(Response) Splitting Up Reverse Proxies To Reach Internal Only Paths

When I’m carrying out security research into a thing, I generally don’t like to Google prior ...

Read More

Trustwave Transfers ModSecurity Custodianship to the Open Worldwide Application Security Project (OWASP)

After serving as its steward for over a decade, Trustwave has agreed to transfer the reins of the ...

Read More

CVE-2023-50916: Authentication Coercion Vulnerability in Kyocera Device Manager

Overview of Authentication Coercion Vulnerability

Read More

Fueling Chaos: Hacker Group Grinds 70% of Iran's Gasoline System to a Halt

The Iranian government has made the claim that a cyber threat group, identified as Gonjeshke ...

Read More

Top 10 SpiderLabs Blog Posts of 2023

The Top 10 Trustwave SpiderLabs’ blogs in 2023 reflected the cybersecurity landscape impacting ...

Read More

Hunting for Android Privilege Escalation with a 32 Line Fuzzer

Trustwave SpiderLabs tested a couple of Android OS-based mobile devices to conduct the research on ...

Read More

Surfing the Tidal Waves of HR-Themed Spam Emails

Threat actors constantly improve their tactics and are always on the hunt for technical or social ...

Read More

Instagram Phishing Targets Backup Codes

Recently, we noticed another strain of Instagram “Copyright Infringement” phishing emails in our ...

Read More

Honeypot Recon: MySQL Malware Infection via User-Defined Functions (UDF)

In the vast world of cybersecurity, as technologies evolve, so do the methods attackers employ to ...

Read More

Trustwave SpiderLabs Report: LockBit 3.0 Ransomware Vs. the Manufacturing Sector

As the manufacturing sector continues its digital transformation, Operational Technology (OT), ...

Read More

Overview of the Cyberwarfare used in Israel – Hamas War

On October 7, 2023, the Palestinian organization Hamas launched the biggest attack on Israel in ...

Read More

The 2023 Retail Services Sector Threat Landscape: A Trustwave Threat Intelligence Briefing

The annual holiday shopping season is poised for a surge in spending, a fact well-known to ...

Read More

Pwning Electroencephalogram (EEG) Medical Devices by Default

Overall Analysis of Vulnerability Identification – Default Credentials Leading to Remote Code ...

Read More

Hidden Data Exfiltration Using Time, Literally

I was looking at my watch last week and my attention was moved towards the seconds over at the ...

Read More

Unveiling the CAPTCHA Escape: The Dance of CAPTCHA Evasion Using TOR

In this era, threat actors have proven to be tireless in their pursuit of exploiting ...

Read More

HTTP/2 Rapid Reset

A recent vulnerability tracked as Rapid Reset (CVE-2023-44487) in the HTTP/2 protocol was recently ...

Read More

2023 Financial Services Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies

Cyberattacks striking the financial services industry are more prevalent, dangerous, and hitting ...

Read More

Patch Tuesday, October 2023

Halloween is arriving and with it, Trustwave’s return to Patch Tuesday reports.

Read More

Amazon (AWS) S3 Bucket Take Over

Let’s try something a bit different and take a look at some of Trustwave SpiderLabs’ Open Source ...

Read More

Multiple Command and Control (C2) Frameworks During Red Team Engagements

When conducting Red Team engagements, more than one Command and Control (C2) framework would ...

Read More

Stealthy VBA Macro Embedded in PDF-like Header Helps Evade Detection

In the ever-evolving landscape of malware threats, threat actors are continually creating new ...

Read More

To OSINT and Beyond!

Open-Source Intelligence (OSINT) can be valuable for an organization and penetration testing ...

Read More

Trustwave SpiderLabs Releases Actionable Cybersecurity Intelligence for the Hospitality Industry

The Trustwave SpiderLabs team conducted a multi-month investigation into the cyber threats facing ...

Read More

A Bucket of Phish: Attackers Shift Tactics with Cloudflare R2 Public Buckets

In our previous blog, we found a lot of phishing and scam URLs abusing Cloudflare services using ...

Read More

Threat-Loaded: Malicious PDFs Never Go Out of Style

Introduction In the realm of cybersecurity, danger hides where we least expect it and threats ...

Read More

The Evolution of Persistent Threats: From Chernobyl to BlackLotus

In this blog post, we will explore how the computer security landscape has expanded to reach below ...

Read More

Think Before You Scan: The Rise of QR Codes in Phishing

QR Codes, the square images that contain coded information that can be scanned by a smartphone, are ...

Read More

Behind the Invite: The Rise of Google Group Fake Order Fraud Emails

As the world shifted into remote work and distant learning during the pandemic lockdown, e-commerce ...

Read More