Fueling Chaos: Hacker Group Grinds 70% of Iran's Gasoline System to a Halt
January 02, 2024 | Arthur Erzberger
The Iranian government has made the claim that a cyber threat group, identified ...
Top 10 SpiderLabs Blog Posts of 2023
December 27, 2023
The Top 10 Trustwave SpiderLabs’ blogs in 2023 reflected the cybersecurity ...
Hunting for Android Privilege Escalation with a 32 Line Fuzzer
December 22, 2023 | Maksymilian Motyl
LevelBlue SpiderLabs tested a couple of Android OS-based mobile devices to ...
Surfing the Tidal Waves of HR-Themed Spam Emails
December 21, 2023 | Katrina Udquin
Threat actors constantly improve their tactics and are always on the hunt for ...
Instagram Phishing Targets Backup Codes
December 20, 2023 | Diana Solomon
Recently, we noticed another strain of Instagram “Copyright Infringement” ...
Behind the scenes: JaskaGO's coordinated strike on macOS and Windows
December 18, 2023 | Ofer Caspi
Executive summary In recent developments, a sophisticated malware stealer ...
Honeypot Recon: MySQL Malware Infection via User-Defined Functions (UDF)
December 14, 2023 | Radek Zdonczyk
In the vast world of cybersecurity, as technologies evolve, so do the methods ...
Trustwave SpiderLabs Report: LockBit 3.0 Ransomware Vs. the Manufacturing Sector
December 06, 2023
As the manufacturing sector continues its digital transformation, Operational ...
Overview of the Cyberwarfare used in Israel – Hamas War
December 05, 2023 | SpiderLabs Researcher
On October 7, 2023, the Palestinian organization Hamas launched the biggest ...
Restricted Admin Mode – Circumventing MFA On RDP Logons
November 15, 2023 | Apurva Goenka
This blog post demonstrates the use of Restricted Admin mode to circumvent MFA ...
The 2023 Retail Services Sector Threat Landscape: A Trustwave Threat Intelligence Briefing
November 15, 2023
The annual holiday shopping season is poised for a surge in spending, a fact ...
Pwning Electroencephalogram (EEG) Medical Devices by Default
November 07, 2023 | John Jackson
Overall Analysis of Vulnerability Identification – Default Credentials Leading ...
Hidden Data Exfiltration Using Time, Literally
October 17, 2023 | Tom Neaves
I was looking at my watch last week and my attention was moved towards the ...
A SIMple Attack: A Look into Recent SIM Swap Attack Trends
October 14, 2023 | Natasha Vij and Victoria Nyktas
Stroz Friedberg has observed an uptick in SIM swapping across multiple ...
Flash Loan Attacks: A Case Study
October 13, 2023 | Eric Rafaloff
This blog post explains how flash loans work, their history, and their role in ...
HTTP/2 Rapid Reset
October 13, 2023 | Medz Barao
A recent vulnerability tracked as Rapid Reset (CVE-2023-44487) in the HTTP/2 ...
Unveiling the CAPTCHA Escape: The Dance of CAPTCHA Evasion Using TOR
October 13, 2023 | Medz Barao
In this era, threat actors have proven to be tireless in their pursuit of ...
2023 Financial Services Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies
October 11, 2023
Cyberattacks striking the financial services industry are more prevalent, ...
Patch Tuesday, October 2023
October 10, 2023 | Jeannette Dickens Hale
Halloween is arriving and with it, Trustwave’s return to Patch Tuesday reports.
Amazon (AWS) S3 Bucket Take Over
September 27, 2023 | Medz Barao
Let’s try something a bit different and take a look at some of Trustwave ...
Multiple Command and Control (C2) Frameworks During Red Team Engagements
September 21, 2023 | Philip Pieterse
When conducting Red Team engagements, more than one Command and Control (C2) ...
Financially Motivated Criminal Group Targets Telecom, Technology & Manufacturing
September 20, 2023 | Stroz Friedberg DFIR
This client advisory provides an overview of techniques and tactics attributed ...
Stealthy VBA Macro Embedded in PDF-like Header Helps Evade Detection
September 20, 2023 | Rodel Mendrez
In the ever-evolving landscape of malware threats, threat actors are ...
To OSINT and Beyond!
September 13, 2023 | Medz Barao
Open-Source Intelligence (OSINT) can be valuable for an organization and ...
The Evolution of Phishing Campaigns
September 11, 2023 | Rachel Kang
In 2022, phishing was responsible for more than half of the incidents ...
LevelBlue SpiderLabs Releases Actionable Cybersecurity Intelligence for the Hospitality Industry
September 07, 2023
The LevelBlue SpiderLabs team conducted a multi-month investigation into the ...
A Bucket of Phish: Attackers Shift Tactics with Cloudflare R2 Public Buckets
September 06, 2023 | Karla Agregado
In our previous blog, we found a lot of phishing and scam URLs abusing ...
Threat-Loaded: Malicious PDFs Never Go Out of Style
August 31, 2023 | Bernard Bautista
Introduction In the realm of cybersecurity, danger hides where we least expect ...