Honeypot Recon: New Variant of SkidMap Targeting Redis

Intro Since Redis is becoming increasingly popular around the world, we decided to investigate ...

Read More

Healthcare Threat Landscape 2022-2023: Common TTPs Used by Top Ransomware Groups Targeting the Healthcare Sector

The healthcare sector has been under constant threat from cybercriminals due to the sensitive ...

Read More

ModSecurity v3: DoS Vulnerability in Four Transformations (CVE-2023-38285)

ModSecurity is an open-source Web Application Firewall (WAF) engine maintained by Trustwave. This ...

Read More

Cybersecurity in the Healthcare Industry: Trustwave SpiderLabs Report

In their latest report titled "Cybersecurity in the Healthcare Industry: Actionable Intelligence ...

Read More

It’s Raining Phish and Scams – How Cloudflare Pages.dev and Workers.dev Domains Get Abused

As they say, when it rains, it pours. Recently, we observed more than 3,000 phishing emails ...

Read More

Honeypot Recon: Enterprise Applications Honeypot - Unveiling Findings from Six Worldwide Locations

To obtain a better perspective of attacks worldwide, Trustwave has implemented a network of ...

Read More

SNAPPY: Detecting Rogue and Fake 802.11 Wireless Access Points Through Fingerprinting Beacon Management Frames

Read More

Honeypot Recon: MSSQL Server – Database Threat Overview '22/'23

Introduction In a constantly connected world, protecting sensitive data in what are often complex ...

Read More

Brute-forcing ButterflyMX Virtual Keys and Hacking Time Limits

Recently, I discovered two vulnerabilities in the ButterflyMX system which were responsibly ...

Read More

KillNet, Anonymous Sudan, and REvil Unveil Plans for Attacks on US and European Banking Systems

In a recent development, Russian hackers have declared their intention to launch cyberattacks on ...

Read More

Honeypot Recon: Global Database Threat Landscape

In today's digital era, the importance of securing databases cannot be overstated. As more and more ...

Read More

Trustwave Action Response: Zero Day Vulnerability in Barracuda Email Security Gateway Appliance (ESG) (CVE-2023-2868)

On May 19, 2023, Barracuda Networks identified a remote command injection vulnerability ...

Read More

From Admin to AdminPlusPlus: Breaking Out of Sandboxed Applications Through Recon, Being Brave and Abusing SSO Domain Account Mappings

I've been pentesting applications for nearly two decades now and throughout that time you get to ...

Read More

Trustwave Action Response: Zero Day Exploitation of MOVEit (CVE-2023-34362)

Update - June 16, 2023: The second vulnerability mentioned in the June 12 update now has an ...

Read More

Hunting For Password Reset Tokens By Spraying And Using HTTP Pipelining

As is tradition with my blog posts, let’s start off a definition of what HTTP pipelining is all ...

Read More

Analyzing the NTC Vulkan Leak: What it Says About Russia's Cyber Capabilities

Information disclosed in the leaked NTC Vulkan papers allows us to investigate the high probability ...

Read More

Microsoft Encrypted Restricted Permission Messages Deliver Phishing

Over the past few days, we have seen phishing attacks that use a combination of compromised ...

Read More

From Response To Request, Adding Your Own Variables Inside Of GraphQL Queries For Account Take Over

For those wondering what GraphQL is…

Read More

When User Impersonation Features In Applications Go Bad

A user impersonation feature typically allows a privileged user, such as an administrator, but ...

Read More

Abusing Time-Of-Check Time-Of-Use (TOCTOU) Race Condition Vulnerabilities in Games, Harry Potter Style

I feel I need to clarify, for legal reasons, that this is nothing to do with any Harry Potter game. ...

Read More

Rendezvous with a Chatbot: Chaining Contextual Risk Vulnerabilities

Ignoring the little stuff is never a good idea. Anyone who has pretended that the small noise their ...

Read More

Why It’s Important to Change Default Credentials

Security best practice guidelines always call for changing default passwords as any password left ...

Read More

Dissecting Buffer Overflow Attacks in MongoDB

Towards the end of 2020, a new vulnerability in MongoDB was found and published. The vulnerability ...

Read More

CVE-2023-29383: Abusing Linux chfn to Misrepresent /etc/passwd

A little bit of background for those not familiar with chfn…

Read More

Deobfuscating the Recent Emotet Epoch 4 Macro

In early March, one of the notorious botnets, Emotet, resumed its spamming activities after a ...

Read More

Rilide: A New Malicious Browser Extension for Stealing Cryptocurrencies

Trustwave SpiderLabs uncovered a new strain of malware that it dubbed Rilide, which targets ...

Read More

Trustwave Action Response: Supply Chain Attack Using 3CX PABX Software

Overview On March 29, a massive supply chain compromise in 3CX software resulted in malware being ...

Read More

Anonymous Sudan: Religious Hacktivists or Russian Front Group?

The Trustwave SpiderLabs research team has been tracking a new threat group calling itself ...

Read More