The Evolution of Persistent Threats: From Chernobyl to BlackLotus
August 30, 2023 | Jose Tozo
In this blog post, we will explore how the computer security landscape has ...
Think Before You Scan: The Rise of QR Codes in Phishing
August 29, 2023 | Mike Casayuran
QR Codes, the square images that contain coded information that can be scanned ...
Behind the Invite: The Rise of Google Group Fake Order Fraud Emails
August 25, 2023 | Maria Katrina Udquin and John Kevin Adriano
As the world shifted into remote work and distant learning during the pandemic ...
BEC Trends: Payroll Diversion Dominates and Sneaky Multi-Persona Attacks Emerge
August 24, 2023 | Maria Katrina Udquin
Business Email Compromise (BEC) remains a lucrative threat vector for ...
ProxyNation: The dark nexus between proxy apps and malware
August 16, 2023 | Ofer Caspi
Executive summary LevelBlue Labs researchers recently discovered a massive ...
Mac systems turned into proxy exit nodes by AdLoad
August 10, 2023 | Fernando Martinez
AdLoad malware is still infecting Mac systems years after its first appearance ...
Gootloader: Why your Legal Document Search May End in Misery
August 10, 2023 | Rodel Mendrez
Introduction Recently, we’ve seen a noticeable surge in malware cases linked to ...
WormGPT and FraudGPT – The Rise of Malicious LLMs
August 08, 2023 | Arthur Erzberger
As technology continues to evolve, there is a growing concern about the ...
New Rilide Stealer Version Targets Banking Data and Works Around Google Chrome Manifest V3
August 03, 2023 | Pawel Knapczyk, Wojciech Cieslak
LevelBlue SpiderLabs discovered a new version of the Rilide Stealer extension ...
DarkGate Keylogger Analysis: masterofnone
August 02, 2023 | Zachary Reichert
Aon’s Stroz Friedberg Incident Response Services encountered a group utilizing ...
Honeypot Recon: New Variant of SkidMap Targeting Redis
July 30, 2023 | Radoslaw Zdonczyk
Intro Since Redis is becoming increasingly popular around the world, we decided ...
Healthcare Threat Landscape 2022-2023: Common TTPs Used by Top Ransomware Groups Targeting the Healthcare Sector
July 27, 2023 | Serhii Melnyk , Greg Monson
The healthcare sector has been under constant threat from cybercriminals due to ...
ModSecurity v3: DoS Vulnerability in Four Transformations (CVE-2023-38285)
July 25, 2023 | SpiderLabs Researcher
ModSecurity is an open-source Web Application Firewall (WAF) engine maintained ...
New Burp Suite Extension: BlazorTrafficProcessor
July 20, 2023 | Will Rabb
Pentesting web applications that use Blazor server comes with unique ...
Cybersecurity in the Healthcare Industry: Trustwave SpiderLabs Report
July 13, 2023 | SpiderLabs Researcher
In their latest report titled "Cybersecurity in the Healthcare Industry: ...
It’s Raining Phish and Scams – How Cloudflare Pages.dev and Workers.dev Domains Get Abused
July 11, 2023 | Karla Agregado
As they say, when it rains, it pours. Recently, we observed more than 3,000 ...
Honeypot Recon: Enterprise Applications Honeypot - Unveiling Findings from Six Worldwide Locations
July 05, 2023 | Pawel Knapczyk, Wojciech Cieslak
To obtain a better perspective of attacks worldwide, LevelBlue has implemented ...
SNAPPY: Detecting Rogue and Fake 802.11 Wireless Access Points Through Fingerprinting Beacon Management Frames
June 27, 2023 | Tom Neaves
Honeypot Recon: MSSQL Server – Database Threat Overview '22/'23
June 20, 2023 | Radoslaw Zdonczyk, Mariusz Siedlecki
Introduction In a constantly connected world, protecting sensitive data in what ...
Brute-forcing ButterflyMX Virtual Keys and Hacking Time Limits
June 15, 2023 | Robert Foggia
Recently, I discovered two vulnerabilities in the ButterflyMX system which were ...
KillNet, Anonymous Sudan, and REvil Unveil Plans for Attacks on US and European Banking Systems
June 15, 2023 | SpiderLabs Researcher
In a recent development, Russian hackers have declared their intention to ...
Honeypot Recon: Global Database Threat Landscape
June 13, 2023 | Radoslaw Zdonczyk
In today's digital era, the importance of securing databases cannot be ...
Trustwave Action Response: Zero Day Vulnerability in Barracuda Email Security Gateway Appliance (ESG) (CVE-2023-2868)
June 09, 2023 | SpiderLabs Researcher
On May 19, 2023, Barracuda Networks identified a remote command injection ...
From Admin to AdminPlusPlus: Breaking Out of Sandboxed Applications Through Recon, Being Brave and Abusing SSO Domain Account Mappings
June 08, 2023 | Tom Neaves
I've been pentesting applications for nearly two decades now and throughout ...
Trustwave Action Response: Zero Day Exploitation of MOVEit (CVE-2023-34362)
June 02, 2023 | Karl Sigler
Update - June 16, 2023: The second vulnerability mentioned in the June 12 ...
Hunting For Password Reset Tokens By Spraying And Using HTTP Pipelining
May 30, 2023 | Tom Neaves
As is tradition with my blog posts, let’s start off a definition of what HTTP ...
SeroXen RAT for sale
May 30, 2023 | Fernando Martinez
This blog was jointly written with Alejandro Prada and Ofer Caspi.
Analyzing the NTC Vulkan Leak: What it Says About Russia's Cyber Capabilities
May 25, 2023 | Arthur Erzberger
Information disclosed in the leaked NTC Vulkan papers allows us to investigate ...