ModSecurity v3: DoS Vulnerability in Four Transformations (CVE-2023-38285)
ModSecurity is an open-source Web Application Firewall (WAF) engine maintained by Trustwave. This ...
Read MoreStay Informed
Sign up to receive the latest security news and trends straight to your inbox from Trustwave.
Cybersecurity in the Healthcare Industry: Trustwave SpiderLabs Report
In their latest report titled "Cybersecurity in the Healthcare Industry: Actionable Intelligence ...
Read MoreKillNet, Anonymous Sudan, and REvil Unveil Plans for Attacks on US and European Banking Systems
In a recent development, Russian hackers have declared their intention to launch cyberattacks on ...
Read MoreTrustwave Action Response: Zero Day Vulnerability in Barracuda Email Security Gateway Appliance (ESG) (CVE-2023-2868)
On May 19, 2023, Barracuda Networks identified a remote command injection vulnerability ...
Read MoreAnonymous Sudan: Religious Hacktivists or Russian Front Group?
The Trustwave SpiderLabs research team has been tracking a new threat group calling itself ...
Read MoreTrustwave Action Response: Zero-Day Vulnerability in Citrix ADC (CVE-2022-27518)
On Tuesday, December 13, a joint announcement from the United States NSA and Citrix announced a ...
Read More‘Tis the Season for Online Shopping and Phishing Scams
The 2022 holiday shopping season is here. Retailers’ discounts are kicking off early, and shoppers ...
Read MoreKillnet Claims Attacks Against Starlink, Whitehouse.gov, and United Kingdom Websites
Pro-Russian threat actor group Killnet claims to have launched DDoS attacks against Starlink and ...
Read MoreDevelopment of the Ukrainian Cyber Counter-Offensive
Overview Russia’s military incursion against Ukraine began on February 24, 2022, with a massive ...
Read MoreTrustwave Action Response: Zero Day Vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019
Update Oct. 4: Microsoft released Security Update Guides for these two vulnerabilities.
Read MoreRetaliation by the Pro-Russian Group KillNet
At the beginning of the Russia-Ukraine conflict, KillNet - a Russian cybergang - began actively ...
Read MoreTrustwave's Action Response: More MSDT Fallout with “Dogwalk”
A zero-day vulnerability has been re-disclosed that is very similar to the Follina zero-day ...
Read MoreTrustwave's Action Response: Microsoft zero-day CVE-2022-30190 (aka Follina)
Update June 7 - In the event of a compromise related to the Follina vulnerability, IT teams can ...
Read MoreTrustwave's Action Response: Atlassian Confluence CVE-2022-26134
Updated June 5 - Atlassian issued a fix for CVE-2022-30190 for versions 7.4.17, 7.13.7, 7.14.3, ...
Read MoreTrustwave’s Action Response: F5 BIG-IP Vulnerability (CVE-2022-1388)
Trustwave SpiderLabs is tracking a new critical-rated vulnerability (CVE-2022-1388) affecting F5 ...
Read MoreTrustwave’s Action Response: CVE-2022-22965 and CVE-2022-22963
Update 4/1: This blog was updated to reflect the release of IDS and ModSecurity rules.
Read MoreTrustwave’s Action Response: Russia-Ukraine Crisis – Defending Your Organization From Geopolitical Cybersecurity Threats
Feb. 28 Update: The latest economic sanctions imposed upon Russia could inspire that nation or ...
Read MoreTrustwave Action Response: Polkit Privilege Escalation Vulnerability - PwnKit (CVE-2021-4034)
Summary of Trustwave Actions (updated 1/26/2022): Trustwave security and engineering teams became ...
Read MoreTrustwave's Action Response: Multiple Log4j Zero-Day Vulnerabilities
Updates: Dec. 29: Updated to cover three additional CVEs: CVE-2021-4104, CVE-2021-44832, and ...
Read MoreModSecurity Regular Expressions and Disputed CVE-2020-15598
ModSecurity is an open-source Web Application Firewall (WAF) engine maintained by Trustwave. The ...
Read MoreVaccine for COVID-19 and Other Scams on the Dark Web
Our attempts to investigate the underground and document some of what’s going on in the Dark Web ...
Read MoreModSecurity Award Nominations and the Challenges of Open Source
In the hustle and bustle of everyday work life we tend to look at the current issues we’re working ...
Read MoreMicrosoft Internet Explorer Remote Code Execution 0-Day (CVE-2020-0674)
2020 is not starting out quietly for Microsoft, it seems. After the first Patch Tuesday of 2020 ...
Read MoreModSecurity v3.0.4 Released!
It is a pleasure to announce the release of ModSecurity version 3.0.4 (libModSecurity). This ...
Read MoreCVE-2019-1429: (Another) Microsoft Internet Explorer 0-Day
November’s Patch Tuesday from Microsoft included a patch for yet another Internet Explorer 0-day, ...
Read MoreMicrosoft Internet Explorer Remote Code Execution 0-Day (CVE-2019-1367)
Microsoft released an out-of-band patch for a 0-day vulnerability in Internet Explorer yesterday. ...
Read MoreAttacker Tracking Users Seeking Pakistani Passport
A few days ago we encountered a breach on a Pakistani government site which was compromised to ...
Read More