AttackSurfaceMapper - Automate and Simplify the OSINT Process
August 07, 2019 | Andreas Georgiou
[+] Introduction:
SanDisk SSD Dashboard Vulnerabilities: CVE-2019-13466 & CVE-2019-13467
July 31, 2019 | Martin Rakhmanov
While recently upgrading my laptop with a new Solid State Drive (SSD), I ...
Hiding PHP Code in Image Files Revisited
July 26, 2019 | Rodel Mendrez
Over five years ago, we published a blog detailing how a webshell’s backdoor ...
Breaking Smart [Bank] Statements
July 25, 2019 | Manuel Nader
Context In Mexico, it’s possible to receive your monthly bank statement via ...
HQL Injection Exploitation in MySQL
July 18, 2019 | Olga Barinova
Are you familiar with an HQL injection exploitation? Chances are you’re not. ...
Hardcoded Credentials in Uniguest Kiosk Software Lead to API Compromise
July 11, 2019 | Adrian Pruteanu
If you've traveled at all within North America, you've likely at some point ...
“Sexfavor” Email Scam Delivers Danabot
July 09, 2019 | Diana Lopera
Sextortion has been a widely used theme in spam campaigns since Q1 of 2018. ...
Patch Tuesday, July 2019
July 09, 2019 | Karl Sigler
Patch Tuesday for July is here and after the massive release in June, the 77 ...
Executing Code Using Microsoft Teams Updater
July 08, 2019 | Charles Hamilton
Red Teamers like to hunt for new methods of code execution through “legitimate” ...
UNC Path Injection with Microsoft Access
June 24, 2019 | Stephan Borosh
Introduction Steve Borosh is a Principal Security Consultant for Trustwave and ...
Patch Tuesday, June 2019
June 11, 2019 | Karl Sigler
For June's Patch Tuesday, Microsoft is releasing four advisories and patches ...
Patch Tuesday, May 2019
May 14, 2019 | Karl Sigler
May's Patch Tuesday is here and brings with it patches for 79 CVEs. Twenty-two ...
Reversing Gh0stRAT part 2: the DDOS-ening
May 02, 2019 | James Quinn
This is a guest post James Quinn, a SOC analyst from Binary Defense.
Announcing the 2019 Trustwave Global Security Report
April 25, 2019
Today we released our 2019 Global Security Report. The report is based on the ...
“Don’t Mine Me” – Coinhive
April 22, 2019 | Anat Davidi
What's worse than annoying ads on a website? Crypto Miner on a website!
VAT Return with a Vengeance
April 22, 2019 | Dr. Fahim Abbasi
Scam Overview Her Majesty's Revenue & Customs (HMRC) is the UK department ...
Fake Power and Broadband Utility Bills serve Banking Trojans to Aussies
April 22, 2019 | Dr. Fahim Abbasi
In our previous blog we highlighted how a group of scammers were targeting ...
Unauthenticated Remote Code Execution In Kentico CMS
April 15, 2019 | Manoj Cherukuri
CVE-2019-10068: RCE as Administrator via deserialization vulnerability in ...
Locky Part 1: Lukitus Spam Campaigns and Their Love for Game of Thrones
April 11, 2019 | Nicholas Ramos
Back in August 2017, Trustwave Spiderlabs reported a spam campaign that ...
Authenticated Arbitrary Command Execution on PostgreSQL 9.3 > Latest
April 09, 2019 | Jacob Wilkin
EDIT (9.April.2019): We have applied for a retraction of CVE-2019-9193 ...
Patch Tuesday, April 2019
April 09, 2019 | Karl Sigler
Along with "Spring Showers" up here in the Northern Hemisphere, April also ...
Emotet lives another day using Fake O2 invoice notifications
April 08, 2019 | Dr. Fahim Abbasi
We witnessed a widespread phishing campaign targeting O2 customers, that ...
Spammed PNG file hides LokiBot
April 05, 2019 | Phil Hay, Rodel Mendrez
Contributing authors: Phil Hay, Rodel Mendrez
Fake CIA Sextortion Scam Uses SatoshiBox
April 04, 2019 | Diana Lopera
Another round of sextortion scam emails with a pdf attachment were pushed out ...
Remote Code Execution In BlogEngine.NET
March 28, 2019 | Dustin Cobb
CVE-2019-6714: RCE via path traversal in BlogEngine.NET 3.3.6.0.
The odd case of a Gh0stRAT variant
March 25, 2019 | James Quinn
This is a guest post by independent security researcher James Quinn. This will ...
CVE-2018-19386: Reflected XSS in SolarWinds Database Performance Analyzer
March 21, 2019 | Jacob Wilkin
Just a short post from me today, bringing you a pretty simple Cross-Site ...
BEC Payroll Scam: Your Salary is Mine!
March 13, 2019 | Dr. Fahim Abbasi
Con men have been exploiting human psychology since the dawn of time. Equipped ...