Microsoft Internet Explorer Remote Code Execution 0-Day (CVE-2019-1367)

Microsoft released an out-of-band patch for a 0-day vulnerability in Internet Explorer yesterday. ...

Read More

Getting Started With Azure DevOps

Recently, I set out to find a simple solution to manage the building of all my offensive C# tools ...

Read More

Patch Tuesday, September 2019

For September 2019, Microsoft is releasing 78 CVEs. Of these CVEs, 17 are rated "Critical", 60 ...

Read More

Multiple Vulnerabilities in Comba and D-Link Routers

Overview There are five new credential leaking vulnerabilities discovered and disclosed by Simon ...

Read More

Lord EK: A New Exploit Kit with an Ambitious Name

After a bit of a lull in the world of exploit kits, a new exploit kit by the name of “Lord EK” has ...

Read More

Digging Deep into Magecart Malware Part II

Magecart is the name given to notorious groups of hackers that target online shopping carts, ...

Read More

Patch Tuesday, August 2019

The August Patch Tuesday is here ringing in patches for a massive 97 CVEs. Across those CVEs 31 are ...

Read More

Trustwave Wins the Threat Indicator Top Contributor Award from Microsoft

Over the years, cyber-attacks have become widespread and increasingly sophisticated. This has ...

Read More

AttackSurfaceMapper - Automate and Simplify the OSINT Process

[+] Introduction:

Read More

SanDisk SSD Dashboard Vulnerabilities: CVE-2019-13466 & CVE-2019-13467

While recently upgrading my laptop with a new Solid State Drive (SSD), I installed a management ...

Read More

Hiding PHP Code in Image Files Revisited

Over five years ago, we published a blog detailing how a webshell’s backdoor code was hidden in an ...

Read More

Breaking Smart [Bank] Statements

Context In Mexico, it’s possible to receive your monthly bank statement via email.

Read More

HQL Injection Exploitation in MySQL

Are you familiar with an HQL injection exploitation? Chances are you’re not. While you may assume ...

Read More

Hardcoded Credentials in Uniguest Kiosk Software Lead to API Compromise

If you've traveled at all within North America, you've likely at some point noticed or even used ...

Read More

“Sexfavor” Email Scam Delivers Danabot

Sextortion has been a widely used theme in spam campaigns since Q1 of 2018. From simple crafted ...

Read More

Patch Tuesday, July 2019

Patch Tuesday for July is here and after the massive release in June, the 77 patches issued this ...

Read More

Executing Code Using Microsoft Teams Updater

Red Teamers like to hunt for new methods of code execution through “legitimate” channels, and I’m ...

Read More

UNC Path Injection with Microsoft Access

Introduction Steve Borosh is a Principal Security Consultant for Trustwave and Trustwave Government ...

Read More

Patch Tuesday, June 2019

For June's Patch Tuesday, Microsoft is releasing four advisories and patches for a massive 88 CVEs, ...

Read More

Patch Tuesday, May 2019

May's Patch Tuesday is here and brings with it patches for 79 CVEs. Twenty-two of those CVEs are ...

Read More

Announcing the 2019 Trustwave Global Security Report

Today we released our 2019 Global Security Report. The report is based on the analysis of billions ...

Read More

Fake Power and Broadband Utility Bills serve Banking Trojans to Aussies

In our previous blog we highlighted how a group of scammers were targeting financial software ...

Read More

“Don’t Mine Me” – Coinhive

What's worse than annoying ads on a website? Crypto Miner on a website!

Read More

VAT Return with a Vengeance

Scam Overview Her Majesty's Revenue & Customs (HMRC) is the UK department responsible for ...

Read More

Locky Part 1: Lukitus Spam Campaigns and Their Love for Game of Thrones

Back in August 2017, Trustwave Spiderlabs reported a spam campaign that distributed a new Locky ...

Read More

Authenticated Arbitrary Command Execution on PostgreSQL 9.3 > Latest

EDIT (9.April.2019): We have applied for a retraction of CVE-2019-9193 previously associated with ...

Read More

Patch Tuesday, April 2019

Along with "Spring Showers" up here in the Northern Hemisphere, April also brings with it ...

Read More

Emotet lives another day using Fake O2 invoice notifications

We witnessed a widespread phishing campaign targeting O2 customers, that surfaced on 18th August, ...

Read More