OneNote Spear-Phishing Campaign

Trustwave SpiderLabs “noted” in Part 1 and Part 2 of our OneNote research that OneNote has been ...

Read More

A Noteworthy Threat: How Cybercriminals are Abusing OneNote – Part 1

Introduction Threat actors are taking advantage of Microsoft OneNote's ability to embed files and ...

Read More

A Noteworthy Threat: How Cybercriminals are Abusing OneNote – Part 2

In part one, we examined how threat actors abuse a OneNote document to install an infostealer. Part ...

Read More

Network Map NMAP Meets ChatGPT

We’ve now seen a number of different use cases for ChatGPT from marketing, sales, software ...

Read More

HTML Smuggling: The Hidden Threat in Your Inbox

Last October, Trustwave SpiderLabs blogged about the use and prevalence of HTML email attachments ...

Read More

Money Lover App Vulnerability Exposes Personal Info

An information disclosure vulnerability has been identified in Money Lover, a finance tracking ...

Read More

Vulnerability Causing Deletion of All Users in CrushFTP Admin Area

During a recent penetration test, Trustwave SpiderLabs researchers discovered a weak input ...

Read More

CVE-2022-43704 - Capture-Replay Vulnerability in Sinilink XY-WFT1 Thermostat

Trustwave SpiderLabs has found a vulnerability in the Sinilink XY-WFT1 Remote WiFi home Thermostat. ...

Read More

2022 Year in Review: Ransomware

With 2022 having just ended, let's take a look back at the year in ransomware. With the average ...

Read More

Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT

After Microsoft announced this year that macros from the Internet will be blocked by default in ...

Read More

ChatGPT: Emerging AI Threat Landscape

ChatGPT has been available to the public since November 30, 2022. Since then, it has made headlines ...

Read More

Trustwave Action Response: Zero-Day Vulnerability in Citrix ADC (CVE-2022-27518)

On Tuesday, December 13, a joint announcement from the United States NSA and Citrix announced a ...

Read More

Meta-Phish: Facebook Infrastructure Used in Phishing Attack Chain

Meta has two of the largest social media platforms today, Facebook and Instagram. These platforms ...

Read More

Trojanized OneNote Document Leads to Formbook Malware

Cybercriminals have long used Microsoft documents to pass along malware and they are always ...

Read More

Going Mobile: BEC Attacks Are Moving Beyond Email

Recently, we’ve noticed an increase in user reports of SMS-based Business Email Compromise (BEC) ...

Read More

Bypassing 2FA Authentication with Evilginx2

Due to the increasing number of cyberattacks, particularly zero days, organizations are scrambling ...

Read More

‘Tis the Season for Online Shopping and Phishing Scams

The 2022 holiday shopping season is here. Retailers’ discounts are kicking off early, and shoppers ...

Read More

Killnet Claims Attacks Against Starlink, Whitehouse.gov, and United Kingdom Websites

Pro-Russian threat actor group Killnet claims to have launched DDoS attacks against Starlink and ...

Read More

Evolution of the SOC – From the Dark Ages to Enlightenment, shifting to an agile threat informed cyber defense program

Evolution of the SOC – From the Dark Ages to Enlightenment, shifting to an agile threat informed ...

Read More

Automating RDS Security Via Boto3 (AWS API)

When it comes to security in AWS, there is the shared responsibility model for AWS services, which ...

Read More

Development of the Ukrainian Cyber Counter-Offensive

Overview Russia’s military incursion against Ukraine began on February 24, 2022, with a massive ...

Read More

Denial of Service and RCE in OpenSSL 3.0 (CVE-2022-3786 and CVE-2022-3602)

Overview On November 1 the OpenSSL Project released patches addressing the previously rated ...

Read More

Insta-Phish-A-Gram

Following Trustwave SpiderLabs’ blog on social media-themed phishing on Facebook, comes another ...

Read More

Archive Sidestepping Self-Unlocking Password-Protected RAR

Trustwave SpiderLabs’ spam traps have identified an increase in threats packaged in ...

Read More

ModSecurity Request Body Parsing: Recent Bypass Issues

Overview ModSecurity is an open-source web application firewall (WAF) engine maintained by ...

Read More

HTML File Attachments: Still A Threat

Introduction This past month, Trustwave SpiderLabs observed that HTML (Hypertext Markup Language) ...

Read More

Post-Exploitation Persistent Email Forwarder in Outlook Desktop

There is an exploitation method that can automatically forward emails CC’d to external addresses ...

Read More

Trustwave Action Response: Zero Day Vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019

Update Oct. 4: Microsoft released Security Update Guides for these two vulnerabilities.

Read More