Bypassing MFA: A Pentest Case Study
March 11, 2022 | Adeeb Shah
When a company implements multifactor authentication, the organization is ...
Dark Web Insights: Evolving Cyber Tactics Aim to Impact the Russia-Ukraine Conflict
March 03, 2022 | Ziv Mador
Update: March 9: Additional phishing emails have been sighted by Trustwave ...
Yours Truly, Signed AV Driver: Weaponizing an Antivirus Driver
February 26, 2022 | Eduardo Mattos and Rob Homewood
In 2021, Stroz Friedberg observed novel indicators of compromise (IOCs) and a ...
BlackCat ransomware
February 25, 2022 | Santiago Cortes
LevelBlue Labs™ is writing this report about recently created ransomware ...
Trustwave’s Action Response: Russia-Ukraine Crisis – Defending Your Organization From Geopolitical Cybersecurity Threats
February 24, 2022 | SpiderLabs Researcher
Feb. 28 Update: The latest economic sanctions imposed upon Russia could inspire ...
Microsoft 365: Identifying Mailbox Access
February 08, 2022 | Rachel Kang
Stroz Friedberg's testing and investigations into incidents in Microsoft’s ...
From Stored XSS to Code Execution using SocEng, BeEF and elFinder CVE-2021-45919
February 08, 2022 | John Jackson
Summary A stored cross-site scripting vulnerability, tracked as CVE-2021-45919, ...
ServiceNow - Username Enumeration Vulnerability (CVE-2021-45901)
February 04, 2022 | Victor Hanna
During a recent engagement Trustwave SpiderLabs discovered a vulnerability ...
CVE-2020-0696 - Microsoft Outlook Security Feature Bypass Vulnerability
January 27, 2022 | Reegun Jayapaul
Summary: During an investigation of a malware campaign, I discovered that ...
Trustwave Action Response: Polkit Privilege Escalation Vulnerability - PwnKit (CVE-2021-4034)
January 26, 2022 | SpiderLabs Researcher
Summary of Trustwave Actions (updated 1/26/2022): Trustwave security and ...
BotenaGo strikes again - malware source code uploaded to GitHub
January 26, 2022 | Ofer Caspi
Executive summary In November 2021, LevelBlue Labs™ first published research on ...
LevelBlue Threat Hunting Guide: Identifying PwnKit (CVE-2021-4034) Exploitation
January 26, 2022 | Reegun Jayapaul
The Trustwave Threat Hunting team has authored a practical guide to help the ...
Dark Web Recon: Cybercriminals Fear More Law Enforcement Action in the Wake of the REvil Takedown
January 21, 2022 | Ziv Mador
In the wake of the takedown of the REvil/Sodinokibi ransomware gang by the ...
Decrypting Qakbot’s Encrypted Registry Keys
January 13, 2022 | Lloyd Macrohon, Rodel Mendrez
Since the return of the Qakbot Trojan in early September 2021, especially ...
COVID-19 Phishing Lure to Steal and Mine Cryptocurrency
December 23, 2021 | Bernard Bautista
Recently, we observed a malware spam campaign leveraging the current COVID-19 ...
Holiday shopping? Get an amazing 75% discount offer? A case study on evaluating a special holiday sale
December 23, 2021 | Ofer Caspi
Executive summary Malicious actors always try to be creative and find new ways ...
Global outbreak of Log4Shell
December 16, 2021 | Santiago Cortes
Executive summary Log4Shell is a high severity vulnerability (CVE-2021-44228) ...
Trustwave's Action Response: Multiple Log4j Zero-Day Vulnerabilities
December 10, 2021 | SpiderLabs Researcher
Updates: Dec. 29: Updated to cover three additional CVEs: CVE-2021-4104, ...
Law Enforcement Collaboration Has Eastern-European Cybercriminals Questioning Whether There Is A Safe Haven Anymore
December 08, 2021 | Trustwave SpiderLabs
Through the active Dark Web research that Trustwave SpiderLabs conducts for its ...
ModSecurity DoS Vulnerability in JSON Parsing (CVE-2021-42717)
November 24, 2021 | Trustwave SpiderLabs
ModSecurity is an open-source WAF engine maintained by Trustwave. This blog ...
LevelBlue Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits
November 11, 2021 | Ofer Caspi
Executive summary LevelBlue Labs™ has found new malware written in the open ...
CrypKey License Service Allows Privilege Escalation
November 04, 2021 | Martin Rakhmanov
Overview CrypKey (https://www.crypkey.com/) is a third-party licensing service ...
Introducing D-Modem: A software SIP modem
October 29, 2021 | Dan Bastone
Connect to dialup modems over VoIP using SIP, no modem hardware required.
Code similarity analysis with r2diaphora
October 27, 2021 | Fernando Dominguez
Executive summary Binary diffing, a technique for comparing binaries, can be a ...
CVE-2021-1825: Inadequate Input Encoding in WebKit
October 25, 2021 | Alex Camboe
In August 2020, Aon discovered and reported to Apple an issue relating to the ...
BlackByte Ransomware – Pt. 1 In-depth Analysis
October 15, 2021 | Rodel Mendrez, Lloyd Macrohon
Please click here for Part 2
BlackByte Ransomware – Pt 2. Code Obfuscation Analysis
October 15, 2021 | Rodel Mendrez, Lloyd Macrohon
In Part 1 of our BlackByte ransomware analysis, we covered the execution flow ...
A Handshake with MySQL Bots
October 14, 2021 | Radoslaw Zdonczyk
Edge Services It’s well known that we just don’t put services or devices on the ...