From Response To Request, Adding Your Own Variables Inside Of GraphQL Queries For Account Take Over
May 23, 2023 | Tom Neaves
For those wondering what GraphQL is…
When User Impersonation Features In Applications Go Bad
May 18, 2023 | Tom Neaves
A user impersonation feature typically allows a privileged user, such as an ...
Abusing Time-Of-Check Time-Of-Use (TOCTOU) Race Condition Vulnerabilities in Games, Harry Potter Style
May 16, 2023 | Tom Neaves
I feel I need to clarify, for legal reasons, that this is nothing to do with ...
Rendezvous with a Chatbot: Chaining Contextual Risk Vulnerabilities
May 11, 2023 | Abeer Banerjee
Ignoring the little stuff is never a good idea. Anyone who has pretended that ...
Why It’s Important to Change Default Credentials
May 03, 2023 | Dhervesh Singh
Security best practice guidelines always call for changing default passwords as ...
Dissecting Buffer Overflow Attacks in MongoDB
April 19, 2023 | Bilal Siddiqui
Towards the end of 2020, a new vulnerability in MongoDB was found and ...
CVE-2023-29383: Abusing Linux chfn to Misrepresent /etc/passwd
April 13, 2023 | Tom Neaves
A little bit of background for those not familiar with chfn…
Deobfuscating the Recent Emotet Epoch 4 Macro
April 04, 2023 | Rodel Mendrez, Joshua Deacon
In early March, one of the notorious botnets, Emotet, resumed its spamming ...
Rilide: A New Malicious Browser Extension for Stealing Cryptocurrencies
April 04, 2023 | Pawel Knapczyk, Wojciech Cieslak
Trustwave SpiderLabs uncovered a new strain of malware that it dubbed Rilide, ...
Trustwave Action Response: Supply Chain Attack Using 3CX PABX Software
March 31, 2023 | Karl Sigler
Overview On March 29, a massive supply chain compromise in 3CX software ...
Anonymous Sudan: Religious Hacktivists or Russian Front Group?
March 30, 2023 | SpiderLabs Researcher
The Trustwave SpiderLabs research team has been tracking a new threat group ...
2023 Tax Scam Emails Exposed: Unmasking Deceptive Trends
March 29, 2023 | Admin
Tax season is a busy time of year for taxpayers and threat actors. Consumers ...
ChatGPT: The Right Tool for the Job?
March 23, 2023 | Dustin Dugal Jose Tozo
Since it was first released to the public late last year, ChatGPT has ...
BlackGuard stealer extends its capabilities in new variant
March 23, 2023 | Ofer Caspi
LevelBlue Labs researchers have discovered a new variant of BlackGuard stealer ...
OneNote Spear-Phishing Campaign
March 09, 2023 | Reegun Jayapaul
Trustwave SpiderLabs “noted” in Part 1 and Part 2 of our OneNote research that ...
A Noteworthy Threat: How Cybercriminals are Abusing OneNote – Part 1
March 08, 2023 | Bernard Bautista
Introduction Threat actors are taking advantage of Microsoft OneNote's ability ...
A Noteworthy Threat: How Cybercriminals are Abusing OneNote – Part 2
March 08, 2023 | Bernard Bautista
In part one, we examined how threat actors abuse a OneNote document to install ...
Network Map NMAP Meets ChatGPT
February 16, 2023 | Dhervesh Singh
We’ve now seen a number of different use cases for ChatGPT from marketing, ...
Money Lover App Vulnerability Exposes Personal Info
February 07, 2023 | Troy Driver
An information disclosure vulnerability has been identified in Money Lover, a ...
Vulnerability Causing Deletion of All Users in CrushFTP Admin Area
February 02, 2023 | Jean Calvin Mugabo
During a recent penetration test, Trustwave SpiderLabs researchers discovered a ...
2022 Year in Review: Ransomware
January 05, 2023 | Greg Monson
With 2022 having just ended, let's take a look back at the year in ransomware. ...
ChatGPT: Emerging AI Threat Landscape
December 20, 2022 | Damian Archer
ChatGPT has been available to the public since November 30, 2022. Since then, ...
Meta-Phish: Facebook Infrastructure Used in Phishing Attack Chain
December 15, 2022 | Karla Agregado, Michael Casayuran
Meta has two of the largest social media platforms today, Facebook and ...
Trustwave Action Response: Zero-Day Vulnerability in Citrix ADC (CVE-2022-27518)
December 15, 2022 | SpiderLabs Researcher
On Tuesday, December 13, a joint announcement from the United States NSA and ...
Trojanized OneNote Document Leads to Formbook Malware
December 08, 2022 | Rodel Mendrez, Phil Hay, Diana Lopera
Cybercriminals have long used Microsoft documents to pass along malware and ...
Going Mobile: BEC Attacks Are Moving Beyond Email
December 07, 2022 | Maria Katrina Udquin
Recently, we’ve noticed an increase in user reports of SMS-based Business Email ...
Bypassing 2FA Authentication with Evilginx2
December 01, 2022 | Shrijin Srinivasan
Due to the increasing number of cyberattacks, particularly zero days, ...
‘Tis the Season for Online Shopping and Phishing Scams
December 01, 2022 | SpiderLabs Researcher
The 2022 holiday shopping season is here. Retailers’ discounts are kicking off ...