Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Trustwave Action Response: Zero Day Exploitation of MOVEit (CVE-2023-34362)

On May 31, threat actors were discovered targeting a critical zero day in MOVEit Transfer software resulting in escalated privileges and unauthorized data access. The vulnerability being exploited is an SQL injection and has since been patched. Resources links, including one for the patch, are at the bottom of this post.

Analyzing the NTC Vulkan Leak: What it Says About Russia's Cyber Capabilities

Information disclosed in the leaked NTC Vulkan papers allows us to investigate the high probability of cooperation between the Russian private software development company and the Russian Ministry of Defense, namely, the GRU (Sandworm), and possibly others

When User Impersonation Features In Applications Go Bad

A user impersonation feature typically allows a privileged user, such as an administrator, but typically these days, support teams, to sign into an application as a specific user without needing to know the user’s password.

Rendezvous with a Chatbot: Chaining Contextual Risk Vulnerabilities

Ignoring the little stuff is never a good idea. Anyone who has pretended that the small noise their car engine is making is unimportant, only to later find themself stuck on the side of the road with a dead motor will understand this statement.

Why It’s Important to Change Default Credentials

Security best practice guidelines always call for changing default passwords as any password left on the factory preset is considered low hanging fruit, essentially just waiting to be abused by attackers to gain unauthorized access.

Dissecting Buffer Overflow Attacks in MongoDB

Towards the end of 2020, a new vulnerability in MongoDB was found and published. The vulnerability affected almost all versions of MongoDB, up to v4.5.0, but was discussed and patched appropriately.

CVE-2023-29383: Abusing Linux chfn to Misrepresent /etc/passwd

Two years ago, I picked out chfn as a candidate to be reviewed for security bugs. Why chfn I hear you ask? (Thanks for asking.) It is one of a small number of Set owner User ID (SUID) programs loaded with Linux which means it runs with the permissions of the ‘root’ user regardless of the user who executes it, for it needs to modify the /etc/passwd file to do its job.

Deobfuscating the Recent Emotet Epoch 4 Macro

This analysis is intended to help the cybersecurity community better understand the wider obfuscation and padding tricks Emotet is using.

2023 Tax Scam Emails Exposed: Unmasking Deceptive Trends

Tax season is a busy time of year for taxpayers and threat actors. Consumers and businesses focus on filing their taxes and getting excited over possible refunds, while cybercriminals roll out both their tried-and-true tax scams along with implementing new efforts.

Anonymous Sudan: Religious Hacktivists or Russian Front Group?

The Trustwave SpiderLabs research team has been tracking a new threat group calling itself Anonymous Sudan, which has carried out a series of Distributed Denial of Service (DDoS) attacks against Swedish, Dutch, Australian, and German organizations purportedly in retaliation for anti-Muslim activity that had taken place in those countries.

ChatGPT: The Right Tool for the Job?

OpenAI’s large language model chatbot is intriguing for a variety of reasons, not the least of which is the manner in which it responds to human users.

OneNote Spear-Phishing Campaign

While the malware payload can change, the techniques have generally been the same. The recent uptrend of the OneNote spear phishing campaign that SpiderLabs has observed since December 2022 has led us to additional investigations on this threat.

A Noteworthy Threat: How Cybercriminals are Abusing OneNote – Part 1

Threat actors are taking advantage of Microsoft OneNote's ability to embed files and use social engineering techniques, such as phishing emails and lures inside the OneNote document, to get unsuspecting users to download and open malicious files.

A Noteworthy Threat: How Cybercriminals are Abusing OneNote – Part 2

We examined how threat actors abuse a OneNote document to install an infostealer. Part 2 of this series discusses an AsyncRAT infection chain while detailing important parts of the code. We’ll also quickly analyze other notable malware strains such as Qakbot and RemcosRAT.

Stay Connected


Sign up to receive the latest security news and trends from Trustwave.

No spam, unsubscribe at any time.

Trending Topics