Breakdown of Tycoon Phishing-as-a-Service System

Physical Address Strangeness in Spam

Ten years ago, Congress passed the "CAN-SPAM Act" (also known as theYou-CAN-SPAM Act, since it ...

Read More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising

During an Advanced Continual Threat Hunt (ACTH) investigation that took place in early December ...

Read More

Trustwave SpiderLabs Guide: Jailbreaking Apple iOS 17 and Above

PLEASE NOTE: Jailbreaking any phone has the potential to permanently damage your device. Even if ...

Read More

Trusted Domain, Hidden Danger: Deceptive URL Redirections in Email Phishing Attacks

In this ever-evolving landscape of cyberthreats, email has become a prime target for phishing ...

Read More

Spoofing 802.11 Wireless Beacon Management Frames with Manipulated Power Values Resulting in Denial of Service for Wireless Clients

This is another one of those blog posts from me about how I independently carried out some security ...

Read More

Trustwave SpiderLabs Detects Spike in Greatness Phishing Kit Attacks on Microsoft 365 Users

Trustwave SpiderLabs is tracking a spike in usage of the Greatness phishing kit to attack Microsoft ...

Read More

Apache ActiveMQ Vulnerability Leads to Stealthy Godzilla Webshell

Trustwave has observed a surge in attacks exploiting vulnerabilities in Apache ActiveMQ hosts. In ...

Read More

Beyond the Facade: Unraveling URL Redirection in Google Services

In the murky waters of cyber threats, one tactic has steadily gained wide adoption: URL redirection ...

Read More

Types of Social Engineering Attacks used to Gain Internal Network Access

Social engineering is a technique commonly used by adversaries to manipulate individuals or groups ...

Read More

(Response) Splitting Up Reverse Proxies To Reach Internal Only Paths

When I’m carrying out security research into a thing, I generally don’t like to Google prior ...

Read More

Trustwave Transfers ModSecurity Custodianship to the Open Worldwide Application Security Project (OWASP)

After serving as its steward for over a decade, Trustwave has agreed to transfer the reins of the ...

Read More

CVE-2023-50916: Authentication Coercion Vulnerability in Kyocera Device Manager

Overview of Authentication Coercion Vulnerability

Read More

Fueling Chaos: Hacker Group Grinds 70% of Iran's Gasoline System to a Halt

The Iranian government has made the claim that a cyber threat group, identified as Gonjeshke ...

Read More

Top 10 SpiderLabs Blog Posts of 2023

The Top 10 Trustwave SpiderLabs’ blogs in 2023 reflected the cybersecurity landscape impacting ...

Read More

Hunting for Android Privilege Escalation with a 32 Line Fuzzer

Trustwave SpiderLabs tested a couple of Android OS-based mobile devices to conduct the research on ...

Read More

Surfing the Tidal Waves of HR-Themed Spam Emails

Threat actors constantly improve their tactics and are always on the hunt for technical or social ...

Read More

Instagram Phishing Targets Backup Codes

Recently, we noticed another strain of Instagram “Copyright Infringement” phishing emails in our ...

Read More

Honeypot Recon: MySQL Malware Infection via User-Defined Functions (UDF)

In the vast world of cybersecurity, as technologies evolve, so do the methods attackers employ to ...

Read More

Trustwave SpiderLabs Report: LockBit 3.0 Ransomware Vs. the Manufacturing Sector

As the manufacturing sector continues its digital transformation, Operational Technology (OT), ...

Read More

Overview of the Cyberwarfare used in Israel – Hamas War

On October 7, 2023, the Palestinian organization Hamas launched the biggest attack on Israel in ...

Read More

The 2023 Retail Services Sector Threat Landscape: A Trustwave Threat Intelligence Briefing

The annual holiday shopping season is poised for a surge in spending, a fact well-known to ...

Read More

Pwning Electroencephalogram (EEG) Medical Devices by Default

Overall Analysis of Vulnerability Identification – Default Credentials Leading to Remote Code ...

Read More

Hidden Data Exfiltration Using Time, Literally

I was looking at my watch last week and my attention was moved towards the seconds over at the ...

Read More

Unveiling the CAPTCHA Escape: The Dance of CAPTCHA Evasion Using TOR

In this era, threat actors have proven to be tireless in their pursuit of exploiting ...

Read More

HTTP/2 Rapid Reset

A recent vulnerability tracked as Rapid Reset (CVE-2023-44487) in the HTTP/2 protocol was recently ...

Read More

2023 Financial Services Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies

Cyberattacks striking the financial services industry are more prevalent, dangerous, and hitting ...

Read More

Patch Tuesday, October 2023

Halloween is arriving and with it, Trustwave’s return to Patch Tuesday reports.

Read More