Want To Become A Red Teamer? This Is What You Need To Know
July 25, 2022 | Idan Ron
Everyone loves buzz words, no? Red team is the newest (well... not that new) ...
Decade Retrospective: The State of Vulnerabilities
July 18, 2022 | Shrijin Srinivasan Alex Rothacker
Decade Retrospective: The State of Vulnerabilities The Spanish philosopher ...
CVE-2022-29593- Authentication Bypass by Capture Replay (Dingtian-DT-R002)
July 06, 2022 | Victor Hanna
In the OT space it is increasingly common to see devices that are used to ...
Command Injection and Buffer Overflow in Multiple Sharp NEC Displays
July 06, 2022 | Howard McGreehan
CVE-2021-20698, CVE-2021-20699: Command Injection and Buffer Overflow ...
Interactive Phishing Mark II: Messenger Chatbot Leveraged in a New Facebook-Themed Spam
June 28, 2022 | Katrina Udquin
Facebook Messenger is one of the most popular messaging platforms in the world, ...
The Importance of White-Box Testing: A Dive into CVE-2022-21662
June 17, 2022 | Adeeb Shah
I want to take some time to explain the importance of using a white-box ...
ModBus 101: One Protocol to Rule the OT World
June 10, 2022 | Victor Hanna
Ever wondered how large-scale power plants monitor or control the myriad of ...
Trustwave's Action Response: More MSDT Fallout with “Dogwalk”
June 09, 2022 | SpiderLabs Researcher
A zero-day vulnerability has been re-disclosed that is very similar to the ...
Not all "Internet Connections" are Equal
June 08, 2022 | John Anderson
People commonly think that any “Internet Connection” is exactly the same, or ...
Command Injection in Multiple Snap One Araknis Networks Products
June 07, 2022 | Howard McGreehan
CVE-2021-40144, CVE-2021-40844, CVE-2021-42661: Command Injection ...
Trustwave's Action Response: Atlassian Confluence CVE-2022-26134
June 03, 2022 | SpiderLabs Researcher
Updated June 5 - Atlassian issued a fix for CVE-2022-30190 for versions 7.4.17, ...
Trustwave's Action Response: Microsoft zero-day CVE-2022-30190 (aka Follina)
June 03, 2022 | SpiderLabs Researcher
Update June 7 - In the event of a compromise related to the Follina ...
Grandoreiro Banking Malware Resurfaces for Tax Season
May 26, 2022 | Bernard Bautista
LevelBlue SpiderLabs in early April observed a Grandoreiro malware campaign ...
Rapidly evolving IoT malware EnemyBot now targeting Content Management System servers and Android devices
May 26, 2022 | Ofer Caspi
Executive summary LevelBlue Labs™ has been tracking a new IoT botnet dubbed ...
Interactive Phishing: Using Chatbot-like Web Applications to Harvest Information
May 19, 2022 | Adrian Perez
Phishing website links are commonly delivered via email to their respective ...
PwnFox - An IDOR Hunter's Best Friend
May 13, 2022 | Adeeb Shah
Maybe I’m a bit late to the game on this one, but I recently discovered PwnFox ...
Trustwave’s Action Response: F5 BIG-IP Vulnerability (CVE-2022-1388)
May 11, 2022 | SpiderLabs Researcher
Trustwave SpiderLabs is tracking a new critical-rated vulnerability ...
Analysis on recent wiper attacks: examples and how wiper malware works
May 02, 2022 | Fernando Martinez
Executive summary 2022 has experienced an increase in the number of wiper ...
Stormous: The Pro-Russian, Clout Hungry Ransomware Gang Targets the US and Ukraine
April 29, 2022 | Trustwave SpiderLabs
May 2 Stormous update: The Trustwave SpiderLabs team has noted Stormous’ ...
Tough Times for Ukrainian Honeypot?
April 15, 2022 | Radoslaw Zdonczyk
Intro We've recently been inundated with news of increased cyberattacks and a ...
Java Spring vulnerabilities
April 07, 2022 | Fernando Martinez
This blog was written jointly with Eduardo Ocete. Executive summary Several ...
Trustwave’s Action Response: CVE-2022-22965 and CVE-2022-22963
March 31, 2022 | SpiderLabs Researcher
Update 4/1: This blog was updated to reflect the release of IDS and ModSecurity ...
Cyber Attackers Leverage Russia-Ukraine Conflict in Multiple Spam Campaigns
March 25, 2022 | Trustwave SpiderLabs
The Trustwave SpiderLabs email security team has been monitoring the ongoing ...
Vidar Malware Launcher Concealed in Help File
March 24, 2022 | Diana Lopera
Appending a malicious file to an unsuspecting file format is one of the tricks ...
Trustwave’s Action Response: The Lapsus$ Hacker Group Shows Us the Importance of Securing the Digital Supply Chain
March 23, 2022 | Trustwave SpiderLabs
Update March 24: This blog has been updated to reflect the new information ...
Dissecting a Phishing Campaign with a Captcha-based URL
March 22, 2022 | Karla Agregado
In today’s environment, much of the population are doing their banking or ...
The Attack of the Chameleon Phishing Page
March 16, 2022 | Homer Pacag
Recently, we encountered an interesting phishing webpage that caught our ...
A Simple Guide to Getting CVEs Published
March 14, 2022 | Adeeb Shah Bobby Cooke
We were once newcomers to the security research field and one of the most ...