Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

HQL Injection Exploitation in MySQL

Who heard about HQL injection exploitation? I bet not a lot of people will raise the hand. But it has to be intuitive it’s something about SQL Injection. Yes, but a little bit more complex.

Hardcoded Credentials in Uniguest Kiosk Software Lead to API Compromise

If you've traveled at all within North America, you've likely at some point noticed or even used the shared kiosk machines available in hotel lobbies. These are typically running a locked-down version of Windows, and chances are they are managed by Uniguest software.

Patch Tuesday, July 2019

Patch Tuesday for July is here and after the massive release in June, the 77 patches issued this month seem manageable. Sixteen of the CVEs patched are rated "Critical", sixty are rated as "Important", and one singular CVE rated as "Moderate".

“Sexfavor” Email Scam Delivers Danabot

Sextortion has been a widely used theme in spam campaigns since Q1 of 2018. From simple crafted emails containing just plain text, extortion scams have evolved – even to the point of adding malicious attachments in Q1 of 2019. Since then, we’ve seen more and more attackers use sextortion spam emails as the arrival vector of their malware.

Executing Code Using Microsoft Teams Updater

Red Teamers like to hunt for new methods of code execution through “legitimate” channels, and I’m no exception to that rule. This time Microsoft Teams was my target. Teams was an interesting candidate since it uses modern technology called Electron. Electron is basically nodejs embedded in an executable.  Let’s dive into the application whitelisting bypass using Update.exe that is shipped with Microsoft Teams.

UNC Path Injection with Microsoft Access

I’ve previously created a couple of blog post’s focused around phishing with Microsoft Access https://medium.com/@rvrsh3ll. This blog post continues down the path of utilizing features in Microsoft Access that an attacker or penetration tester may utilize to gain further access into an organization.

Necurs Spam uses DNS TXT Records for Redirection

Recently we noticed the Necurs botnet launching a small spam campaign with a HTML redirector as an attachment. The HTML is crafted to perform a DNS query to the spammer’s domain, obtain the DNS TXT Record and execute data within that record. This leads to redirection to unwanted advertisements and scam webpages. This is the first time we have seen this botnet delve into this strategy.

Patch Tuesday, June 2019

For June's Patch Tuesday, Microsoft is releasing four advisories and patches for a massive 91 CVEs, the largest Patch Tuesday release in well over a year. Twenty-one of those CVEs are rated "Critical," 69 are rated "Important," and one CVE was rated "Moderate."

Patch Tuesday, May 2019

May's Patch Tuesday is here and brings with it patches for 79 CVEs. Twenty-two of those CVEs are rated "Critical," 56 are rated "Important," and one single CVE was rated "Moderate."

Announcing the 2019 Trustwave Global Security Report

Today we released our 2019 Global Security Report. The report is based on the analysis of billions of logged security and compromise events worldwide, hundreds of hands-on data-breach and forensic investigations, manual penetration tests, network vulnerability scans and internal research over the course of 2018.

Patch Tuesday, April 2019

Along with "Spring Showers" up here in the Northern Hemisphere, April also brings with it Microsoft's Patch Tuesday. This release includes patches for 75 CVEs and Adobe's Flash Update.

Spammed PNG file hides LokiBot

Recently we came across a spam message from our traps that looked truly odd when viewed from our Secure Email Gateway console.

Fake CIA Sextortion Scam Uses SatoshiBox

Another round of sextortion scam emails with a pdf attachment were pushed out recently claiming to be from the Central Intelligence Agency (CIA). What's new in this batch of spams is that this is the first time we have seen the scammers use an online web platform in collecting the ransom.

Attacker Tracking Users Seeking Pakistani Passport

A few days ago we encountered a breach on a Pakistani government site which was compromised to deliver a dangerous payload- the Scanbox Framework. This compromise is exactly the kind of attack we were concerned about when discussing the danger in a previous compromise that we uncovered just a few weeks ago against another government site, at that time the Bangladesh Embassy in Cairo.

BEC Payroll Scam: Your Salary is Mine!

Con men have been exploiting human psychology since the dawn of time. Equipped with the capabilities of the digital age they now have the means to launch voluminous lucrative con schemes at a global scale.

Patch Tuesday, March 2019

his month's Patch Tuesday brings with it four advisories and patches for 64 CVEs including a patch for a zero-day actively exploited in the wild.

QRCode Used in Extortion Spam Campaign

Sextortion is a form of sex-themed exploitation via email where victims are coerced to give money to the scammer. Sextortion campaigns have become a large issue in the last year....

Sheepl 2.0: Automating People for Red and Blue Tradecraft

When I first released Sheepl 0.1 in September 2018 as part of a talk, I wanted to showcase a different approach to user emulation, and the initial idea was well received. Security and IT professionals could see the potential and.....

Stay Connected


Sign up to receive the latest security news and trends from Trustwave.

No spam, unsubscribe at any time.

Trending Topics