Decade Retrospective: The State of Vulnerabilities
July 18, 2022 | Shrijin Srinivasan, Alex Rothacker
Decade Retrospective: The State of Vulnerabilities The Spanish philosopher ...
CVE-2022-29593- Authentication Bypass by Capture Replay (Dingtian-DT-R002)
July 06, 2022 | Victor Hanna
In the OT space it is increasingly common to see devices that are used to ...
Interactive Phishing Mark II: Messenger Chatbot Leveraged in a New Facebook-Themed Spam
June 28, 2022 | Katrina Udquin
Facebook Messenger is one of the most popular messaging platforms in the world, ...
The Importance of White-Box Testing: A Dive into CVE-2022-21662
June 17, 2022 | Adeeb Shah
I want to take some time to explain the importance of using a white-box ...
ModBus 101: One Protocol to Rule the OT World
June 10, 2022 | Victor Hanna
Ever wondered how large-scale power plants monitor or control the myriad of ...
Trustwave's Action Response: More MSDT Fallout with “Dogwalk”
June 09, 2022 | SpiderLabs Researcher
A zero-day vulnerability has been re-disclosed that is very similar to the ...
Not all "Internet Connections" are Equal
June 08, 2022 | John Anderson
People commonly think that any “Internet Connection” is exactly the same, or ...
Trustwave's Action Response: Microsoft zero-day CVE-2022-30190 (aka Follina)
June 03, 2022 | SpiderLabs Researcher
Update June 7 - In the event of a compromise related to the Follina ...
Trustwave's Action Response: Atlassian Confluence CVE-2022-26134
June 03, 2022 | SpiderLabs Researcher
Updated June 5 - Atlassian issued a fix for CVE-2022-30190 for versions 7.4.17, ...
Grandoreiro Banking Malware Resurfaces for Tax Season
May 26, 2022 | Bernard Bautista
Trustwave SpiderLabs in early April observed a Grandoreiro malware campaign ...
Interactive Phishing: Using Chatbot-like Web Applications to Harvest Information
May 19, 2022 | Adrian Perez
Phishing website links are commonly delivered via email to their respective ...
PwnFox - An IDOR Hunter's Best Friend
May 13, 2022 | Adeeb Shah
Maybe I’m a bit late to the game on this one, but I recently discovered PwnFox ...
Trustwave’s Action Response: F5 BIG-IP Vulnerability (CVE-2022-1388)
May 11, 2022 | SpiderLabs Researcher
Trustwave SpiderLabs is tracking a new critical-rated vulnerability ...
Stormous: The Pro-Russian, Clout Hungry Ransomware Gang Targets the US and Ukraine
April 29, 2022 | Trustwave SpiderLabs
May 2 Stormous update: The Trustwave SpiderLabs team has noted Stormous’ ...
Tough Times for Ukrainian Honeypot?
April 15, 2022 | Radoslaw Zdonczyk
Intro We've recently been inundated with news of increased cyberattacks and a ...
Trustwave’s Action Response: CVE-2022-22965 and CVE-2022-22963
March 31, 2022 | SpiderLabs Researcher
Update 4/1: This blog was updated to reflect the release of IDS and ModSecurity ...
Cyber Attackers Leverage Russia-Ukraine Conflict in Multiple Spam Campaigns
March 25, 2022 | Trustwave SpiderLabs
The Trustwave SpiderLabs email security team has been monitoring the ongoing ...
Vidar Malware Launcher Concealed in Help File
March 24, 2022 | Diana Lopera
Appending a malicious file to an unsuspecting file format is one of the tricks ...
Trustwave’s Action Response: The Lapsus$ Hacker Group Shows Us the Importance of Securing the Digital Supply Chain
March 23, 2022 | Trustwave SpiderLabs
Update March 24: This blog has been updated to reflect the new information ...
Dissecting a Phishing Campaign with a Captcha-based URL
March 22, 2022 | Karla Agregado
In today’s environment, much of the population are doing their banking or ...
The Attack of the Chameleon Phishing Page
March 16, 2022 | Homer Pacag
Recently, we encountered an interesting phishing webpage that caught our ...
A Simple Guide to Getting CVEs Published
March 14, 2022 | Adeeb Shah Bobby Cooke
We were once newcomers to the security research field and one of the most ...
Bypassing MFA: A Pentest Case Study
March 11, 2022 | Adeeb Shah
When a company implements multifactor authentication, the organization is ...
Dark Web Insights: Evolving Cyber Tactics Aim to Impact the Russia-Ukraine Conflict
March 03, 2022 | Ziv Mador
Update: March 9: Additional phishing emails have been sighted by Trustwave ...
Trustwave’s Action Response: Russia-Ukraine Crisis – Defending Your Organization From Geopolitical Cybersecurity Threats
February 24, 2022 | SpiderLabs Researcher
Feb. 28 Update: The latest economic sanctions imposed upon Russia could inspire ...
From Stored XSS to Code Execution using SocEng, BeEF and elFinder CVE-2021-45919
February 08, 2022 | John Jackson
Summary A stored cross-site scripting vulnerability, tracked as CVE-2021-45919, ...
ServiceNow - Username Enumeration Vulnerability (CVE-2021-45901)
February 04, 2022 | Victor Hanna
During a recent engagement Trustwave SpiderLabs discovered a vulnerability ...
CVE-2020-0696 - Microsoft Outlook Security Feature Bypass Vulnerability
January 27, 2022 | Reegun Jayapaul
Summary: During an investigation of a malware campaign, I discovered that ...