Loading...
Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

OneNote Spear-Phishing Campaign

While the malware payload can change, the techniques have generally been the same. The recent uptrend of the OneNote spear phishing campaign that SpiderLabs has observed since December 2022 has led us to additional investigations on this threat.

A Noteworthy Threat: How Cybercriminals are Abusing OneNote – Part 1

Threat actors are taking advantage of Microsoft OneNote's ability to embed files and use social engineering techniques, such as phishing emails and lures inside the OneNote document, to get unsuspecting users to download and open malicious files.

A Noteworthy Threat: How Cybercriminals are Abusing OneNote – Part 2

We examined how threat actors abuse a OneNote document to install an infostealer. Part 2 of this series discusses an AsyncRAT infection chain while detailing important parts of the code. We’ll also quickly analyze other notable malware strains such as Qakbot and RemcosRAT.

Network Map NMAP Meets ChatGPT

We’ve now seen a number of different use cases for ChatGPT from marketing, sales, software development and others including from the security field. This platform continues to dominate most of the headlines and impress based on how it’s able to handle questions and topics from various backgrounds.

HTML Smuggling: The Hidden Threat in Your Inbox

Last October, Trustwave SpiderLabs blogged about the use and prevalence of HTML email attachments to deliver malware and phishing for credentials.

Money Lover App Vulnerability Exposes Personal Info

An information disclosure vulnerability has been identified in Money Lover, a finance tracking application created by Finsify and available on Android, iOS, Microsoft Store, with a web interface.

CVE-2022-43704 - Capture-Replay Vulnerability in Sinilink XY-WFT1 Thermostat

Trustwave SpiderLabs has found a vulnerability in the Sinilink XY-WFT1 Remote WiFi home Thermostat. When running firmware V1.3.6, it allows an attacker to replay the same data or similar data, possibly allowing an attacker to control the device attached to the relay without requiring authentication.

2022 Year in Review: Ransomware

With 2022 having just ended, let's take a look back at the year in ransomware. With the average cost of an attack ranging from $570,00 to $812,360 for just the ransom, according to Cloudally, it should be no surprise that it continued to be one of the most prominent attacks utilized by malicious groups. We'll be doing a quick overview of a few of the most active groups within the space over the past year, and any developments that those groups have made in the past 12 months.

Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT

After Microsoft announced this year that macros from the Internet will be blocked by default in Office , many threat actors have switched to different file types such as Windows Shortcut (LNK), ISO or ZIP files, to distribute their malware.

ChatGPT: Emerging AI Threat Landscape

ChatGPT has been available to the public since November 30, 2022. Since then, it has made headlines – from being temporarily banned from Stack Overflow because...

Meta-Phish: Facebook Infrastructure Used in Phishing Attack Chain

Meta has two of the largest social media platforms today, Facebook and Instagram. These platforms became the modern gateway for people not just to socialize and eavesdrop on the lives of famous personalities, but more importantly, to stay connected with their friends and loved ones.

Going Mobile: BEC Attacks Are Moving Beyond Email

Recently, we’ve noticed an increase in user reports of SMS-based Business Email Compromise (BEC) messages. This seems to be part of a wider trend as phishing scams via text messages surge.

Trojanized OneNote Document Leads to Formbook Malware

Cybercriminals have long used Microsoft documents to pass along malware and they are always experimenting with new ways to deliver malicious packages. As defenders, Trustwave SpiderLabs’ researchers are always looking out for new or unusual file types, and through this ongoing research, we uncovered threat actors using a OneNote document to move Formbook malware, an information stealing trojan sold on an underground hacking forum since mid-2016 as malware-as-a-service. Formbook malware can steal data from various web browsers and from other applications. This malware also has keylogging functionality and can take screenshots.

‘Tis the Season for Online Shopping and Phishing Scams

The 2022 holiday shopping season is here. Retailers’ discounts are kicking off early, and shoppers are eager to spend, especially with big price markdowns to come as the season progresses. And with the COVID-19 pandemic still a concern to shoppers, more people are expected to shop online this season.

Bypassing 2FA Authentication with Evilginx2

Due to the increasing number of cyberattacks, particularly zero days, organizations are scrambling to obtain the best security services available. While even the smallest organization might feel that implementing Two-Factor Authentication (2FA) will keep its data secure, a targeted attack from a nefarious threat actor could lure an employee into clicking and opening a malicious document.

Automating RDS Security Via Boto3 (AWS API)

When it comes to security in AWS, there is the shared responsibility model for AWS services, which is divided into AWS responsibility ‘security of the cloud’ and customer responsibility ‘security in the cloud’. For more detail on this please check the shared-responsibility-model.

Stay Connected


Subscribe

Sign up to receive the latest security news and trends from Trustwave.

No spam, unsubscribe at any time.


Trending Topics