Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

The Importance of White-Box Testing: A Dive into CVE-2022-21662

When CVE-2022-21662 (https://nvd.nist.gov/vuln/detail/CVE-2022-21662) came out there wasn’t a much-published material regarding this vulnerability. I want to take some time to explain the importance of using a white-box approach when testing applications for vulnerabilities.

ModBus 101: One Protocol to Rule the OT World

This post will look to illuminate how one tiny legacy protocol, namely "ModBus" could help to understand just how straight forward this could be.

Not all "Internet Connections" are Equal

People commonly think that any “Internet Connection” is exactly the same, or they may be vaguely aware that some connections are faster than others. However, there are significant differences between the connections. While these differences may not matter to someone who just wants to browse websites and read email, they can be significant or even showstoppers for more advanced users or cybersecurity teams remotely conducting vulnerability and security scan s. This is especially true for anyone looking to do security testing or vulnerability scanning.

Trustwave's Action Response: Atlassian Confluence CVE-2022-26134

Trustwave SpiderLabs is tracking the critical-rated zero-day vulnerability CVE-2022-26134. Threat actors are reported to be actively exploiting this vulnerability in the wild. Atlassian disclosed and issued guidance for CVE-2022-26134 on June 2.

Grandoreiro Banking Malware Resurfaces for Tax Season

Trustwave SpiderLabs in early April observed a Grandoreiro malware campaign targeting bank users from Brazil, Spain, and Mexico. The campaign exploits the tax season in target countries by sending out tax-themed phishing emails.

Interactive Phishing: Using Chatbot-like Web Applications to Harvest Information

The Trustwave SpiderLabs Email Security team identified a phishing campaign pretending to be a missed package from DHL. What’s interesting about this campaign is that clicking on the link leads to a chatbot that discusses the missed package, provides pictures of it, and guides the potential victim through providing their credit card information and user credentials.

PwnFox - An IDOR Hunter's Best Friend

So, what is PwnFox? To put it simply, it’s a BurpPro extension that works with Firefox. It accomplishes two things. First, it helps containerize up to eight (yes, that’s right… eight!) different sessions within one browser and secondly, it organizes all your proxied traffic in Burp BY COLOR!

Trustwave’s Action Response: F5 BIG-IP Vulnerability (CVE-2022-1388)

Trustwave SpiderLabs is tracking a new critical-rated vulnerability (CVE-2022-1388) affecting F5 BIG-IP network devices. Threat actors are reported to be actively exploiting this vulnerability in the wild. F5 disclosed and issued a patch for CVE-2022-1388 on May 4.

Tough Times for Ukrainian Honeypot?

Hackers - both bad and good, government related or private groups - have their hands full every day as never before and compounding the situation is the Russia-Ukraine (UA) war which has sparked a cyber storm.

Trustwave’s Action Response: CVE-2022-22965 and CVE-2022-22963

Trustwave security and engineering teams are actively investigating the vulnerabilities CVE-2022-22965 (also referenced by other vendors at Spring4Shell / SpringShell) and CVE-2022-22963 and potential exploits. We are diligently watching over our clients for exposure and associated attacks and are taking action with approved mitigation efforts.

Cyber Attackers Leverage Russia-Ukraine Conflict in Multiple Spam Campaigns

The Trustwave SpiderLabs email security team has been monitoring the ongoing Russia-Ukraine crisis to ensure that our clients are protected and aware of any imminent threats. This research blog captures some of the phishing email threats we have discovered.

Vidar Malware Launcher Concealed in Help File

Appending a malicious file to an unsuspecting file format is one of the tricks our adversaries use to evade detection. Recently, we came across an interesting email campaign employing this technique to deliver the info stealer Vidar malware.

Dissecting a Phishing Campaign with a Captcha-based URL

In today’s environment, much of the population are doing their bank or financial transactions online and online banking or wire transfers have become a huge necessity. Recently, we received a phishing email that is targeting PayPal accounts.

The Attack of the Chameleon Phishing Page

Recently, we encountered an interesting phishing webpage that caught our interest because it acts like a chameleon by changing and blending its color based on its environment. In addition, the site adapts its background page and logo depending on user input to trick its victims into giving away their email credentials.

A Simple Guide to Getting CVEs Published

This guide will, hopefully, let you skip the headaches and guesswork that we endured learning this process when you try to get a CVE published.

Stay Connected


Sign up to receive the latest security news and trends from Trustwave.

No spam, unsubscribe at any time.

Trending Topics