Trustwave's Action Response: Multiple Log4j Zero-Day Vulnerabilities
Updates: Dec. 29: Updated to cover three additional CVEs: CVE-2021-4104, CVE-2021-44832, and ...
Read MoreLaw Enforcement Collaboration Has Eastern-European Cybercriminals Questioning Whether There Is A Safe Haven Anymore
Through the active Dark Web research that Trustwave SpiderLabs conducts for its clients, we have ...
Read MoreModSecurity DoS Vulnerability in JSON Parsing (CVE-2021-42717)
ModSecurity is an open-source WAF engine maintained by Trustwave. This blog post discusses an issue ...
Read MoreCrypKey License Service Allows Privilege Escalation
Overview CrypKey (https://www.crypkey.com/) is a third-party licensing service for Windows that ...
Read MoreBlackByte Ransomware – Pt 2. Code Obfuscation Analysis
In Part 1 of our BlackByte ransomware analysis, we covered the execution flow of the first stage ...
Read MoreA Handshake with MySQL Bots
Edge Services It’s well known that we just don’t put services or devices on the edge of the ...
Read MoreMissing Critical Vulnerabilities Through Narrow Scoping
The typical process when scoping a penetration test is to get a list of targets from the client, ...
Read MoreHow Lack of Awareness and Clinging to the Past Threaten Your Networks
The security landscape is always changing. New features are coming out all the time, but often ...
Read MorePatch Tuesday, August 2021
Here we are in August and it's Patch Tuesday once more. It's another light month with only 9 CVEs ...
Read MoreSQL Injection in WordPress Plugins: ORDER and ORDER BY as Overlooked Injection Points
Trustwave SpiderLabs recently undertook a survey of some 100 popular WordPress plugins for possible ...
Read MoreTelegram Self-Destruct? Not Always
Summary Secret-Chats in Telegram use end-to-end encryption, which is meant for people who are ...
Read MoreCompromising a Network Using an "Info" Level Finding
Anyone who has ever read a vulnerability scan report will know that scanners often include a large ...
Read MoreVulnerability in ON24 Plugin for macOS Shares More Than Just Your Screen
ON24 presenter mode requires you to install a plugin that is used to share your screen. For the ...
Read MorePatch Tuesday, July 2021
We're a little over halfway through the year now as July's Patch Tuesday is released and it's been ...
Read MoreModSecurity v3 and URI Fragments
ModSecurity is an open-source WAF engine maintained by Trustwave. This blog post discusses an input ...
Read MoreDiving Deeper Into the Kaseya VSA Attack: REvil Returns and Other Hackers Are Riding Their Coattails
On, July 2nd, a massive ransomware attack was launched against roughly 60 managed services ...
Read MoreSolarwinds Serv-U 15.2.3 Share URL XSS (CVE-2021-32604)
Sometimes when pen-testing a large network you come across a few exposed web hosts running ...
Read MoreSolarwinds Serv-U 15.2.3 Share URL XSS (CVE-2021-32604)
Sometimes when pen-testing a large network you come across a few exposed web hosts running ...
Read MoreYet Another Archive Format Smuggling Malware
The use of novel disk image files to encapsulate malware distributed via spam has been a theme that ...
Read MoreThousands of Vulnerable VMWare vCenter Servers Still Publicly Exposed (CVE-2021-21985, CVE-2021-21986)
Background On May 25th, 2021, VMWare released patches to address VMSA-2021-0010, a critical ...
Read MorePatch Tuesday, June 2021
Summer is officially here and with it June's Patch Tuesday. This is a surprisingly light month with ...
Read MoreHuawei LTE USB Stick E3372: From File Overwrite to Code Execution
In today's world, more and more devices are connected to the Internet for on-the-go connectivity. ...
Read MoreWeb Applications and Internal Penetration Tests
Until recently, I really didn't care about web applications on an internal penetration test. ...
Read MoreCVE-2021-31166: RCE in Microsoft HTTP.sys
In the May 2021 Microsoft update, Microsoft patched an HTTP.sys vulnerability that has the ability ...
Read MoreExploitation of Sharepoint 2016: Simple Things Matter – Case Study
Sharepoint is generally used as an intranet site, to share news and other internal company ...
Read MorePatch Tuesday, May 2021
May's Patch Tuesday is upon us and probably the most surprising thing about the release is that ...
Read MorePingback: Backdoor At The End Of The ICMP Tunnel
Introduction In this post, we analyze a piece of malware that we encountered during a recent breach ...
Read More