Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers – is the security community’s go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Sheepl : Automating People for Red and Blue Tradecraft

Whilst there is a wealth of information out there about how to build environments that can be used for training, offensive tradecraft development and blue team response detection, a vital part of these environments is hard to emulate. A computer...

Taking Advantage of AJAX for Account Enumeration

Context AJAX stands for Asynchronous JavaScript And XML. It's a set of web development techniques using many web technologies on the client side to create asynchronous web applications. In some cases, XML is not used, but JavaScript is almost always...

10 Years On – A Look Back at MS08-067

It has been ten years since the release of MS08-067. Unlike many of the other incidents over the years, this vulnerability has developed a celebrity life of its own (even including pillow shams!). It has a warm place in the...

Fake ASIC Renewal Spam Delivers Malware to Australian Companies

The Australian Securities and Investment Commission (ASIC) is an independent government agency that is Australia's corporate, market and financial services regulator. ASIC provides several services including registration services for Australian companies. Opportunist Scammers taking advantage of the new year, leveraged...

Multi-Stage Email Word Attack Without Macros

Malware authors often distribute malware through code macros in Microsoft Office documents such as Word, Excel, or PowerPoint. Regardless of the particular Office version, macros can be executed whenever the user opens the file. By default users get warnings from...

Using Buildroot for Security Research of IoT and Other Embedded Systems

These days many vendors, like IoT vendors, use Linux running on top of ARM CPU for their embedded solutions. Some of these vendors use a tool called buildroot (https://buildroot.org) to produce a root filesystem for the device. This becomes obvious...

Denial of Service Vulnerability in Brother Printers

A vulnerability in the web front-end of Brother printers (called Debut) allows an attacker to launch a Denial of Service attack. The attack is executed by sending a single malformed HTTP POST request. The attacker will receive a 500 error...

Fake Power and Broadband Utility Bills serve Banking Trojans to Aussies

Authors: Dr. Fahim Abbasi, Nicholas Ramos, Rodel Mendrez and Gerald Carsula In our previous blog we highlighted how a group of scammers were targeting financial software customers by spamming out Microsoft Sharepoint URLs that lead the target to fake invoices...

“Don’t Mine Me” – Coinhive

What's worse than annoying ads on a website? Crypto Miner on a website! Over the last couple of weeks there has been a lot of talk about Coinhive, a service that claims to provide an alternative to advertising for monetizing...

Post-Soviet Bank Heists: A Hybrid Cybercrime Study

Today we are publishing a SpiderLabs Advanced Threat Report that details a major cyberattack targeting banks mainly located in post-Soviet states. All the attacks share a common profile and the finely tuned orchestration of the entire operation shows an innovative...

Emotet lives another day using Fake O2 invoice notifications

Authors: Dr. Fahim Abbasi and Nicholas Ramos We witnessed a widespread phishing campaign targeting O2 customers, that surfaced on 18th August, 2017 and continued intermittently until 21st August, 2017. Telefonica UK Limited, trading as O2, is a major telco provider...

The Spam, JavaScript and Ransomware Triangle

Authors: Dr. Fahim Abbasi and Nicholas Ramos Introduction Our global spam honeypot sensors detected a pervasive email campaign that was leveraging a zipped attachment containing a malicious JavaScript. When opened, the JavaScript was used to infect victims with ransomware. This...

Chip Off the Old EMV

Recently, Jason Knowles of ABC 7's I-Team asked us, "What is the security risk if your EMV chip falls off your credit card? What could someone do with that?" My first thought was, "How in the hell does the chip...

Petya From The Wire: Detection using IDPS

Most malware that traverses a network do so with specific indicators, some of which look like legitimate network traffic and others that are completely unique to the malware. A single IDPS signature can have high confidence of detecting an infection...

A Computational Complexity Attack against Racoon and ISAKMP Fragmentation

Trustwave recently reported a remotely exploitable computational complexity vulnerability in the racoon isakmp daemon that is part of the ipsec-tools open-source project (http://ipsec-tools.sourceforge.net/). The vulnerability is present in the handling of fragmented packets. A computational complexity attack seeks to cause...

Petya Ransomware: A glimpse of the past, the present, and the future

Contributed by: Gerald Carsula, Rodel Mendez, and Nicholas Ramos Ransomware seem to be the trend now and this type of malware will no doubt continue to grow. But do you still remember in the 90's when boot viruses were the...

Elephone P9000 Lock Screen Lockout Bypass

Brute force attacks against smartphones are not usually a viable attack vector. Manufacturers employ scaling lockouts that progress into longer and longer periods between attempts and, if the user is security conscious, the device may wipe after 10 attempts. However...

0-Day Alert: Your Humax WiFi Router Might Be In Danger

Over the years WiFi Routers have been notoriously susceptible to simple attacks. In early 2017, Trustwave SpiderLabs Researcher Simon Kenin identified 43 different models of Netgear Router to be vulnerable for Remote and Local Password Disclosure. More recently, in May...

ModSecurity Web Application Firewall - Commercial Rules Update

We have just released new commercial rules for ModSecurity Web Application Firewall (WAF) v2.9 and above. These rules' purpose is to protect against new emerging attacks that target vulnerabilities in public software. For this release we would like to highlight...

URSNIF is Back Riding a New Wave of Spam

The infamous data-stealing URSNIF malware has done it again and it's here to collect more keystrokes, login credentials, browsing activities, and other user activities. It continues to undress and dress itself differently, time and time again. Earlier this year, we...

Stay Connected


Subscribe

Sign up to receive the latest security news and trends from Trustwave.

No spam, unsubscribe at any time.


Trending Topics