Trustwave SpiderLabs Detects Spike in Greatness Phishing Kit Attacks on Microsoft 365 Users
Trustwave SpiderLabs is tracking a spike in usage of the Greatness phishing kit to attack Microsoft ...
Read MoreApache ActiveMQ Vulnerability Leads to Stealthy Godzilla Webshell
Trustwave has observed a surge in attacks exploiting vulnerabilities in Apache ActiveMQ hosts. In ...
Read MoreBeyond the Facade: Unraveling URL Redirection in Google Services
In the murky waters of cyber threats, one tactic has steadily gained wide adoption: URL redirection ...
Read MoreTypes of Social Engineering Attacks used to Gain Internal Network Access
Social engineering is a technique commonly used by adversaries to manipulate individuals or groups ...
Read More(Response) Splitting Up Reverse Proxies To Reach Internal Only Paths
When I’m carrying out security research into a thing, I generally don’t like to Google prior ...
Read MoreTrustwave Transfers ModSecurity Custodianship to the Open Worldwide Application Security Project (OWASP)
After serving as its steward for over a decade, Trustwave has agreed to transfer the reins of the ...
Read MoreCVE-2023-50916: Authentication Coercion Vulnerability in Kyocera Device Manager
Overview of Authentication Coercion Vulnerability
Read MoreFueling Chaos: Hacker Group Grinds 70% of Iran's Gasoline System to a Halt
The Iranian government has made the claim that a cyber threat group, identified as Gonjeshke ...
Read MoreTop 10 SpiderLabs Blog Posts of 2023
The Top 10 Trustwave SpiderLabs’ blogs in 2023 reflected the cybersecurity landscape impacting ...
Read MoreHunting for Android Privilege Escalation with a 32 Line Fuzzer
Trustwave SpiderLabs tested a couple of Android OS-based mobile devices to conduct the research on ...
Read MoreSurfing the Tidal Waves of HR-Themed Spam Emails
Threat actors constantly improve their tactics and are always on the hunt for technical or social ...
Read MoreInstagram Phishing Targets Backup Codes
Recently, we noticed another strain of Instagram “Copyright Infringement” phishing emails in our ...
Read MoreHoneypot Recon: MySQL Malware Infection via User-Defined Functions (UDF)
In the vast world of cybersecurity, as technologies evolve, so do the methods attackers employ to ...
Read MoreTrustwave SpiderLabs Report: LockBit 3.0 Ransomware Vs. the Manufacturing Sector
As the manufacturing sector continues its digital transformation, Operational Technology (OT), ...
Read MoreOverview of the Cyberwarfare used in Israel – Hamas War
On October 7, 2023, the Palestinian organization Hamas launched the biggest attack on Israel in ...
Read MoreThe 2023 Retail Services Sector Threat Landscape: A Trustwave Threat Intelligence Briefing
The annual holiday shopping season is poised for a surge in spending, a fact well-known to ...
Read MorePwning Electroencephalogram (EEG) Medical Devices by Default
Overall Analysis of Vulnerability Identification – Default Credentials Leading to Remote Code ...
Read MoreHidden Data Exfiltration Using Time, Literally
I was looking at my watch last week and my attention was moved towards the seconds over at the ...
Read MoreUnveiling the CAPTCHA Escape: The Dance of CAPTCHA Evasion Using TOR
In this era, threat actors have proven to be tireless in their pursuit of exploiting ...
Read MoreHTTP/2 Rapid Reset
A recent vulnerability tracked as Rapid Reset (CVE-2023-44487) in the HTTP/2 protocol was recently ...
Read More2023 Financial Services Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies
Cyberattacks striking the financial services industry are more prevalent, dangerous, and hitting ...
Read MorePatch Tuesday, October 2023
Halloween is arriving and with it, Trustwave’s return to Patch Tuesday reports.
Read MoreAmazon (AWS) S3 Bucket Take Over
Let’s try something a bit different and take a look at some of Trustwave SpiderLabs’ Open Source ...
Read MoreMultiple Command and Control (C2) Frameworks During Red Team Engagements
When conducting Red Team engagements, more than one Command and Control (C2) framework would ...
Read MoreStealthy VBA Macro Embedded in PDF-like Header Helps Evade Detection
In the ever-evolving landscape of malware threats, threat actors are continually creating new ...
Read MoreTo OSINT and Beyond!
Open-Source Intelligence (OSINT) can be valuable for an organization and penetration testing ...
Read MoreTrustwave SpiderLabs Releases Actionable Cybersecurity Intelligence for the Hospitality Industry
The Trustwave SpiderLabs team conducted a multi-month investigation into the cyber threats facing ...
Read MoreA Bucket of Phish: Attackers Shift Tactics with Cloudflare R2 Public Buckets
In our previous blog, we found a lot of phishing and scam URLs abusing Cloudflare services using ...
Read More