#trustwave — Public Fediverse posts

New Eternidade Stealer Uses WhatsApp to Steal Banking Data https://hackread.com/eternidade-stealer-whatsapp-steal-banking-data/ #EternidadeStealer #SpiderLabs #SMSishing #Trustwave #Security #WhatsApp #Malware #Banking #Brazil #TROJAN #Fraud #Scam

New Eternidade Stealer Uses WhatsApp to Steal Banking Data https://hackread.com/eternidade-stealer-whatsapp-steal-banking-data/ #EternidadeStealer #SpiderLabs #SMSishing #Trustwave #Security #WhatsApp #Malware #Banking #Brazil #TROJAN #Fraud #Scam

New Eternidade Stealer Uses WhatsApp to Steal Banking Data https://hackread.com/eternidade-stealer-whatsapp-steal-banking-data/ #EternidadeStealer #SpiderLabs #SMSishing #Trustwave #Security #WhatsApp #Malware #Banking #Brazil #TROJAN #Fraud #Scam

New Eternidade Stealer Uses WhatsApp to Steal Banking Data https://hackread.com/eternidade-stealer-whatsapp-steal-banking-data/ #EternidadeStealer #SpiderLabs #SMSishing #Trustwave #Security #WhatsApp #Malware #Banking #Brazil #TROJAN #Fraud #Scam

The energy sector has no time to wait for the next cyberattack https://www.helpnetsecurity.com/2025/08/26/energy-sector-cyber-risks/ #criticalinfrastructure #SecurityScorecard #cybersecurity #energysector #Trustwave #strategy #Delinea #SixMap #threat #News #ENCS #FBI

The energy sector has no time to wait for the next cyberattack https://www.helpnetsecurity.com/2025/08/26/energy-sector-cyber-risks/ #criticalinfrastructure #SecurityScorecard #cybersecurity #energysector #Trustwave #strategy #Delinea #SixMap #threat #News #ENCS #FBI

The energy sector has no time to wait for the next cyberattack https://www.helpnetsecurity.com/2025/08/26/energy-sector-cyber-risks/ #criticalinfrastructure #SecurityScorecard #cybersecurity #energysector #Trustwave #strategy #Delinea #SixMap #threat #News #ENCS #FBI

The energy sector has no time to wait for the next cyberattack https://www.helpnetsecurity.com/2025/08/26/energy-sector-cyber-risks/ #criticalinfrastructure #SecurityScorecard #cybersecurity #energysector #Trustwave #strategy #Delinea #SixMap #threat #News #ENCS #FBI

LevelBlue to Acquire Trustwave to Create Major MSSP – Source: www.securityweek.com https://ciso2ciso.com/levelblue-to-acquire-trustwave-to-create-major-mssp-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #securityweekcom #securityweek #Acquisition #Funding/M&A #M&ATracker #LevelBlue #Trustwave #MSSP #M&A #mdr

LevelBlue to Acquire Trustwave to Create Major MSSP – Source: www.securityweek.com https://ciso2ciso.com/levelblue-to-acquire-trustwave-to-create-major-mssp-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #securityweekcom #securityweek #Acquisition #Funding/M&A #M&ATracker #LevelBlue #Trustwave #MSSP #M&A #mdr

LevelBlue to Acquire Trustwave to Create Major MSSP – Source: www.securityweek.com https://ciso2ciso.com/levelblue-to-acquire-trustwave-to-create-major-mssp-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #securityweekcom #securityweek #Acquisition #Funding/M&A #M&ATracker #LevelBlue #Trustwave #MSSP #M&A #mdr

LevelBlue to Acquire Trustwave to Create Major MSSP – Source: www.securityweek.com https://ciso2ciso.com/levelblue-to-acquire-trustwave-to-create-major-mssp-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #securityweekcom #securityweek #Acquisition #Funding/M&A #M&ATracker #LevelBlue #Trustwave #MSSP #M&A #mdr

LevelBlue to Acquire Trustwave to Create Major MSSP https://www.securityweek.com/levelblue-to-acquire-trustwave-to-create-largest-mssp/ #Funding/M&A #Acquisition #M&ATracker #LevelBlue #Trustwave #MSSP #M&A #MDR

LevelBlue to Acquire Trustwave to Create Major MSSP https://www.securityweek.com/levelblue-to-acquire-trustwave-to-create-largest-mssp/ #Funding/M&A #Acquisition #M&ATracker #LevelBlue #Trustwave #MSSP #M&A #MDR

LevelBlue to Acquire Trustwave to Create Major MSSP https://www.securityweek.com/levelblue-to-acquire-trustwave-to-create-largest-mssp/ #Funding/M&A #Acquisition #M&ATracker #LevelBlue #Trustwave #MSSP #M&A #MDR

