Dissecting a Phishing Campaign with a Captcha-based URL
In today’s environment, much of the population are doing their banking or financial transactions ...
Read MoreThe Attack of the Chameleon Phishing Page
Recently, we encountered an interesting phishing webpage that caught our interest because it acts ...
Read MoreA Simple Guide to Getting CVEs Published
We were once newcomers to the security research field and one of the most annoying problems we ran ...
Read MoreBypassing MFA: A Pentest Case Study
When a company implements multifactor authentication, the organization is usually confident that ...
Read MoreDark Web Insights: Evolving Cyber Tactics Aim to Impact the Russia-Ukraine Conflict
Update: March 9: Additional phishing emails have been sighted by Trustwave SpiderLabs researchers ...
Read MoreTrustwave’s Action Response: Russia-Ukraine Crisis – Defending Your Organization From Geopolitical Cybersecurity Threats
Feb. 28 Update: The latest economic sanctions imposed upon Russia could inspire that nation or ...
Read MoreFrom Stored XSS to Code Execution using SocEng, BeEF and elFinder CVE-2021-45919
Summary A stored cross-site scripting vulnerability, tracked as CVE-2021-45919, was identified in ...
Read MoreServiceNow - Username Enumeration Vulnerability (CVE-2021-45901)
During a recent engagement Trustwave SpiderLabs discovered a vulnerability (CVE-2021-45901) within ...
Read MoreCVE-2020-0696 - Microsoft Outlook Security Feature Bypass Vulnerability
Summary: During an investigation of a malware campaign, I discovered that multiple emails were ...
Read MoreTrustwave Action Response: Polkit Privilege Escalation Vulnerability - PwnKit (CVE-2021-4034)
Summary of Trustwave Actions (updated 1/26/2022): Trustwave security and engineering teams became ...
Read MoreTrustwave Threat Hunting Guide: Identifying PwnKit (CVE-2021-4034) Exploitation
The Trustwave Threat Hunting team has authored a practical guide to help the cybersecurity ...
Read MoreDark Web Recon: Cybercriminals Fear More Law Enforcement Action in the Wake of the REvil Takedown
In the wake of the takedown of the REvil/Sodinokibi ransomware gang by the Russian Federal Security ...
Read MoreDecrypting Qakbot’s Encrypted Registry Keys
Since the return of the Qakbot Trojan in early September 2021, especially through SquirrelWaffle ...
Read MoreCOVID-19 Phishing Lure to Steal and Mine Cryptocurrency
Recently, we observed a malware spam campaign leveraging the current COVID-19 situation. The emails ...
Read MoreTrustwave's Action Response: Multiple Log4j Zero-Day Vulnerabilities
Updates: Dec. 29: Updated to cover three additional CVEs: CVE-2021-4104, CVE-2021-44832, and ...
Read MoreLaw Enforcement Collaboration Has Eastern-European Cybercriminals Questioning Whether There Is A Safe Haven Anymore
Through the active Dark Web research that Trustwave SpiderLabs conducts for its clients, we have ...
Read MoreModSecurity DoS Vulnerability in JSON Parsing (CVE-2021-42717)
ModSecurity is an open-source WAF engine maintained by Trustwave. This blog post discusses an issue ...
Read MoreCrypKey License Service Allows Privilege Escalation
Overview CrypKey (https://www.crypkey.com/) is a third-party licensing service for Windows that ...
Read MoreBlackByte Ransomware – Pt 2. Code Obfuscation Analysis
In Part 1 of our BlackByte ransomware analysis, we covered the execution flow of the first stage ...
Read MoreA Handshake with MySQL Bots
Edge Services It’s well known that we just don’t put services or devices on the edge of the ...
Read MoreMissing Critical Vulnerabilities Through Narrow Scoping
The typical process when scoping a penetration test is to get a list of targets from the client, ...
Read MoreHow Lack of Awareness and Clinging to the Past Threaten Your Networks
The security landscape is always changing. New features are coming out all the time, but often ...
Read MorePatch Tuesday, August 2021
Here we are in August and it's Patch Tuesday once more. It's another light month with only 9 CVEs ...
Read MoreSQL Injection in WordPress Plugins: ORDER and ORDER BY as Overlooked Injection Points
Trustwave SpiderLabs recently undertook a survey of some 100 popular WordPress plugins for possible ...
Read MoreTelegram Self-Destruct? Not Always
Summary Secret-Chats in Telegram use end-to-end encryption, which is meant for people who are ...
Read MoreCompromising a Network Using an "Info" Level Finding
Anyone who has ever read a vulnerability scan report will know that scanners often include a large ...
Read MoreVulnerability in ON24 Plugin for macOS Shares More Than Just Your Screen
ON24 presenter mode requires you to install a plugin that is used to share your screen. For the ...
Read More