Crypto miners’ latest techniques
August 29, 2022 | Fernando Martinez
Executive summary Crypto miners are determined in their objective of mining in ...
2022 Trustwave SpiderLabs Telemetry Report
August 24, 2022 | Jason Villaluna
As organizations go about their regular routine of finding and adding new ...
Oracle SBC: Multiple Security Vulnerabilities Leading to Unauthorized Access and Denial of Service
August 23, 2022 | Harold Zang
Oracle Communications Session Border Controller (SBC) is one of the most ...
Overview of the Cyber Weapons Used in the Ukraine - Russia War
August 18, 2022 | Pawel Knapczyk
Observing the ongoing conflict between Russia and Ukraine, we can clearly see ...
The Price Cybercriminals Charge for Stolen Data
August 03, 2022 | Trustwave SpiderLabs
For the price of a Starbuck’s Caramel Frappuccino Grande and a cheese Danish, ...
IPFS: The New Hotbed of Phishing
July 28, 2022 | Karla Agregado, Katrina Udquin
A few months ago, we reported on an interesting site called the Chameleon ...
Want To Become A Red Teamer? This Is What You Need To Know
July 25, 2022 | Idan Ron
Everyone loves buzz words, no? Red team is the newest (well... not that new) ...
Decade Retrospective: The State of Vulnerabilities
July 18, 2022 | Shrijin Srinivasan Alex Rothacker
Decade Retrospective: The State of Vulnerabilities The Spanish philosopher ...
CVE-2022-29593- Authentication Bypass by Capture Replay (Dingtian-DT-R002)
July 06, 2022 | Victor Hanna
In the OT space it is increasingly common to see devices that are used to ...
Command Injection and Buffer Overflow in Multiple Sharp NEC Displays
July 06, 2022 | Howard McGreehan
CVE-2021-20698, CVE-2021-20699: Command Injection and Buffer Overflow ...
Interactive Phishing Mark II: Messenger Chatbot Leveraged in a New Facebook-Themed Spam
June 28, 2022 | Katrina Udquin
Facebook Messenger is one of the most popular messaging platforms in the world, ...
The Importance of White-Box Testing: A Dive into CVE-2022-21662
June 17, 2022 | Adeeb Shah
I want to take some time to explain the importance of using a white-box ...
ModBus 101: One Protocol to Rule the OT World
June 10, 2022 | Victor Hanna
Ever wondered how large-scale power plants monitor or control the myriad of ...
Trustwave's Action Response: More MSDT Fallout with “Dogwalk”
June 09, 2022 | SpiderLabs Researcher
A zero-day vulnerability has been re-disclosed that is very similar to the ...
Not all "Internet Connections" are Equal
June 08, 2022 | John Anderson
People commonly think that any “Internet Connection” is exactly the same, or ...
Command Injection in Multiple Snap One Araknis Networks Products
June 07, 2022 | Howard McGreehan
CVE-2021-40144, CVE-2021-40844, CVE-2021-42661: Command Injection ...
Trustwave's Action Response: Atlassian Confluence CVE-2022-26134
June 03, 2022 | SpiderLabs Researcher
Updated June 5 - Atlassian issued a fix for CVE-2022-30190 for versions 7.4.17, ...
Trustwave's Action Response: Microsoft zero-day CVE-2022-30190 (aka Follina)
June 03, 2022 | SpiderLabs Researcher
Update June 7 - In the event of a compromise related to the Follina ...
Grandoreiro Banking Malware Resurfaces for Tax Season
May 26, 2022 | Bernard Bautista
LevelBlue SpiderLabs in early April observed a Grandoreiro malware campaign ...
Rapidly evolving IoT malware EnemyBot now targeting Content Management System servers and Android devices
May 26, 2022 | Ofer Caspi
Executive summary LevelBlue Labs™ has been tracking a new IoT botnet dubbed ...
Interactive Phishing: Using Chatbot-like Web Applications to Harvest Information
May 19, 2022 | Adrian Perez
Phishing website links are commonly delivered via email to their respective ...
PwnFox - An IDOR Hunter's Best Friend
May 13, 2022 | Adeeb Shah
Maybe I’m a bit late to the game on this one, but I recently discovered PwnFox ...
Trustwave’s Action Response: F5 BIG-IP Vulnerability (CVE-2022-1388)
May 11, 2022 | SpiderLabs Researcher
Trustwave SpiderLabs is tracking a new critical-rated vulnerability ...
Analysis on recent wiper attacks: examples and how wiper malware works
May 02, 2022 | Fernando Martinez
Executive summary 2022 has experienced an increase in the number of wiper ...
Stormous: The Pro-Russian, Clout Hungry Ransomware Gang Targets the US and Ukraine
April 29, 2022 | Trustwave SpiderLabs
May 2 Stormous update: The Trustwave SpiderLabs team has noted Stormous’ ...
Tough Times for Ukrainian Honeypot?
April 15, 2022 | Radoslaw Zdonczyk
Intro We've recently been inundated with news of increased cyberattacks and a ...
Java Spring vulnerabilities
April 07, 2022 | Fernando Martinez
This blog was written jointly with Eduardo Ocete. Executive summary Several ...
Trustwave’s Action Response: CVE-2022-22965 and CVE-2022-22963
March 31, 2022 | SpiderLabs Researcher
Update 4/1: This blog was updated to reflect the release of IDS and ModSecurity ...