Trustwave achieves verified MXDR solution and FastTrack ready partner status from Microsoft. Learn More

Trustwave achieves verified MXDR solution and FastTrack ready partner status from Microsoft. Learn More

Managed Detection & Response

Eradicate cyberthreats with world-class intel and expertise

Managed Security Services

Expand your team’s capabilities and strengthen your security posture

Consulting & Professional Services

Tap into our global team of tenured cybersecurity specialists

Penetration Testing

Subscription- or project-based testing, delivered by global experts

Database Security

Get ahead of database risk, protect data and exceed compliance requirements

Email Security & Management

Catch email threats others miss with layered security & maximum control

Co-Managed SOC (SIEM)

Eliminate alert fatigue, focus your SecOps team, stop threats fast, and reduce cyber risk

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
The Trustwave Approach
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Platform
SpiderLabs Fusion Center
Security Operations Centers
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

CVE-2022-37461: Two Reflected XSS Vulnerabilities in Canon Medical’s Vitrea View

Overview During a penetration test, Trustwave Spiderlabs’ researchers, Jordan Hedges and Avery Warddhana - previously with Trustwave - identified two vulnerabilities in..

Read More

Retaliation by the Pro-Russian Group KillNet

At the beginning of the Russia-Ukraine conflict, KillNet - a Russian cybergang - began actively collecting open-source intelligence (OSINT), which drew interest from various..

Read More

2022 Trustwave SpiderLabs Telemetry Report

As organizations go about their regular routine of finding and adding new technologies to help increase their overall success, each organization must keep in mind the security..

Read More

Oracle SBC: Multiple Security Vulnerabilities Leading to Unauthorized Access and Denial of Service

Oracle Communications Session Border Controller (SBC) is one of the most popular products worldwide that helps service providers deliver trusted, carrier-grade, real-time..

Read More

Overview of the Cyber Weapons Used in the Ukraine - Russia War

Observing the ongoing conflict between Russia and Ukraine, we can clearly see that cyberattacks leveraging malware are an important part of modern hybrid war strategy.

Read More

The Price Cybercriminals Charge for Stolen Data

For the price of a Starbuck’s Caramel Frappuccino Grande and a cheese Danish, about $8, a cybercriminal can obtain all the information needed to max out a person’s stolen credit..

Read More

IPFS: The New Hotbed of Phishing

A few months ago, we reported on an interesting site called the Chameleon Phishing Page. These websites have the capability to change their background and logo depending on the..

Read More

Want To Become A Red Teamer? This Is What You Need To Know

Everyone loves buzz words, no? Red team is the newest (well... not that new) coolest thing on the streets of information security city and many cybersecurity pros want to jump..

Read More

Decade Retrospective: The State of Vulnerabilities

Decade Retrospective: The State of Vulnerabilities The Spanish philosopher George Santayana is credited with the aphorism “Those who cannot learn from history are doomed to repeat..

Read More

CVE-2022-29593- Authentication Bypass by Capture Replay (Dingtian-DT-R002)

In the OT space it is increasingly common to see devices that are used to bridge the gap between the world of PLCs and IP based networks.

Read More

Interactive Phishing Mark II: Messenger Chatbot Leveraged in a New Facebook-Themed Spam

Facebook Messenger is one of the most popular messaging platforms in the world, amassing 988 million monthly active users as of January 2022, according to Statista. One important..

Read More

The Importance of White-Box Testing: A Dive into CVE-2022-21662

I want to take some time to explain the importance of using a white-box approach when testing applications for vulnerabilities.

Read More

ModBus 101: One Protocol to Rule the OT World

Ever wondered how large-scale power plants monitor or control the myriad of systems that fill their environment? Have you thought about how some of the world’s greatest industrial..

Read More

Trustwave's Action Response: More MSDT Fallout with “Dogwalk”

A zero-day vulnerability has been re-disclosed that is very similar to the Follina zero-day announced last week and is actively being tracked by Trustwave SpiderLabs. The..

Read More

Not all "Internet Connections" are Equal

People commonly think that any “Internet Connection” is exactly the same, or they may be vaguely aware that some connections are faster than others. However, there are significant..

Read More

Trustwave's Action Response: Microsoft zero-day CVE-2022-30190 (aka Follina)

Update June 7 - In the event of a compromise related to the Follina vulnerability, IT teams can potentially identify network connections in the registry associated with the..

Read More

Trustwave's Action Response: Atlassian Confluence CVE-2022-26134

Updated June 5 - Atlassian issued a fix for CVE-2022-30190 for versions 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4 and 7.18.1. The updated versions are available here.

Read More

Grandoreiro Banking Malware Resurfaces for Tax Season

Trustwave SpiderLabs in early April observed a Grandoreiro malware campaign targeting bank users from Brazil, Spain, and Mexico. The campaign exploits the tax season in target..

Read More