SpiderLabs Blog

SpiderLabs Capture the Flag 2020 Results

IBM Db2 Shared Memory Vulnerability (CVE-2020-4414)

I’ve recently blogged about a shared memory vulnerability in Cisco WebEx Meetings Client on Windows ...

From SSRF to Compromise: Case Study

Overview I think every penetration tester has a story about the one that got away. The bug that ...

vBulletin Remote Code Execution (CVE-2020-7373)

Last week, security researcher Amir Etemadieh (aka Zenoflex) disclosed that vBulletin’s patch for ...

Patch Tuesday, August 2020

August's Patch Tuesday is here with 120 CVEs patched. That includes 100 rated as "Important" and 20 ...

Playdate with Bots: Microsoft SQL Honeypots

A good way to keep an eye on attackers and get insight on their techniques and tactics is to use a ...

Microsoft Teams Updater Living off the Land

Introduction During this global pandemic COVID-19 situation, there has been an increasing trend of ...

Are You Really Scanning What You Think

In a previous post we explored the importance of scanning hostnames instead of IP addresses in ...

ASUS Router Vulnerable to Fake Updates and XSS (CVE-2020-15498 & CVE-2020-15499)

Recently ASUS patched two issues I discovered in the RT-AC1900P router firmware update ...

Lockscreen Ransomware Phishing Leads To Google Play Card Scam

Email scammers always seem to invent new ways of trickery to gain cash from their victims. We ...

Patch Tuesday, July 2020

July's Patch Tuesday is here with another large list of CVEs. It includes 20 CVEs rated "Critical" ...

Injecting Magecart into Magento Global Config

At the beginning of June 2020, we were contacted about a breach of a website using the Magento ...

Hackers Leverage Cloud Platforms to Spread Phishing Under the Radar

During April, amid the Covid-19 pandemic, Perception-Point wrote about a phishing campaign that ...

Still Scanning IP Addresses You’re Doing it Wrong

The traditional approach to a vulnerability scan or penetration test is to find the IP addresses ...

GoldenSpy Chapter 3: New and Improved Uninstaller

Background: On June 25th, Trustwave SpiderLabs published our research on a backdoor, dubbed ...

PhishINvite with Malicious ICS Files

In an earlier blog entitled “Phishing in the Cloud”, we outlined that threat actors are actively ...

Adventures in ATM Hacking

Intro Before this pandemic, Neil Burrows and myself (Bruno Oliveira) from Trustwave's SpiderLabs ...

GoldenSpy: Chapter Two – The Uninstaller 

On June 25, 2020 Trustwave SpiderLabs published research showing that the Intelligent Tax software, ...

The Golden Tax Department and the Emergence of GoldenSpy Malware

Trustwave SpiderLabs has discovered a new malware family, dubbed GoldenSpy, embedded in tax payment ...

Pillowmint: FIN7’s Monkey Thief

In this blog, we take an in-depth technical look at Pillowmint malware samples received from our ...

Copy-Paste Threat Actor in the Asia Pacific Region

Summary Australian Prime Minister Australian Prime Minister Scott Morrison announced today that ...

Cisco WebEx Memory for the Taking: CVE-2020-3347

Overview Due to the global pandemic of COVID-19, there’s been an explosion of video conferencing ...

TrickBot Disguised as COVID-19 Map

Cybercriminals are continuously exploiting the Coronavirus (COVID-19) pandemic. In our quest to ...

Patch Tuesday, June 2020

June's Patch Tuesday has crept upon us and while our minds may be elsewhere, the need to keep our ...

Compromising Android Applications with Intent Manipulation

As a mobile app tester, I have encountered numerous varied vulnerabilities. During one of my mobile ...

System Takeover Through New SAP ASE Vulnerabilities

For the last several years there have been relatively few security patches for SAP Adaptive Server ...

Securing SSH: What To Do and What Not To Do

An Uptick in Activity Over the last week we've seen the compromise of a number of supercomputers ...

Phishing in a Bucket: Utilizing Google Firebase Storage

Credential phishing is a real threat that's targeting organizations globally. Threat actors are ...