A zero-day vulnerability has been re-disclosed that is very similar to the Follina zero-day announced last week and is actively being tracked by Trustwave SpiderLabs. The vulnerability was initially publicly disclosed back in 2020 but dismissed by Microsoft, which replied at the time: "We are also always seeking to improve these protections.

People commonly think that any “Internet Connection” is exactly the same, or they may be vaguely aware that some connections are faster than others. However, there are significant differences between the connections. While these differences may not matter to someone who just wants to browse websites and read email, they can be significant or even showstoppers for more advanced users or s. This is especially true for anyone looking to do security testing or vulnerability scanning.

Trustwave SpiderLabs is tracking the critical-rated zero-day vulnerability CVE-2022-26134. Threat actors are reported to be actively exploiting this vulnerability in the wild. Atlassian disclosed and issued guidance for CVE-2022-26134 on June 2. Trustwave is diligently watching over our clients for exposure and associated attacks and working closely with our clients to ensure that mitigations are in place.

Trustwave SpiderLabs is tracking the critical-rated zero-day vulnerability CVE-2022-30190. Threat actors are reported to be actively exploiting this vulnerability in the wild. Microsoft disclosed and issued guidance for CVE-2022-30190 on May 30. Trustwave is diligently watching over our clients for exposure and associated attacks and working closely with our clients to ensure that mitigations are in place.

2022 has been busy in the cyber world. While there were signals in 2021 with the increased in activity in threat actors targeting OT environments with ransomware, the conflict in Ukraine prompted many businesses to press harder in asking more questions about their own resilience with operational technologies (OT) and supply chain infrastructure.

SC Media and SC Media Europe have named Trustwave as a finalist for several awards to be announced this summer. SC Media Europe has shortlisted two Trustwave products as finalists: SC Media will announce winners on Aug. 22 and SC Media Europe will announce winners on June 21. SC Media, which represents the U.S. branch of the cybersecurity publisher, has named Trustwave DbProtect as a finalist in the Best Database Security Solution category.

Trustwave SpiderLabs in early April observed a Grandoreiro malware campaign targeting bank users from Brazil, Spain, and Mexico. The campaign exploits the tax season in target countries by sending out tax-themed phishing emails. Grandoreiro was first detected in 2016 is one of the largest banking trojan families developed to strike targets Latin America.

Phishing website links are commonly delivered via email to their respective targets. Once clicked, these websites often show a single webpage that outright asks for sensitive information like account login credentials, credit card details, and other personally identifiable information (PII). Recently, we have encountered an interesting phishing website containing an interactive component in it: a chatbot.

Most organizations employ mobile computing, which utilizes wireless communications for staff members to perform day-to-day tasks with more ease. While some organizations have deployed enterprise security standards on their wireless networks, Trustwave SpiderLabs has observed some organizations deviating from security best practices when it comes to managing a wireless environment leaving these wireless networks as low-hanging fruit for attackers to abuse.

The Russian invasion of Ukraine has heightened government and business awareness around the reality that nation-state cyber threats pose. To cover all the implications of the threat posed by nation-state actors and the groups they sponsor, we sat down with Gary De Mercurio, VP, Global Practice Lead, Trustwave SpiderLabs.