Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Digging Deep Into Magecart Malware

Last week, one of my SpiderLabs colleagues was working on a PCI forensic triage for a website. During his investigation, he asked me to check out some HTTP traffic he captured during an online retail store checkout session.

Spam Masters of Extortion, Illusion and Evasion

In 2018 we saw a rise in sextortion scams in which cyber-criminals notified their victims via email that they have hacked or infected the victim’s computer with malware. Or the perpetrators had procured evidence in the form of personal recordings of the victim performing sexual acts or having illegal files of sexual content on their computer. The scammers then threatened to publicly expose the victim unless a ransom demand is paid in cryptocurrency (bitcoin) within a given time.

Kernel Buffer Overflow in Trusteer Rapport for MacOS

Trustwave recently reported a Kernel based vulnerability in a driver bundled along with IBM Trusteer Rapport for MacOS. The vulnerability is a signedness bug leading to a Kernel stack memory corruption issue in a call to memcpy. IBM Trusteer Rapport is security software advertised as an additional layer of security to anti-virus software. It is designed to protect confidential data, such as account credentials, from being stolen by malicious software (malware) and via phishing.

Rise of the Webminers

About a year ago webminers began to appear on more and more website. It was popularized by CoinHive and a couple of high-profile scandals revolving around ThePirateBay and Showtime and, in the span of a year, it has evolved into the most common consequence a compromised site suffers- a webminer injection, or “cryptojacking”.

Magecart - An overview and defense mechanisms

This blog post offers insight into Magecart and offers advice on how t protect your systems from this threat using a number of methods including ModSecurity WAF rules.

Sheepl : Automating People for Red and Blue Tradecraft

Whilst there is a wealth of information out there about how to build environments that can be used for training, offensive tradecraft development and blue team response detection, a vital part of these environments is hard to emulate. A computer...

Taking Advantage of AJAX for Account Enumeration

Context AJAX stands for Asynchronous JavaScript And XML. It's a set of web development techniques using many web technologies on the client side to create asynchronous web applications. In some cases, XML is not used, but JavaScript is almost always...

10 Years On – A Look Back at MS08-067

It has been ten years since the release of MS08-067. Unlike many of the other incidents over the years, this vulnerability has developed a celebrity life of its own (even including pillow shams!). It has a warm place in the...

The Underground Job Market

"Leave your ego at the door every morning, and just do some truly great work. Few things will make you feel better than a job brilliantly done." Robin S. Sharma The last time we visited the cybercriminal underground, we introduced...

Fake ASIC Renewal Spam Delivers Malware to Australian Companies

The Australian Securities and Investment Commission (ASIC) is an independent government agency that is Australia's corporate, market and financial services regulator. ASIC provides several services including registration services for Australian companies. Opportunist Scammers taking advantage of the new year, leveraged...

Multi-Stage Email Word Attack Without Macros

Malware authors often distribute malware through code macros in Microsoft Office documents such as Word, Excel, or PowerPoint. Regardless of the particular Office version, macros can be executed whenever the user opens the file. By default users get warnings from...

Using Buildroot for Security Research of IoT and Other Embedded Systems

These days many vendors, like IoT vendors, use Linux running on top of ARM CPU for their embedded solutions. Some of these vendors use a tool called buildroot ( to produce a root filesystem for the device. This becomes obvious...

Denial of Service Vulnerability in Brother Printers

A vulnerability in the web front-end of Brother printers (called Debut) allows an attacker to launch a Denial of Service attack. The attack is executed by sending a single malformed HTTP POST request. The attacker will receive a 500 error...

Fake Power and Broadband Utility Bills serve Banking Trojans to Aussies

Authors: Dr. Fahim Abbasi, Nicholas Ramos, Rodel Mendrez and Gerald Carsula In our previous blog we highlighted how a group of scammers were targeting financial software customers by spamming out Microsoft Sharepoint URLs that lead the target to fake invoices...

“Don’t Mine Me” – Coinhive

What's worse than annoying ads on a website? Crypto Miner on a website! Over the last couple of weeks there has been a lot of talk about Coinhive, a service that claims to provide an alternative to advertising for monetizing...

Post-Soviet Bank Heists: A Hybrid Cybercrime Study

Today we are publishing a SpiderLabs Advanced Threat Report that details a major cyberattack targeting banks mainly located in post-Soviet states. All the attacks share a common profile and the finely tuned orchestration of the entire operation shows an innovative...

Emotet lives another day using Fake O2 invoice notifications

Authors: Dr. Fahim Abbasi and Nicholas Ramos We witnessed a widespread phishing campaign targeting O2 customers, that surfaced on 18th August, 2017 and continued intermittently until 21st August, 2017. Telefonica UK Limited, trading as O2, is a major telco provider...

The Spam, JavaScript and Ransomware Triangle

Authors: Dr. Fahim Abbasi and Nicholas Ramos Introduction Our global spam honeypot sensors detected a pervasive email campaign that was leveraging a zipped attachment containing a malicious JavaScript. When opened, the JavaScript was used to infect victims with ransomware. This...

Stay Connected


Sign up to receive the latest security news and trends from Trustwave.

No spam, unsubscribe at any time.

Trending Topics