Rockstar 2FA: A Driving Force in Phishing-as-a-Service (PaaS)
November 26, 2024 | Diana Solomon and John Kevin Adriano
Trustwave SpiderLabs has been actively monitoring the rise of ...
The Mounted Guest EDR Bypass
November 11, 2024 | Colin Meek
The Mounted Guest EDR Bypass is a tactic used in cyber attacks to evade ...
Hooked by the Call: A Deep Dive into The Tricks Used in Callback Phishing Emails
October 21, 2024 | Katrina Udquin
Introduction Previously, Trustwave SpiderLabs covered a massive fake order spam ...
How Threat Actors Conduct Election Interference Operations: An Overview
October 18, 2024 | Pauline Bolaños
The major headlines that arose from the three most recent US presidential ...
Feline Hackers Among Us? (A Deep Dive and Simulation of the Meow Attack)
October 17, 2024 | Karl Biron
Introduction In the perpetually evolving field of cybersecurity, new threats ...
Pronsis Loader: A JPHP-Driven Malware Diverging from D3F@ck Loader
October 08, 2024 | Cris Tomboc and King Orande
Trustwave's Threat Intelligence team has discovered a new malware dubbed ...
What We Know So Far About Zero-Day CUPS Vulnerabilities: CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177
September 30, 2024
On September 26, 2024, security researcher Simone Margaritellidisclosed the ...
HTML Smuggling: How Blob URLs are Abused to Deliver Phishing Content
September 24, 2024 | Mike Casayuran
HTML smuggling techniques have been around for quite some time. A previous ...
Why Do Criminals Love Phishing-as-a-Service Platforms?
September 23, 2024 | Rodel Mendrez
Phishing-as-a-Service (PaaS) platforms have become the go-to tool for ...
Spam With A Political Twist: Fraudsters Are Exploiting The Election Season
September 17, 2024 | Katrina Udquin
The US election is less than 70 days away and threat actors are busy crafting ...
Bypassing EDR through Retrosigned Drivers and System Time Manipulation
September 13, 2024 | Zachary Reichert
The Retrosigned Driver EDR Bypass is a novel modification of a technique ...
Distributed Denial of Truth (DDoT): The Mechanics of Influence Operations and The Weaponization of Social Media
September 13, 2024 | Jose Tozo
With the US election on the horizon, it’s a good time to explore the concept of ...
DNSForge – Responding with Force
September 09, 2024 | Apurva Goenka
Introducing DNSForge, a novel attacker tactic for responding to name resolution ...
Exposed and Encrypted: Inside a Mallox Ransomware Attack
August 27, 2024 | Bernard Bautista
Recently, a client enlisted the support of Trustwave to investigate an ...
Facebook Malvertising Epidemic – Unraveling a Persistent Threat: SYS01
July 15, 2024
The Trustwave SpiderLabs Threat Intelligence team's ongoing study into how ...
Search & Spoof: Abuse of Windows Search to Redirect to Malware
June 11, 2024 | Bernard Bautista
LevelBlue SpiderLabs has detected a sophisticated malware campaign that ...
Fake Advanced IP Scanner Installer Delivers Dangerous CobaltStrike Backdoor
June 05, 2024 | Rodel Mendrez
During a recent client investigation, Trustwave SpiderLabs found a malicious ...
Fake Dialog Boxes to Make Malware More Convincing
April 17, 2024 | Ram Prakash
Let’s explore how SpiderLabs created and incorporated user prompts, ...
CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway
April 12, 2024
UPDATE: Palo Alto Networks confirmed on Tuesday (4/16) that disabling device ...
DUALITY: Advanced Red Team Persistence Through Self-Reinfecting DLL Backdoors for Unyielding Control
February 12, 2024 | Faisal Tameesh
This blog post introduces the concept of DUALITY, which is a methodology and ...
Dissection Of Makop Ransomware Group
February 05, 2024 | Aishwarya Desai
This blog post outlines attack patterns identified across Makop ransomware ...
AsyncRAT loader: Obfuscation, DGAs, decoys and Govno
January 05, 2024 | Fernando Martinez
Executive summary LevlBlue Labs has identified a campaign to deliver AsyncRAT ...
Detecting “Effluence”, An Unauthenticated Confluence Web Shell
November 09, 2023 | Zachary Reichert
Discovering Effluence, a unique web shell accessible on every page of an ...
A SIMple Attack: A Look into Recent SIM Swap Attack Trends
October 14, 2023 | Natasha Vij and Victoria Nyktas
Stroz Friedberg has observed an uptick in SIM swapping across multiple ...
Financially Motivated Criminal Group Targets Telecom, Technology & Manufacturing
September 20, 2023 | Stroz Friedberg DFIR
This client advisory provides an overview of techniques and tactics attributed ...
The Evolution of Phishing Campaigns
September 11, 2023 | Rachel Kang
In 2022, phishing was responsible for more than half of the incidents ...
Cybersecurity in the Healthcare Industry: Trustwave SpiderLabs Report
July 13, 2023 | SpiderLabs Researcher
In their latest report titled "Cybersecurity in the Healthcare Industry: ...
Bypassing MFA: A Forensic Look at Evilginx2 Phishing Kit
February 10, 2023 | Carly Battaile
Recently, Stroz Friedberg Incident Response Services encountered an increase in ...