Patch Tuesday, October 2023
October 10, 2023 | Jeannette Dickens Hale
Halloween is arriving and with it, Trustwave’s return to Patch Tuesday reports.
Amazon (AWS) S3 Bucket Take Over
September 27, 2023 | Medz Barao
Let’s try something a bit different and take a look at some of Trustwave ...
Multiple Command and Control (C2) Frameworks During Red Team Engagements
September 21, 2023 | Philip Pieterse
When conducting Red Team engagements, more than one Command and Control (C2) ...
Stealthy VBA Macro Embedded in PDF-like Header Helps Evade Detection
September 20, 2023 | Rodel Mendrez
In the ever-evolving landscape of malware threats, threat actors are ...
To OSINT and Beyond!
September 13, 2023 | Medz Barao
Open-Source Intelligence (OSINT) can be valuable for an organization and ...
A Bucket of Phish: Attackers Shift Tactics with Cloudflare R2 Public Buckets
September 06, 2023 | Karla Agregado
In our previous blog, we found a lot of phishing and scam URLs abusing ...
Threat-Loaded: Malicious PDFs Never Go Out of Style
August 31, 2023 | Bernard Bautista
Introduction In the realm of cybersecurity, danger hides where we least expect ...
The Evolution of Persistent Threats: From Chernobyl to BlackLotus
August 30, 2023 | Jose Tozo
In this blog post, we will explore how the computer security landscape has ...
Think Before You Scan: The Rise of QR Codes in Phishing
August 29, 2023 | Mike Casayuran
QR Codes, the square images that contain coded information that can be scanned ...
Behind the Invite: The Rise of Google Group Fake Order Fraud Emails
August 25, 2023 | Maria Katrina Udquin and John Kevin Adriano
As the world shifted into remote work and distant learning during the pandemic ...
BEC Trends: Payroll Diversion Dominates and Sneaky Multi-Persona Attacks Emerge
August 24, 2023 | Maria Katrina Udquin
Business Email Compromise (BEC) remains a lucrative threat vector for ...
ProxyNation: The dark nexus between proxy apps and malware
August 16, 2023 | Ofer Caspi
Executive summary LevelBlue Labs researchers recently discovered a massive ...
Gootloader: Why your Legal Document Search May End in Misery
August 10, 2023 | Rodel Mendrez
Introduction Recently, we’ve seen a noticeable surge in malware cases linked to ...
WormGPT and FraudGPT – The Rise of Malicious LLMs
August 08, 2023 | Arthur Erzberger
As technology continues to evolve, there is a growing concern about the ...
Honeypot Recon: New Variant of SkidMap Targeting Redis
July 30, 2023 | Radoslaw Zdonczyk
Intro Since Redis is becoming increasingly popular around the world, we decided ...
ModSecurity v3: DoS Vulnerability in Four Transformations (CVE-2023-38285)
July 25, 2023 | SpiderLabs Researcher
ModSecurity is an open-source Web Application Firewall (WAF) engine maintained ...
Cybersecurity in the Healthcare Industry: Trustwave SpiderLabs Report
July 13, 2023 | SpiderLabs Researcher
In their latest report titled "Cybersecurity in the Healthcare Industry: ...
It’s Raining Phish and Scams – How Cloudflare Pages.dev and Workers.dev Domains Get Abused
July 11, 2023 | Karla Agregado
As they say, when it rains, it pours. Recently, we observed more than 3,000 ...
SNAPPY: Detecting Rogue and Fake 802.11 Wireless Access Points Through Fingerprinting Beacon Management Frames
June 27, 2023 | Tom Neaves
Honeypot Recon: MSSQL Server – Database Threat Overview '22/'23
June 20, 2023 | Radoslaw Zdonczyk, Mariusz Siedlecki
Introduction In a constantly connected world, protecting sensitive data in what ...
Brute-forcing ButterflyMX Virtual Keys and Hacking Time Limits
June 15, 2023 | Robert Foggia
Recently, I discovered two vulnerabilities in the ButterflyMX system which were ...
KillNet, Anonymous Sudan, and REvil Unveil Plans for Attacks on US and European Banking Systems
June 15, 2023 | SpiderLabs Researcher
In a recent development, Russian hackers have declared their intention to ...
Honeypot Recon: Global Database Threat Landscape
June 13, 2023 | Radoslaw Zdonczyk
In today's digital era, the importance of securing databases cannot be ...
Trustwave Action Response: Zero Day Vulnerability in Barracuda Email Security Gateway Appliance (ESG) (CVE-2023-2868)
June 09, 2023 | SpiderLabs Researcher
On May 19, 2023, Barracuda Networks identified a remote command injection ...
From Admin to AdminPlusPlus: Breaking Out of Sandboxed Applications Through Recon, Being Brave and Abusing SSO Domain Account Mappings
June 08, 2023 | Tom Neaves
I've been pentesting applications for nearly two decades now and throughout ...
Trustwave Action Response: Zero Day Exploitation of MOVEit (CVE-2023-34362)
June 02, 2023 | Karl Sigler
Update - June 16, 2023: The second vulnerability mentioned in the June 12 ...
Hunting For Password Reset Tokens By Spraying And Using HTTP Pipelining
May 30, 2023 | Tom Neaves
As is tradition with my blog posts, let’s start off a definition of what HTTP ...
SeroXen RAT for sale
May 30, 2023 | Fernando Martinez
This blog was jointly written with Alejandro Prada and Ofer Caspi.