Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

SpiderLabs is among the most well-respected teams in the cybersecurity industry, having gained a reputation for conducting cutting-edge research, plying the foggy corners of the darkweb for information, and detecting and hunting down threats. What is less well known is how Trustwave’s SpiderLabs’ various teams’ function and then pull together to create the formidable force that is the backbone of all of Trustwave’s offerings.

ModSecurity is an open-source web application firewall (WAF) engine maintained by Trustwave. This blog post discusses multiple input interpretation weaknesses in the ModSecurity project. Each input interpretation weakness could allow a malicious actor to evade some ModSecurity rules. Both ModSecurity v2 and ModSecurity v3 were affected. The issues have been addressed in v2.9.6 and v3.0.8, respectively.

Trustwave has been recognized in the IDC MarketScape: Worldwide Managed Cloud Security Services in the Multicloud Era Vendor Assessment (doc #US48761022, September 2022). Trustwave, a pure-play cybersecurity services provider, is well positioned in the market. It shows the market acceptance for specialized security skills from its MSS providers.

This past month, Trustwave SpiderLabs observed that HTML (Hypertext Markup Language) file attachments had become a common occurrence in our spam traps, which is not unusual since malware is often delivered through phishing spam. For the past 30 days, SpiderLabs has found the combination of.HTML (11.39%) and.HTM (2.7%) files are our second most spammed file attachment, totalling 14.09%, followed by.EXE files at 12.84%.

There is an exploitation method that can automatically forward emails CC’d to external addresses via an Outlook Desktop rule, even when this action is prevented on the corporate Exchange server. This can be a serious data exfiltration risk allowing post-exploitation persistence in a previously breached account. The legitimate email account owner is highly likely to be unaware of the creation of this rule.

In some circles, October may be best known for hosting Halloween, but at Trustwave we know it as Cybersecurity Awareness Month. The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the National Cybersecurity Alliance (NCSA), today kicked off the 19th annual Cybersecurity Awareness Month.

This blog examines some interesting aspects of the recent reforms to Australia's Security of Critical Infrastructure Act - specifically related to the new risk management obligations that have been introduced. We'll unpack some of the ambiguities that exist and remain to be clarified in this specific area of the reforms.

Trustwave security teams are aware of two zero-day vulnerabilities (CVE-2022-41040 and CVE-2022-41082) impacting Microsoft Exchange Server 2013, 2016, and 2019 and organizations with Outlook Web Access facing the Internet. If exploited, the vulnerabilities can allow an attacker to elevate privilege and remote code execution capability. We immediately investigated the vulnerabilities and potential exploits and continue to monitor the situation.

Vitrea View is a tool that uses the DICOM standard to view medical images. If exploited an attacker could access patient information and obtain additional access to various services associated with Vitrea View..

Trustwave announced today that it has attained Gold competency in security in the Microsoft Partner Network, a mark reached by only 1% of all Microsoft partners. This certification, awarded upon rigorous review of technical certifications and innovative solutions, represents Microsoft’s highest level of partner recognition for aligning technical expertise to customer needs.