Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

CVE-2022-43704 - Capture-Replay Vulnerability in Sinilink XY-WFT1 Thermostat

Trustwave SpiderLabs has found a vulnerability in the Sinilink XY-WFT1 Remote WiFi home Thermostat. When running firmware V1.3.6, it allows an attacker to replay the same data or similar data, possibly allowing an attacker to control the device attached to the relay without requiring authentication.

2022 Year in Review: Ransomware

With 2022 having just ended, let's take a look back at the year in ransomware. With the average cost of an attack ranging from $570,00 to $812,360 for just the ransom, according to Cloudally, it should be no surprise that it continued to be one of the most prominent attacks utilized by malicious groups. We'll be doing a quick overview of a few of the most active groups within the space over the past year, and any developments that those groups have made in the past 12 months.

Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT

After Microsoft announced this year that macros from the Internet will be blocked by default in Office , many threat actors have switched to different file types such as Windows Shortcut (LNK), ISO or ZIP files, to distribute their malware.

ChatGPT: Emerging AI Threat Landscape

ChatGPT has been available to the public since November 30, 2022. Since then, it has made headlines – from being temporarily banned from Stack Overflow because...

Meta-Phish: Facebook Infrastructure Used in Phishing Attack Chain

Meta has two of the largest social media platforms today, Facebook and Instagram. These platforms became the modern gateway for people not just to socialize and eavesdrop on the lives of famous personalities, but more importantly, to stay connected with their friends and loved ones.

Going Mobile: BEC Attacks Are Moving Beyond Email

Recently, we’ve noticed an increase in user reports of SMS-based Business Email Compromise (BEC) messages. This seems to be part of a wider trend as phishing scams via text messages surge.

Trojanized OneNote Document Leads to Formbook Malware

Cybercriminals have long used Microsoft documents to pass along malware and they are always experimenting with new ways to deliver malicious packages. As defenders, Trustwave SpiderLabs’ researchers are always looking out for new or unusual file types, and through this ongoing research, we uncovered threat actors using a OneNote document to move Formbook malware, an information stealing trojan sold on an underground hacking forum since mid-2016 as malware-as-a-service. Formbook malware can steal data from various web browsers and from other applications. This malware also has keylogging functionality and can take screenshots.

‘Tis the Season for Online Shopping and Phishing Scams

The 2022 holiday shopping season is here. Retailers’ discounts are kicking off early, and shoppers are eager to spend, especially with big price markdowns to come as the season progresses. And with the COVID-19 pandemic still a concern to shoppers, more people are expected to shop online this season.

Bypassing 2FA Authentication with Evilginx2

Due to the increasing number of cyberattacks, particularly zero days, organizations are scrambling to obtain the best security services available. While even the smallest organization might feel that implementing Two-Factor Authentication (2FA) will keep its data secure, a targeted attack from a nefarious threat actor could lure an employee into clicking and opening a malicious document.

Automating RDS Security Via Boto3 (AWS API)

When it comes to security in AWS, there is the shared responsibility model for AWS services, which is divided into AWS responsibility ‘security of the cloud’ and customer responsibility ‘security in the cloud’. For more detail on this please check the shared-responsibility-model.

Development of the Ukrainian Cyber Counter-Offensive

Russia’s military incursion against Ukraine began on February 24, 2022, with a massive ground attack supported by several cyber incidents. This activity set the stage for what would become an active hybrid war fought in two domains: cyber and ground warfare.


Following Trustwave SpiderLabs’ blog on social media-themed phishing on Facebook, comes another flavor of ‘infringement’ phishing. In this case, the targets, still under the umbrella of Meta, are Instagram users.

Archive Sidestepping: Self-Unlocking Password-Protected RAR

Trustwave SpiderLabs’ spam traps have identified an increase in threats packaged in password-protected archives with about 96% of these being spammed by the Emotet Botnet. In the first half of 2022, we identified password-protected ZIP files as the third most popular archive format used by cybercriminals to conceal malware.

ModSecurity Request Body Parsing: Recent Bypass Issues

ModSecurity is an open-source web application firewall (WAF) engine maintained by Trustwave. This blog post discusses multiple input interpretation weaknesses in the ModSecurity project. Each input interpretation weakness could allow a malicious actor to evade some ModSecurity rules.

HTML File Attachments: Still A Threat

This past month, Trustwave SpiderLabs observed that HTML (Hypertext Markup Language) file attachments had become a common occurrence in our spam traps, which is not unusual since malware is often delivered through Phishing spam. For the past 30 days, SpiderLabs has found the combination of .HTML (11.39%) and .HTM (2.7%) files are our second most spammed file attachment, totalling 14.09%, followed by .EXE files at 12.84%.

Stay Connected


Sign up to receive the latest security news and trends from Trustwave.

No spam, unsubscribe at any time.

Trending Topics