-
Computer Users Once Again Insist ‘123456’ and ‘password’ are the Pinnacle of Cybersecurity
… At least according to a recent report posted by the password manager firm NordPass. Go to Source
-
Analyzing Salt Typhoon: Telecom Attacker
Unveiling Salt Typhoon: A New Wave in Cyber EspionageDiscover how this advanced Chinese-speaking threat actor targets telecom giants, using sophisticated tools like SparrowDoor and Demodex to breach and exfiltrate sensitive data. The Who, What, and Why of Salt Typhoon’s AttacksGain insights into Salt Typhoon’s history, tactics, and objectives, from their focus on tracking persons of…
-
Trustwave’s 2025 Cybersecurity Predictions: Digital Fatigue and Deepfakes
As we look ahead to 2025, the cybersecurity landscape is poised for significant shifts and challenges. Go to Source
-
When User Input Lines Are Blurred: Indirect Prompt Injection Attack Vulnerabilities in AI LLMs
It was a cold and wet Thursday morning, sometime in early 2006. There I was sitting at the very top back row of an awe-inspiring lecture theatre inside Royal Holloway’s Founder’s Building in Egham, Surrey (UK) while studying for my MSc in Information Security. Back then, the lecture in progress was from the software security module. Go…
-
Email Bombing: Why You Need to be Concerned
Over the last few months, the topic of email bombing has been brought to our attention multiple times, mostly queries from customers that go something like this: Go to Source
-
Rockstar 2FA: A Driving Force in Phishing-as-a-Service (PaaS)
Trustwave SpiderLabs has been actively monitoring the rise of Phishing-as-a-Service (PaaS) platforms, which are increasingly popular among threat actors. Go to Source
-
Rockstar 2FA Phishing-as-a-Service (PaaS): Noteworthy Email Campaigns
Welcome to the second part of our investigation into the Rockstar kit, please check out part one here. Go to Source
-
CVE-2024-11477: 7-Zip Flaw Allows Remote Code Execution
On November 20th, 2024, Zero Day Initiative (ZDI) researchers disclosed a critical flaw in 7-Zip. Go to Source
-
Lessons from a Honeypot with US Citizens’ Data
Prior to last week’s US Presidential Election, the Trustwave SpiderLabs team was hard at work investigating potential risks and threats to the election system, from disinformation campaigns to nation-state actors looking to exploit vulnerabilities. Go to Source
-
Hooked by the Call: A Deep Dive into The Tricks Used in Callback Phishing Emails
Introduction Previously, Trustwave SpiderLabs covered a massive fake order spam scheme that impersonated a tech support company and propagated via Google Groups. Since then, we have observed more spam campaigns using this hybrid form of cyberattack with varying tactics, techniques, and procedures (TTP). Between July and September, we witnessed a 140% increase in these spam campaigns. In…