Lord EK: A New Exploit Kit with an Ambitious Name
After a bit of a lull in the world of exploit kits, a new exploit kit by the name of “Lord EK” has ...
Read More
Digging Deep into Magecart Malware Part II
Magecart is the name given to notorious groups of hackers that target online shopping carts, ...
Read MorePatch Tuesday, August 2019
The August Patch Tuesday is here ringing in patches for a massive 97 CVEs. Across those CVEs 31 are ...
Read MoreTrustwave Wins the Threat Indicator Top Contributor Award from Microsoft
Over the years, cyber-attacks have become widespread and increasingly sophisticated. This has ...
Read MoreSanDisk SSD Dashboard Vulnerabilities: CVE-2019-13466 & CVE-2019-13467
While recently upgrading my laptop with a new Solid State Drive (SSD), I installed a management ...
Read MoreHiding PHP Code in Image Files Revisited
Over five years ago, we published a blog detailing how a webshell’s backdoor code was hidden in an ...
Read MoreBreaking Smart [Bank] Statements
Context In Mexico, it’s possible to receive your monthly bank statement via email.
Read MoreHQL Injection Exploitation in MySQL
Are you familiar with an HQL injection exploitation? Chances are you’re not. While you may assume ...
Read MoreHardcoded Credentials in Uniguest Kiosk Software Lead to API Compromise
If you've traveled at all within North America, you've likely at some point noticed or even used ...
Read More“Sexfavor” Email Scam Delivers Danabot
Sextortion has been a widely used theme in spam campaigns since Q1 of 2018. From simple crafted ...
Read MorePatch Tuesday, July 2019
Patch Tuesday for July is here and after the massive release in June, the 77 patches issued this ...
Read MoreExecuting Code Using Microsoft Teams Updater
Red Teamers like to hunt for new methods of code execution through “legitimate” channels, and I’m ...
Read MoreUNC Path Injection with Microsoft Access
Introduction Steve Borosh is a Principal Security Consultant for Trustwave and Trustwave Government ...
Read MorePatch Tuesday, June 2019
For June's Patch Tuesday, Microsoft is releasing four advisories and patches for a massive 88 CVEs, ...
Read MorePatch Tuesday, May 2019
May's Patch Tuesday is here and brings with it patches for 79 CVEs. Twenty-two of those CVEs are ...
Read MoreAnnouncing the 2019 Trustwave Global Security Report
Today we released our 2019 Global Security Report. The report is based on the analysis of billions ...
Read MoreFake Power and Broadband Utility Bills serve Banking Trojans to Aussies
In our previous blog we highlighted how a group of scammers were targeting financial software ...
Read More“Don’t Mine Me” – Coinhive
What's worse than annoying ads on a website? Crypto Miner on a website!
Read MoreVAT Return with a Vengeance
Scam Overview Her Majesty's Revenue & Customs (HMRC) is the UK department responsible for ...
Read MoreLocky Part 1: Lukitus Spam Campaigns and Their Love for Game of Thrones
Back in August 2017, Trustwave Spiderlabs reported a spam campaign that distributed a new Locky ...
Read MoreAuthenticated Arbitrary Command Execution on PostgreSQL 9.3 > Latest
EDIT (9.April.2019): We have applied for a retraction of CVE-2019-9193 previously associated with ...
Read MorePatch Tuesday, April 2019
Along with "Spring Showers" up here in the Northern Hemisphere, April also brings with it ...
Read MoreEmotet lives another day using Fake O2 invoice notifications
We witnessed a widespread phishing campaign targeting O2 customers, that surfaced on 18th August, ...
Read MoreFake CIA Sextortion Scam Uses SatoshiBox
Another round of sextortion scam emails with a pdf attachment were pushed out recently claiming to ...
Read MoreCVE-2018-19386: Reflected XSS in SolarWinds Database Performance Analyzer
Just a short post from me today, bringing you a pretty simple Cross-Site Scripting (XSS) issue. In ...
Read MoreBEC Payroll Scam: Your Salary is Mine!
Con men have been exploiting human psychology since the dawn of time. Equipped with the ...
Read More