Trustwave achieves verified MXDR solution and FastTrack ready partner status from Microsoft. Learn More

Trustwave achieves verified MXDR solution and FastTrack ready partner status from Microsoft. Learn More

Managed Detection & Response

Eradicate cyberthreats with world-class intel and expertise

Managed Security Services

Expand your team’s capabilities and strengthen your security posture

Consulting & Professional Services

Tap into our global team of tenured cybersecurity specialists

Penetration Testing

Subscription- or project-based testing, delivered by global experts

Database Security

Get ahead of database risk, protect data and exceed compliance requirements

Email Security & Management

Catch email threats others miss with layered security & maximum control

Co-Managed SOC (SIEM)

Eliminate alert fatigue, focus your SecOps team, stop threats fast, and reduce cyber risk

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
The Trustwave Approach
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Platform
SpiderLabs Fusion Center
Security Operations Centers
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

It’s Raining Phish and Scams – How Cloudflare and Domains Get Abused

As they say, when it rains, it pours. Recently, we observed more than 3,000 phishing emails containing phishing URLs abusing services at and domains.

Read More

Honeypot Recon: Enterprise Applications Honeypot - Unveiling Findings from Six Worldwide Locations

To obtain a better perspective of attacks worldwide, Trustwave has implemented a network of honeypots located in multiple countries across the globe. By distributing honeypots in..

Read More

Honeypot Recon: MSSQL Server – Database Threat Overview '22/'23

Introduction In a constantly connected world, protecting sensitive data in what are often complex database structures requires staying up to date with cyber criminals’ malicious..

Read More

Brute-forcing ButterflyMX Virtual Keys and Hacking Time Limits

Recently, I discovered two vulnerabilities in the ButterflyMX system which were responsibly disclosed to the vendor. The vendor has mitigated the highest-risk vulnerability, which..

Read More

KillNet, Anonymous Sudan, and REvil Unveil Plans for Attacks on US and European Banking Systems

In a recent development, Russian hackers have declared their intention to launch cyberattacks on the European financial system within the next 48 hours. The announcement was made..

Read More

Honeypot Recon: Global Database Threat Landscape

In today's digital era, the importance of securing databases cannot be overstated. As more and more global businesses and organizations rely on DBMS systems to store tons of..

Read More

Trustwave Action Response: Zero Day Vulnerability in Barracuda Email Security Gateway Appliance (ESG) (CVE-2023-2868)

On May 19, 2023, Barracuda Networks identified a remote command injection vulnerability (CVE-2023-2868) present in the Barracuda Email Security Gateway (appliance form factor..

Read More

From Admin to AdminPlusPlus: Breaking Out of Sandboxed Applications Through Recon, Being Brave and Abusing SSO Domain Account Mappings

I've been pentesting applications for nearly two decades now and throughout that time you get to see trends. One of these is the gradual adoption of Single Sign-On (SSO) in the..

Read More

Trustwave Action Response: Zero Day Exploitation of MOVEit (CVE-2023-34362)

Update - June 16, 2023: The second vulnerability mentioned in the June 12 update now has an assigned CVE number: CVE-2023-35036. On June 15, a third SQL injection vulnerability..

Read More

Hunting For Password Reset Tokens By Spraying And Using HTTP Pipelining

As is tradition with my blog posts, let’s start off a definition of what HTTP pipelining is all about.

Read More

Analyzing the NTC Vulkan Leak: What it Says About Russia's Cyber Capabilities

Information disclosed in the leaked NTC Vulkan papers allows us to investigate the high probability of cooperation between the Russian private software development company and the..

Read More

Microsoft Encrypted Restricted Permission Messages Deliver Phishing

Over the past few days, we have seen phishing attacks that use a combination of compromised Microsoft 365 accounts and .rpmsg encrypted emails to deliver the phishing message. At..

Read More

When User Impersonation Features In Applications Go Bad

A user impersonation feature typically allows a privileged user, such as an administrator, but typically these days, support teams, to sign into an application as a specific user..

Read More

Abusing Time-Of-Check Time-Of-Use (TOCTOU) Race Condition Vulnerabilities in Games, Harry Potter Style

I feel I need to clarify, for legal reasons, that this is nothing to do with any Harry Potter game. The reference is made because we are dealing with spells and magic, and I mean..

Read More

Rendezvous with a Chatbot: Chaining Contextual Risk Vulnerabilities

Ignoring the little stuff is never a good idea. Anyone who has pretended that the small noise their car engine is making is unimportant, only to later find themselves stuck on the..

Read More

Why It’s Important to Change Default Credentials

Security best practice guidelines always call for changing default passwords as any password left on the factory preset is considered low hanging fruit, essentially just waiting..

Read More