Fueling Chaos: Hacker Group Grinds 70% of Iran's Gasoline System to a Halt
The Iranian government has made the claim that a cyber threat group, identified as Gonjeshke ...
Read More
Top 10 SpiderLabs Blog Posts of 2023
The Top 10 Trustwave SpiderLabs’ blogs in 2023 reflected the cybersecurity landscape impacting ...
Read MoreHunting for Android Privilege Escalation with a 32 Line Fuzzer
Trustwave SpiderLabs tested a couple of Android OS-based mobile devices to conduct the research on ...
Read MoreSurfing the Tidal Waves of HR-Themed Spam Emails
Threat actors constantly improve their tactics and are always on the hunt for technical or social ...
Read MoreInstagram Phishing Targets Backup Codes
Recently, we noticed another strain of Instagram “Copyright Infringement” phishing emails in our ...
Read MoreHoneypot Recon: MySQL Malware Infection via User-Defined Functions (UDF)
In the vast world of cybersecurity, as technologies evolve, so do the methods attackers employ to ...
Read MoreTrustwave SpiderLabs Report: LockBit 3.0 Ransomware Vs. the Manufacturing Sector
As the manufacturing sector continues its digital transformation, Operational Technology (OT), ...
Read MoreOverview of the Cyberwarfare used in Israel – Hamas War
On October 7, 2023, the Palestinian organization Hamas launched the biggest attack on Israel in ...
Read MoreThe 2023 Retail Services Sector Threat Landscape: A Trustwave Threat Intelligence Briefing
The annual holiday shopping season is poised for a surge in spending, a fact well-known to ...
Read MorePwning Electroencephalogram (EEG) Medical Devices by Default
Overall Analysis of Vulnerability Identification – Default Credentials Leading to Remote Code ...
Read MoreHidden Data Exfiltration Using Time, Literally
I was looking at my watch last week and my attention was moved towards the seconds over at the ...
Read MoreUnveiling the CAPTCHA Escape: The Dance of CAPTCHA Evasion Using TOR
In this era, threat actors have proven to be tireless in their pursuit of exploiting ...
Read MoreHTTP/2 Rapid Reset
A recent vulnerability tracked as Rapid Reset (CVE-2023-44487) in the HTTP/2 protocol was recently ...
Read More2023 Financial Services Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies
Cyberattacks striking the financial services industry are more prevalent, dangerous, and hitting ...
Read MorePatch Tuesday, October 2023
Halloween is arriving and with it, Trustwave’s return to Patch Tuesday reports.
Read MoreAmazon (AWS) S3 Bucket Take Over
Let’s try something a bit different and take a look at some of Trustwave SpiderLabs’ Open Source ...
Read MoreMultiple Command and Control (C2) Frameworks During Red Team Engagements
When conducting Red Team engagements, more than one Command and Control (C2) framework would ...
Read MoreStealthy VBA Macro Embedded in PDF-like Header Helps Evade Detection
In the ever-evolving landscape of malware threats, threat actors are continually creating new ...
Read MoreTo OSINT and Beyond!
Open-Source Intelligence (OSINT) can be valuable for an organization and penetration testing ...
Read MoreTrustwave SpiderLabs Releases Actionable Cybersecurity Intelligence for the Hospitality Industry
The Trustwave SpiderLabs team conducted a multi-month investigation into the cyber threats facing ...
Read MoreA Bucket of Phish: Attackers Shift Tactics with Cloudflare R2 Public Buckets
In our previous blog, we found a lot of phishing and scam URLs abusing Cloudflare services using ...
Read MoreThreat-Loaded: Malicious PDFs Never Go Out of Style
Introduction In the realm of cybersecurity, danger hides where we least expect it and threats ...
Read MoreThe Evolution of Persistent Threats: From Chernobyl to BlackLotus
In this blog post, we will explore how the computer security landscape has expanded to reach below ...
Read MoreThink Before You Scan: The Rise of QR Codes in Phishing
QR Codes, the square images that contain coded information that can be scanned by a smartphone, are ...
Read MoreBehind the Invite: The Rise of Google Group Fake Order Fraud Emails
As the world shifted into remote work and distant learning during the pandemic lockdown, e-commerce ...
Read MoreBEC Trends: Payroll Diversion Dominates and Sneaky Multi-Persona Attacks Emerge
Business Email Compromise (BEC) remains a lucrative threat vector for attackers. The FBI’s IC3 ...
Read MoreGootloader: Why your Legal Document Search May End in Misery
Introduction Recently, we’ve seen a noticeable surge in malware cases linked to a malicious payload ...
Read MoreWormGPT and FraudGPT – The Rise of Malicious LLMs
As technology continues to evolve, there is a growing concern about the potential for large ...
Read More