Cyber Attackers Leverage Russia-Ukraine Conflict in Multiple Spam Campaigns

The Trustwave SpiderLabs email security team has been monitoring the ongoing Russia-Ukraine crisis ...

Read More

Vidar Malware Launcher Concealed in Help File

Appending a malicious file to an unsuspecting file format is one of the tricks our adversaries use ...

Read More

Trustwave’s Action Response: The Lapsus$ Hacker Group Shows Us the Importance of Securing the Digital Supply Chain

Update March 24: This blog has been updated to reflect the new information provided by vendors ...

Read More

Dissecting a Phishing Campaign with a Captcha-based URL

In today’s environment, much of the population are doing their banking or financial transactions ...

Read More

The Attack of the Chameleon Phishing Page

Recently, we encountered an interesting phishing webpage that caught our interest because it acts ...

Read More

A Simple Guide to Getting CVEs Published

We were once newcomers to the security research field and one of the most annoying problems we ran ...

Read More

Bypassing MFA: A Pentest Case Study

When a company implements multifactor authentication, the organization is usually confident that ...

Read More

Dark Web Insights: Evolving Cyber Tactics Aim to Impact the Russia-Ukraine Conflict

Update: March 9: Additional phishing emails have been sighted by Trustwave SpiderLabs researchers ...

Read More

Trustwave’s Action Response: Russia-Ukraine Crisis – Defending Your Organization From Geopolitical Cybersecurity Threats

Feb. 28 Update: The latest economic sanctions imposed upon Russia could inspire that nation or ...

Read More

From Stored XSS to Code Execution using SocEng, BeEF and elFinder CVE-2021-45919

Summary A stored cross-site scripting vulnerability, tracked as CVE-2021-45919, was identified in ...

Read More

ServiceNow - Username Enumeration Vulnerability (CVE-2021-45901)

During a recent engagement Trustwave SpiderLabs discovered a vulnerability (CVE-2021-45901) within ...

Read More

CVE-2020-0696 - Microsoft Outlook Security Feature Bypass Vulnerability

Summary: During an investigation of a malware campaign, I discovered that multiple emails were ...

Read More

Trustwave Action Response: Polkit Privilege Escalation Vulnerability - PwnKit (CVE-2021-4034)

Summary of Trustwave Actions (updated 1/26/2022): Trustwave security and engineering teams became ...

Read More

Trustwave Threat Hunting Guide: Identifying PwnKit (CVE-2021-4034) Exploitation

The Trustwave Threat Hunting team has authored a practical guide to help the cybersecurity ...

Read More

Dark Web Recon: Cybercriminals Fear More Law Enforcement Action in the Wake of the REvil Takedown

In the wake of the takedown of the REvil/Sodinokibi ransomware gang by the Russian Federal Security ...

Read More

Decrypting Qakbot’s Encrypted Registry Keys

Since the return of the Qakbot Trojan in early September 2021, especially through SquirrelWaffle ...

Read More

COVID-19 Phishing Lure to Steal and Mine Cryptocurrency

Recently, we observed a malware spam campaign leveraging the current COVID-19 situation. The emails ...

Read More

Trustwave's Action Response: Multiple Log4j Zero-Day Vulnerabilities

Updates: Dec. 29: Updated to cover three additional CVEs: CVE-2021-4104, CVE-2021-44832, and ...

Read More

Law Enforcement Collaboration Has Eastern-European Cybercriminals Questioning Whether There Is A Safe Haven Anymore

Through the active Dark Web research that Trustwave SpiderLabs conducts for its clients, we have ...

Read More

ModSecurity DoS Vulnerability in JSON Parsing (CVE-2021-42717)

ModSecurity is an open-source WAF engine maintained by Trustwave. This blog post discusses an issue ...

Read More

CrypKey License Service Allows Privilege Escalation

Overview CrypKey (https://www.crypkey.com/) is a third-party licensing service for Windows that ...

Read More

BlackByte Ransomware – Pt. 1 In-depth Analysis

Please click here for Part 2

Read More

BlackByte Ransomware – Pt 2. Code Obfuscation Analysis

In Part 1 of our BlackByte ransomware analysis, we covered the execution flow of the first stage ...

Read More

A Handshake with MySQL Bots

Edge Services It’s well known that we just don’t put services or devices on the edge of the ...

Read More

Missing Critical Vulnerabilities Through Narrow Scoping

The typical process when scoping a penetration test is to get a list of targets from the client, ...

Read More

How Lack of Awareness and Clinging to the Past Threaten Your Networks

The security landscape is always changing. New features are coming out all the time, but often ...

Read More

Patch Tuesday, August 2021

Here we are in August and it's Patch Tuesday once more. It's another light month with only 9 CVEs ...

Read More

SQL Injection in WordPress Plugins: ORDER and ORDER BY as Overlooked Injection Points

Trustwave SpiderLabs recently undertook a survey of some 100 popular WordPress plugins for possible ...

Read More