Zero Trust Essentials
This is Part 5 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The ...
Read MoreWhy We Should Probably Stop Visually Verifying Checksums
Hello there! Thanks for stopping by. Let me get straight into it and start things off with what a ...
Read MoreAgent Tesla's New Ride: The Rise of a Novel Loader
Malware loaders, critical for deploying malware, enable threat actors to deliver and execute ...
Read MoreEvaluating Your Security Posture: Security Assessment Basics
This is Part 4 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The ...
Read MoreTrustwave SpiderLabs: Artificial Intelligence Playing a Prime Role in BEC and Phishing Attacks
Criminals have historically been quick to embrace cutting-edge technology for their financial gain. ...
Read MoreThe Inevitable Threat: AI-Generated Email Attacks Delivered to Mailboxes
Generative AI exploded in popularity not too long ago but its influence on text and media creation ...
Read MoreCybersecurity Documentation Essentials
This is Part 3 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts.
Read MoreUkrainian Intelligence Claims Successful Compromise of the Russian Ministry of Defense
On March 4, 2024, the Telegram channel of the Main Directorate of Intelligence of the Ministry of ...
Read MoreCost Management Tips for Cyber Admins
As anyone who has filled out an expense report can tell you, cost management is everyone's ...
Read MoreResurgence of BlackCat Ransomware
Updated March 8: Based on our experience, we believe that BlackCat's claim of shutting down due to ...
Read MoreCloud Architecture, Frameworks and Benchmarks
At any point in your cloud security journey, you should consider practical architectures, ...
Read MoreHunting For Integer Overflows In Web Servers
Allow me to set the scene and start proceedings off with a definition of an integer overflow, ...
Read MoreWelcome to Adventures in Cybersecurity: The Defender Series
I’m happy to say I’m done chasing Microsoft certifications (AZ104/AZ500/SC100), and as a result, ...
Read MoreTrustwave SpiderLabs: Insights and Solutions to Defend Educational Institutions Against Cyber Threats
Security teams responsible for defending educational institutions at higher education and primary ...
Read MoreBreakdown of Tycoon Phishing-as-a-Service System
Just weeks after Trustwave SpiderLabs reported on the Greatness phishing-as-a-service (PaaS) ...
Read MoreTrustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising
During an Advanced Continual Threat Hunt (ACTH) investigation that took place in early December ...
Read MoreTrustwave SpiderLabs Guide: Jailbreaking Apple iOS 17 and Above
PLEASE NOTE: Jailbreaking any phone has the potential to permanently damage your device. Even if ...
Read MoreTrusted Domain, Hidden Danger: Deceptive URL Redirections in Email Phishing Attacks
In this ever-evolving landscape of cyberthreats, email has become a prime target for phishing ...
Read MoreSpoofing 802.11 Wireless Beacon Management Frames with Manipulated Power Values Resulting in Denial of Service for Wireless Clients
This is another one of those blog posts from me about how I independently carried out some security ...
Read MoreTrustwave SpiderLabs Detects Spike in Greatness Phishing Kit Attacks on Microsoft 365 Users
Trustwave SpiderLabs is tracking a spike in usage of the Greatness phishing kit to attack Microsoft ...
Read MoreApache ActiveMQ Vulnerability Leads to Stealthy Godzilla Webshell
Trustwave has observed a surge in attacks exploiting vulnerabilities in Apache ActiveMQ hosts. In ...
Read MoreBeyond the Facade: Unraveling URL Redirection in Google Services
In the murky waters of cyber threats, one tactic has steadily gained wide adoption: URL redirection ...
Read MoreTypes of Social Engineering Attacks used to Gain Internal Network Access
Social engineering is a technique commonly used by adversaries to manipulate individuals or groups ...
Read More(Response) Splitting Up Reverse Proxies To Reach Internal Only Paths
When I’m carrying out security research into a thing, I generally don’t like to Google prior ...
Read MoreTrustwave Transfers ModSecurity Custodianship to the Open Worldwide Application Security Project (OWASP)
After serving as its steward for over a decade, Trustwave has agreed to transfer the reins of the ...
Read MoreCVE-2023-50916: Authentication Coercion Vulnerability in Kyocera Device Manager
Overview of Authentication Coercion Vulnerability
Read MoreFueling Chaos: Hacker Group Grinds 70% of Iran's Gasoline System to a Halt
The Iranian government has made the claim that a cyber threat group, identified as Gonjeshke ...
Read MoreTop 10 SpiderLabs Blog Posts of 2023
The Top 10 Trustwave SpiderLabs’ blogs in 2023 reflected the cybersecurity landscape impacting ...
Read More