-
Email Bombing: Why You Need to be Concerned
Over the last few months, the topic of email bombing has been brought to our attention multiple times, mostly queries from customers that go something like this: Go to Source
-
When User Input Lines Are Blurred: Indirect Prompt Injection Attack Vulnerabilities in AI LLMs
It was a cold and wet Thursday morning, sometime in early 2006. There I was sitting at the very top back row of an awe-inspiring lecture theatre inside Royal Holloway’s Founder’s Building in Egham, Surrey (UK) while studying for my MSc in Information Security. Back then, the lecture in progress was from the software security module. Go…
-
CVE-2024-11477: 7-Zip Flaw Allows Remote Code Execution
On November 20th, 2024, Zero Day Initiative (ZDI) researchers disclosed a critical flaw in 7-Zip. Go to Source
-
Rockstar 2FA Phishing-as-a-Service (PaaS): Noteworthy Email Campaigns
Welcome to the second part of our investigation into the Rockstar kit, please check out part one here. Go to Source
-
Rockstar 2FA: A Driving Force in Phishing-as-a-Service (PaaS)
Trustwave SpiderLabs has been actively monitoring the rise of Phishing-as-a-Service (PaaS) platforms, which are increasingly popular among threat actors. Go to Source
-
Lessons from a Honeypot with US Citizens’ Data
Prior to last week’s US Presidential Election, the Trustwave SpiderLabs team was hard at work investigating potential risks and threats to the election system, from disinformation campaigns to nation-state actors looking to exploit vulnerabilities. Go to Source
-
2024 Trustwave Risk Radar Report: Cyber Threats to the Retail Sector
As the holiday shopping season approaches, the 2024 Trustwave Risk Radar Report: Retail Sector reveals that cybercriminals have sharpened their tactics, utilizing ransomware and phishing attacks that exploit well-known online brands to target retailers and consumers directly. Go to Source
-
Hooked by the Call: A Deep Dive into The Tricks Used in Callback Phishing Emails
Introduction Previously, Trustwave SpiderLabs covered a massive fake order spam scheme that impersonated a tech support company and propagated via Google Groups. Since then, we have observed more spam campaigns using this hybrid form of cyberattack with varying tactics, techniques, and procedures (TTP). Between July and September, we witnessed a 140% increase in these spam campaigns. In…
-
How Threat Actors Conduct Election Interference Operations: An Overview
The major headlines that arose from the three most recent US presidential election cycles illuminated the various fragilities of American election infrastructures and systems. Go to Source
-
Feline Hackers Among Us? (A Deep Dive and Simulation of the Meow Attack)
Introduction In the perpetually evolving field of cybersecurity, new threats materialize daily. Attackers are on the prowl for weaknesses in infrastructure and software like a cat eyeing its helpless prey. Go to Source