Trustwave security and engineering teams are actively investigating the vulnerabilities CVE-2022-22965 (also referenced by other vendors at Spring4Shell / SpringShell) and CVE-2022-22963 and potential exploits. We are diligently watching over our clients for exposure and associated attacks and are taking action with approved mitigation efforts. At this time, Trustwave infrastructure and products have not been adversely affected by the vulnerability / exploits.

The dangers of email security are often understated. One successful email attack can lead to malware injection, system compromise, impersonation, espionage, ransomware and more. After all, phishing remains the top attack vector used by hackers. The FBI reported phishing scams were extremely prominent, with 323,972 complaints being made in the U.S. in 2021, compared to 241,342 the previous year. Adjusted losses resulting from these attacks is more than $44 million, a $10 million decrease from 2020.

The Trustwave SpiderLabs email security team has been monitoring the ongoing Russia-Ukraine crisis to ensure that our clients are protected and aware of any imminent threats. This research blog captures some of the phishing email threats we have discovered. Whenever there is a global event, threat actors are sure to take advantage of the situation. As the war between Russia and Ukraine continues, cybercriminals are pumping out spam emails that use the crisis as a lure.

Appending a malicious file to an unsuspecting file format is one of the tricks our adversaries use to evade detection. Recently, we came across an interesting email campaign employing this technique to deliver the info stealer Vidar malware. First, let’s examine the email delivery mechanism, then go on to take a closer look at the Vidar malware itself. Figure 1: The malicious spam message The messages in this campaign have two things in common.

Trustwave is actively tracking the threat of Lapsus$ for our clients. We encourage all organizations, especially those part of the digital supply chain, to remain vigilant and ensure that cyber best practices are implemented. We are actively investigating all unusual login behaviors for clients that use Okta. For more information on the Okta incident, please visit their blog. Trustwave does not use Okta. Actionable security recommendations for organizations can be found below.

In today’s environment, much of the population are doing their bank or financial transactions online and online banking or wire transfers have become a huge necessity. Recently, we received a phishing email that is targeting PayPal accounts. The email header contains an alarming subject and the From: address is a spoofed PayPal-like domain. The Message-Id is also highly suspicious as it uses web hosting site DreamHost which is not related to PayPal.

Recently, we encountered an interesting phishing webpage that caught our interest because it acts like a chameleon by changing and blending its color based on its environment. In addition, the site adapts its background page and logo depending on user input to trick its victims into giving away their email credentials. We see an email with the “initial” URLs in the example below: Figure 1. The raw phishing email showing the URLs, purporting to be a fax message that needs to be accessed.

The ongoing war between Ukraine and Russia has placed organizations worldwide on full alert due to the possibility that cyber attacks related to the conflict may impact organizations outside the region.

This is the second in a series of blogs that describes the importance and inner workings of conducting Red and Purple Team exercises. Part 1 of this blog series gave an overview of how to properly conduct these drills. This blog examines the role Purple Teams play in an effective security testing strategy.

We were once newcomers to the security research field and one of the most annoying problems we ran across was how to get a CVE published. After all, what good is it to find a juicy vulnerability if you can’t get the word out to others? So, as a resource to help our fellow researchers, we decided to put together a CVE publishing guide based on our experience, and honestly a lot of good old trial and error.

When a company implements multifactor authentication, the organization is usually confident that it’s using the best system possible. However, not all MFA is built the same and there are times when the MFA solution being implemented is not delivering the protection required.

Home improvement retailers like Home Depot and Lowes are interesting places. Inside a typical store, one can find everyone from a guy looking to replace a leaky pipe, a couple shopping for new appliances, or a large contractor picking up hundreds of pieces of sheetrock for a major project. Trustwave's Security Colony is the cybersecurity version of a home improvement store. Security Colony is essentially a self-help site.

The Russia-Ukraine conflict currently is ongoing and continues to escalate. Trustwave is on heightened alert, and we are actively monitoring malicious cyber activity associated with and adjacent to the conflict between Russia and Ukraine.

A critical part of improving a business’ cyber resilience is ensuring staff, including the executives and the board of directors, are all champions of promoting and driving awareness when it comes to cybersecurity. Many company do have this understanding, and one way to measure the importance organizations are placing on cybersecurity is by expenditures.