchers at Kaspersky revealed that they believe there to be a new backdoor (named...
More than 90% of Q2 Malware Was Hidden in Encrypted Traffic
WatchGuard Technologies' latest quarterly Internet Security Report laid out the most pressing security trends and malware threats impacting the digital universe. The document also specified the cutting-edge endpoint intelligence strategies that have been developed to...
Data Breach Kicks U.S. Dental Patients in the Teeth
North American Dental Management is a company based in Pittsburgh responsible for providing administrative and technical support services to Professional Dental Alliance offices. On March 31st and April 1st of 2021, an unauthorized entity gained access to the...
Banking Industry Hijacked by Ransomware Attacks in 2021
The headlines continue to buzz with news about ransomware attacks launched against educational institutions, hospitals, corporations, and banks. A recent TrendMicro report confirms that these third-party malware attacks remain prevalent. They happen when...
Gaming Industry Under Attack
In December of 2020, after much fanfare, the CD Project Group launched Cyberpunk 2077. However, contrary to the hype, the game was riddled with bugs and soon earned a cascade of blistering customer feedback. Two months later, hackers capitalized on the game's bugs,...
T-Mobile: 49 Million Customers Hit by Data Breach
In the era when smartphones have become indispensable in so many aspects of life, data breaches can be more devastating than ever before. The recent T-Mobile attack is a perfect example of such breaches. Here is what we know about the incident: The first and last...
Email Security in the Post-COVID Workplace
The post-pandemic “new Normal” impacts all aspects of our lives, including the job site. Even when COVID was at its peak, collaboration among staff members scattered across the country and around the world happened thanks to adaptations in organizational technology...
Data Leak in Fertility Clinic: Reasons & Consequences
Georgia-based fertility clinic Reproductive Biology Associates is one of the latest victims of the recent rash of ransomware attacks plaguing our country. Data from an estimated 38,000 victims were compromised as a result of this breach. Reproductive Biology...
Attackers Found New Ways to Exploit Google Docs
Google Docs can provide your organization with excellent tools to promote real-time collaboration among team members at different locations. However, this cloud-based service can also be used by criminals to breach company's security protocols. As is often the case,...