Unveiling the CAPTCHA Escape: The Dance of CAPTCHA Evasion Using TOR
October 13, 2023 | Medz Barao
In this era, threat actors have proven to be tireless in their pursuit of ...
HTTP/2 Rapid Reset
October 13, 2023 | Medz Barao
A recent vulnerability tracked as Rapid Reset (CVE-2023-44487) in the HTTP/2 ...
2023 Financial Services Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies
October 11, 2023
Cyberattacks striking the financial services industry are more prevalent, ...
Patch Tuesday, October 2023
October 11, 2023 | Jeannette Dickens Hale
Halloween is arriving and with it, Trustwave’s return to Patch Tuesday reports.
Amazon (AWS) S3 Bucket Take Over
September 27, 2023 | Medz Barao
Let’s try something a bit different and take a look at some of Trustwave ...
Multiple Command and Control (C2) Frameworks During Red Team Engagements
September 21, 2023 | Philip Pieterse
When conducting Red Team engagements, more than one Command and Control (C2) ...
Stealthy VBA Macro Embedded in PDF-like Header Helps Evade Detection
September 20, 2023 | Rodel Mendrez
In the ever-evolving landscape of malware threats, threat actors are ...
To OSINT and Beyond!
September 13, 2023 | Medz Barao
Open-Source Intelligence (OSINT) can be valuable for an organization and ...
Trustwave SpiderLabs Releases Actionable Cybersecurity Intelligence for the Hospitality Industry
September 07, 2023
The Trustwave SpiderLabs team conducted a multi-month investigation into the ...
A Bucket of Phish: Attackers Shift Tactics with Cloudflare R2 Public Buckets
September 06, 2023 | Karla Agregado
In our previous blog, we found a lot of phishing and scam URLs abusing ...
Threat-Loaded: Malicious PDFs Never Go Out of Style
August 31, 2023 | Bernard Bautista
Introduction In the realm of cybersecurity, danger hides where we least expect ...
The Evolution of Persistent Threats: From Chernobyl to BlackLotus
August 30, 2023 | Jose Tozo
In this blog post, we will explore how the computer security landscape has ...
Think Before You Scan: The Rise of QR Codes in Phishing
August 29, 2023 | Mike Casayuran
QR Codes, the square images that contain coded information that can be scanned ...
Behind the Invite: The Rise of Google Group Fake Order Fraud Emails
August 25, 2023 | Maria Katrina Udquin and John Kevin Adriano
As the world shifted into remote work and distant learning during the pandemic ...
BEC Trends: Payroll Diversion Dominates and Sneaky Multi-Persona Attacks Emerge
August 24, 2023 | Maria Katrina Udquin
Business Email Compromise (BEC) remains a lucrative threat vector for ...
Gootloader: Why your Legal Document Search May End in Misery
August 11, 2023 | Rodel Mendrez
Introduction Recently, we’ve seen a noticeable surge in malware cases linked to ...
WormGPT and FraudGPT – The Rise of Malicious LLMs
August 08, 2023 | Arthur Erzberger
As technology continues to evolve, there is a growing concern about the ...
New Rilide Stealer Version Targets Banking Data and Works Around Google Chrome Manifest V3
August 03, 2023 | Pawel Knapczyk, Wojciech Cieslak
Trustwave SpiderLabs discovered a new version of the Rilide Stealer extension ...
Honeypot Recon: New Variant of SkidMap Targeting Redis
July 30, 2023 | Radoslaw Zdonczyk
Intro Since Redis is becoming increasingly popular around the world, we decided ...
Healthcare Threat Landscape 2022-2023: Common TTPs Used by Top Ransomware Groups Targeting the Healthcare Sector
July 27, 2023 | Serhii Melnyk , Greg Monson
The healthcare sector has been under constant threat from cybercriminals due to ...
ModSecurity v3: DoS Vulnerability in Four Transformations (CVE-2023-38285)
July 25, 2023 | SpiderLabs Researcher
ModSecurity is an open-source Web Application Firewall (WAF) engine maintained ...
Cybersecurity in the Healthcare Industry: Trustwave SpiderLabs Report
July 13, 2023 | SpiderLabs Researcher
In their latest report titled "Cybersecurity in the Healthcare Industry: ...
It’s Raining Phish and Scams – How Cloudflare Pages.dev and Workers.dev Domains Get Abused
July 11, 2023 | Karla Agregado
As they say, when it rains, it pours. Recently, we observed more than 3,000 ...
Honeypot Recon: Enterprise Applications Honeypot - Unveiling Findings from Six Worldwide Locations
July 05, 2023 | Pawel Knapczyk, Wojciech Cieslak
To obtain a better perspective of attacks worldwide, Trustwave has implemented ...
SNAPPY: Detecting Rogue and Fake 802.11 Wireless Access Points Through Fingerprinting Beacon Management Frames
June 27, 2023 | Tom Neaves
Honeypot Recon: MSSQL Server – Database Threat Overview '22/'23
June 20, 2023 | Radoslaw Zdonczyk, Mariusz Siedlecki
Introduction In a constantly connected world, protecting sensitive data in what ...
Brute-forcing ButterflyMX Virtual Keys and Hacking Time Limits
June 15, 2023 | Robert Foggia
Recently, I discovered two vulnerabilities in the ButterflyMX system which were ...
KillNet, Anonymous Sudan, and REvil Unveil Plans for Attacks on US and European Banking Systems
June 15, 2023 | SpiderLabs Researcher
In a recent development, Russian hackers have declared their intention to ...