Overview of the Cyberwarfare used in Israel – Hamas War
On October 7, 2023, the Palestinian organization Hamas launched the biggest attack on Israel in ...
Read More
The 2023 Retail Services Sector Threat Landscape: A Trustwave Threat Intelligence Briefing
The annual holiday shopping season is poised for a surge in spending, a fact well-known to ...
Read MorePwning Electroencephalogram (EEG) Medical Devices by Default
Overall Analysis of Vulnerability Identification – Default Credentials Leading to Remote Code ...
Read MoreHidden Data Exfiltration Using Time, Literally
I was looking at my watch last week and my attention was moved towards the seconds over at the ...
Read MoreUnveiling the CAPTCHA Escape: The Dance of CAPTCHA Evasion Using TOR
In this era, threat actors have proven to be tireless in their pursuit of exploiting ...
Read MoreHTTP/2 Rapid Reset
A recent vulnerability tracked as Rapid Reset (CVE-2023-44487) in the HTTP/2 protocol was recently ...
Read More2023 Financial Services Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies
Cyberattacks striking the financial services industry are more prevalent, dangerous, and hitting ...
Read MorePatch Tuesday, October 2023
Halloween is arriving and with it, Trustwave’s return to Patch Tuesday reports.
Read MoreAmazon (AWS) S3 Bucket Take Over
Let’s try something a bit different and take a look at some of Trustwave SpiderLabs’ Open Source ...
Read MoreMultiple Command and Control (C2) Frameworks During Red Team Engagements
When conducting Red Team engagements, more than one Command and Control (C2) framework would ...
Read MoreStealthy VBA Macro Embedded in PDF-like Header Helps Evade Detection
In the ever-evolving landscape of malware threats, threat actors are continually creating new ...
Read MoreTo OSINT and Beyond!
Open-Source Intelligence (OSINT) can be valuable for an organization and penetration testing ...
Read MoreTrustwave SpiderLabs Releases Actionable Cybersecurity Intelligence for the Hospitality Industry
The Trustwave SpiderLabs team conducted a multi-month investigation into the cyber threats facing ...
Read MoreA Bucket of Phish: Attackers Shift Tactics with Cloudflare R2 Public Buckets
In our previous blog, we found a lot of phishing and scam URLs abusing Cloudflare services using ...
Read MoreThreat-Loaded: Malicious PDFs Never Go Out of Style
Introduction In the realm of cybersecurity, danger hides where we least expect it and threats ...
Read MoreThe Evolution of Persistent Threats: From Chernobyl to BlackLotus
In this blog post, we will explore how the computer security landscape has expanded to reach below ...
Read MoreThink Before You Scan: The Rise of QR Codes in Phishing
QR Codes, the square images that contain coded information that can be scanned by a smartphone, are ...
Read MoreBehind the Invite: The Rise of Google Group Fake Order Fraud Emails
As the world shifted into remote work and distant learning during the pandemic lockdown, e-commerce ...
Read MoreBEC Trends: Payroll Diversion Dominates and Sneaky Multi-Persona Attacks Emerge
Business Email Compromise (BEC) remains a lucrative threat vector for attackers. The FBI’s IC3 ...
Read MoreGootloader: Why your Legal Document Search May End in Misery
Introduction Recently, we’ve seen a noticeable surge in malware cases linked to a malicious payload ...
Read MoreWormGPT and FraudGPT – The Rise of Malicious LLMs
As technology continues to evolve, there is a growing concern about the potential for large ...
Read MoreNew Rilide Stealer Version Targets Banking Data and Works Around Google Chrome Manifest V3
Trustwave SpiderLabs discovered a new version of the Rilide Stealer extension targeting ...
Read MoreHoneypot Recon: New Variant of SkidMap Targeting Redis
Intro Since Redis is becoming increasingly popular around the world, we decided to investigate ...
Read MoreHealthcare Threat Landscape 2022-2023: Common TTPs Used by Top Ransomware Groups Targeting the Healthcare Sector
The healthcare sector has been under constant threat from cybercriminals due to the sensitive ...
Read MoreModSecurity v3: DoS Vulnerability in Four Transformations (CVE-2023-38285)
ModSecurity is an open-source Web Application Firewall (WAF) engine maintained by Trustwave. This ...
Read MoreCybersecurity in the Healthcare Industry: Trustwave SpiderLabs Report
In their latest report titled "Cybersecurity in the Healthcare Industry: Actionable Intelligence ...
Read MoreIt’s Raining Phish and Scams – How Cloudflare Pages.dev and Workers.dev Domains Get Abused
As they say, when it rains, it pours. Recently, we observed more than 3,000 phishing emails ...
Read MoreHoneypot Recon: Enterprise Applications Honeypot - Unveiling Findings from Six Worldwide Locations
To obtain a better perspective of attacks worldwide, Trustwave has implemented a network of ...
Read More