Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

WormGPT and FraudGPT – The Rise of Malicious LLMs

As technology continues to evolve, there is a growing concern about the potential for large language models (LLMs), like ChatGPT, to be used for criminal purposes. In this blog we will discuss two such LLM engines that were made available recently on underground forums, WormGPT and FraudGPT.

Honeypot Recon: New Variant of SkidMap Targeting Redis

Since Redis is becoming increasingly popular around the world, we decided to investigate attacks on the Redis instance. We didn’t have to wait long for the first results of the Honeypot. The trap caught an activity about which the Western world does not hear too often while analyzing SkidMap. More importantly, this variant turned out to be a new, improved, dangerous variation of the malware. Its level of sophistication surprised us quite a bit.

ModSecurity v3: DoS Vulnerability in Four Transformations (CVE-2023-38285)

ModSecurity is an open-source Web Application Firewall (WAF) engine maintained by Trustwave. This blog post discusses an issue with four transformation actions that could enable a Denial of Service (DoS) attack by a malicious actor. The issue has been addressed with fixes in v3.0.10. ModSecurity v2 is not affected.

Cybersecurity in the Healthcare Industry: Trustwave SpiderLabs Report

In their latest report titled "Cybersecurity in the Healthcare Industry: Actionable Intelligence for an Active Threat Landscape," the Trustwave SpiderLabs team reveals the data from a months-long investigation focusing on the cyber threats the healthcare industry is currently grappling with.

Honeypot Recon: MSSQL Server – Database Threat Overview '22/'23

In this article, we'll reveal botnet behavior before and after a successful attack. These bots have one job: to install malicious software that can mine digital coins or create backdoors into systems.

Brute-forcing ButterflyMX Virtual Keys and Hacking Time Limits

Recently, I discovered two vulnerabilities in the ButterflyMX system which were responsibly disclosed to the vendor. The vendor has mitigated the highest-risk vulnerability, which enabled unauthorized attackers to gain access to buildings equipped with the ButterflyMX Access Control System.

KillNet, Anonymous Sudan, and REvil Unveil Plans for Attacks on US and European Banking Systems

Russian hacking collectives KillNet, Anonymous Sudan, and REvil have declared their intention to launch cyberattacks on the European financial system within the next 48 hours. KillNet and Anonymous Sudan are known for DDoS attacks which typically last only a short while; long enough for a screenshot to post on Telegram. REvil, however, has a history of more damaging attacks. While this may not result in any actual attacks, the inclusion of REvil to the KillNet/AnonSudan collective should raise some eyebrows.

Honeypot Recon: Global Database Threat Landscape

In today's digital era, the importance of securing databases cannot be overstated. As more and more global businesses and organizations rely on DBMS systems to store tons of sensitive information, the risk of targeted attacks and data breaches continues to increase.

Trustwave Action Response: Zero Day Exploitation of MOVEit (CVE-2023-34362)

On May 31, threat actors were discovered targeting a critical zero day in MOVEit Transfer software resulting in escalated privileges and unauthorized data access. The vulnerability being exploited is an SQL injection and has since been patched. Resources links, including one for the patch, are at the bottom of this post.

Analyzing the NTC Vulkan Leak: What it Says About Russia's Cyber Capabilities

Information disclosed in the leaked NTC Vulkan papers allows us to investigate the high probability of cooperation between the Russian private software development company and the Russian Ministry of Defense, namely, the GRU (Sandworm), and possibly others

Stay Connected


Sign up to receive the latest security news and trends from Trustwave.

No spam, unsubscribe at any time.

Trending Topics