The Price Cybercriminals Charge for Stolen Data

For the price of a Starbuck’s Caramel Frappuccino Grande and a cheese Danish, about $8, a ...

Read More

IPFS: The New Hotbed of Phishing

A few months ago, we reported on an interesting site called the Chameleon Phishing Page. These ...

Read More

Want To Become A Red Teamer? This Is What You Need To Know

Everyone loves buzz words, no? Red team is the newest (well... not that new) coolest thing on the ...

Read More

Decade Retrospective: The State of Vulnerabilities

Decade Retrospective: The State of Vulnerabilities The Spanish philosopher George Santayana is ...

Read More

CVE-2022-29593- Authentication Bypass by Capture Replay (Dingtian-DT-R002)

In the OT space it is increasingly common to see devices that are used to bridge the gap between ...

Read More

Interactive Phishing Mark II: Messenger Chatbot Leveraged in a New Facebook-Themed Spam

Facebook Messenger is one of the most popular messaging platforms in the world, amassing 988 ...

Read More

The Importance of White-Box Testing: A Dive into CVE-2022-21662

I want to take some time to explain the importance of using a white-box approach when testing ...

Read More

ModBus 101: One Protocol to Rule the OT World

Ever wondered how large-scale power plants monitor or control the myriad of systems that fill their ...

Read More

Trustwave's Action Response: More MSDT Fallout with “Dogwalk”

A zero-day vulnerability has been re-disclosed that is very similar to the Follina zero-day ...

Read More

Not all "Internet Connections" are Equal

People commonly think that any “Internet Connection” is exactly the same, or they may be vaguely ...

Read More

Trustwave's Action Response: Microsoft zero-day CVE-2022-30190 (aka Follina)

Update June 7 - In the event of a compromise related to the Follina vulnerability, IT teams can ...

Read More

Trustwave's Action Response: Atlassian Confluence CVE-2022-26134

Updated June 5 - Atlassian issued a fix for CVE-2022-30190 for versions 7.4.17, 7.13.7, 7.14.3, ...

Read More

Grandoreiro Banking Malware Resurfaces for Tax Season

Trustwave SpiderLabs in early April observed a Grandoreiro malware campaign targeting bank users ...

Read More

Interactive Phishing: Using Chatbot-like Web Applications to Harvest Information

Phishing website links are commonly delivered via email to their respective targets. Once clicked, ...

Read More

PwnFox - An IDOR Hunter's Best Friend

Maybe I’m a bit late to the game on this one, but I recently discovered PwnFox and it has quickly ...

Read More

Trustwave’s Action Response: F5 BIG-IP Vulnerability (CVE-2022-1388)

Trustwave SpiderLabs is tracking a new critical-rated vulnerability (CVE-2022-1388) affecting F5 ...

Read More

Stormous: The Pro-Russian, Clout Hungry Ransomware Gang Targets the US and Ukraine

May 2 Stormous update: The Trustwave SpiderLabs team has noted Stormous’ underground website became ...

Read More

Tough Times for Ukrainian Honeypot?

Intro We've recently been inundated with news of increased cyberattacks and a general increase in ...

Read More

Trustwave’s Action Response: CVE-2022-22965 and CVE-2022-22963

Update 4/1: This blog was updated to reflect the release of IDS and ModSecurity rules.

Read More

Cyber Attackers Leverage Russia-Ukraine Conflict in Multiple Spam Campaigns

The Trustwave SpiderLabs email security team has been monitoring the ongoing Russia-Ukraine crisis ...

Read More

Vidar Malware Launcher Concealed in Help File

Appending a malicious file to an unsuspecting file format is one of the tricks our adversaries use ...

Read More

Trustwave’s Action Response: The Lapsus$ Hacker Group Shows Us the Importance of Securing the Digital Supply Chain

Update March 24: This blog has been updated to reflect the new information provided by vendors ...

Read More

Dissecting a Phishing Campaign with a Captcha-based URL

In today’s environment, much of the population are doing their banking or financial transactions ...

Read More

The Attack of the Chameleon Phishing Page

Recently, we encountered an interesting phishing webpage that caught our interest because it acts ...

Read More

A Simple Guide to Getting CVEs Published

We were once newcomers to the security research field and one of the most annoying problems we ran ...

Read More

Bypassing MFA: A Pentest Case Study

When a company implements multifactor authentication, the organization is usually confident that ...

Read More

Dark Web Insights: Evolving Cyber Tactics Aim to Impact the Russia-Ukraine Conflict

Update: March 9: Additional phishing emails have been sighted by Trustwave SpiderLabs researchers ...

Read More

Trustwave’s Action Response: Russia-Ukraine Crisis – Defending Your Organization From Geopolitical Cybersecurity Threats

Feb. 28 Update: The latest economic sanctions imposed upon Russia could inspire that nation or ...

Read More