LevelBlue to Acquire Trustwave to Create Major MSSP https://www.securityweek.com/levelblue-to-acquire-trustwave-to-create-largest-mssp/ #Funding/M&A #Acquisition #M&ATracker #LevelBlue #Trustwave #MSSP #M&A #MDR

LevelBlue to Acquire Trustwave to Create Major MSSP https://www.securityweek.com/levelblue-to-acquire-trustwave-to-create-largest-mssp/ #Funding/M&A #Acquisition #M&ATracker #LevelBlue #Trustwave #MSSP #M&A #MDR

LevelBlue to Acquire Trustwave to Create Major MSSP https://www.securityweek.com/levelblue-to-acquire-trustwave-to-create-largest-mssp/ #Funding/M&A #Acquisition #M&ATracker #LevelBlue #Trustwave #MSSP #M&A #MDR

LevelBlue to Acquire Trustwave to Create Major MSSP https://www.securityweek.com/levelblue-to-acquire-trustwave-to-create-largest-mssp/ #Funding/M&A #Acquisition #M&ATracker #LevelBlue #Trustwave #MSSP #M&A #MDR

LevelBlue to Acquire Trustwave to Create Major MSSP https://www.securityweek.com/levelblue-to-acquire-trustwave-to-create-largest-mssp/ #Funding/M&A #Acquisition #M&ATracker #LevelBlue #Trustwave #MSSP #M&A #MDR

De opkomst van sys01 infostealer: een nieuwe dreiging voor facebook pagina’s en bedrijven https://www.trendingtech.news/trending-news/2024/09/39417/de-opkomst-van-sys01-infostealer-een-nieuwe-dreiging-voor-facebook-pagina-s-en-bedrijven #SYS01 Infostealer #Facebook beveiliging #kwaadaardige advertenties #cybercriminaliteit #Trustwave SpiderLabs #Trending #News #Nieuws

SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts https://www.helpnetsecurity.com/2024/07/16/malicious-ads-facebook-linkedin/ #accounthijacking #malvertising #Don'tmiss #Trustwave #Hotstuff #Facebook #LinkedIn #malware #News

Search & Spoof: Abuse of Windows Search to Redirect to Malware

Date: June 11, 2024
CVE: Not specified
Vulnerability Type: URL Redirection to Untrusted Site
CWE: [[CWE-601]]
Sources: SpiderLabs Blog

Synopsis

A phishing campaign leverages the Windows search protocol via HTML attachments to redirect users to malware, exploiting system vulnerabilities and user behavior.

Issue Summary

The campaign starts with a phishing email containing a ZIP-archived HTML file disguised as a routine document. Upon opening, the HTML file exploits the Windows search protocol to execute malicious commands. The file uses a <meta http-equiv="refresh" tag to reload the page and redirect the browser to a new URL, and an anchor tag as a fallback should the browser block the redirect.

Technical Key Findings

The attack uses the search: protocol to directly interact with Windows Explorer, directing searches to malicious servers. It involves parameters like query, crumb, displayname, and location, making the malicious activity appear legitimate. The attack concludes with the user being prompted to run a batch script disguised as a shortcut file.

![[Figure 5. Search window displaying results after invoking the search query..webp]]

Vulnerable Products

The specific vulnerability affects Windows systems that allow search-ms and search URI protocols to execute without adequate validation.

Impact Assessment

If exploited, this vulnerability can lead to unauthorized execution of malicious scripts, potentially compromising the user’s system and allowing further malicious activities, such as data theft or additional malware installation.

Patches or Workaround

Mitigation involves disabling the search-ms and search URI handlers by deleting associated registry entries with the following commands:

reg delete HKEY_CLASSES_ROOT\search /f
reg delete HKEY_CLASSES_ROOT\search-ms /f

Additionally, security updates for email scanners can detect and block such malicious HTML files.

Tags

#Windows #Malware #Phishing #URLRedirection #CyberSecurity #Cloudflare #IPFS #Trustwave

Cybercrime stats you can’t ignore https://www.helpnetsecurity.com/2024/05/07/cybercrime-stats-2024/ #GuidePointSecurity #SecurityScorecard #AbnormalSecurity #OstermanResearch #cybersecurity #VIPRESecurity #cybercrime #Ironscales #ReliaQuest #Don'tmiss #Trustwave #Hotstuff #SpyCloud #Cofense #Imperva #Akamai #Egress #report #Sophos #survey #Thales #News #Visa

Cybercrime stats you can’t ignore https://www.helpnetsecurity.com/2024/05/07/cybercrime-stats-2024/ #GuidePointSecurity #SecurityScorecard #AbnormalSecurity #OstermanResearch #cybersecurity #VIPRESecurity #cybercrime #Ironscales #ReliaQuest #Don'tmiss #Trustwave #Hotstuff #SpyCloud #Cofense #Imperva #Akamai #Egress #report #Sophos #survey #Thales #News #Visa

Cybercrime stats you can’t ignore https://www.helpnetsecurity.com/2024/05/07/cybercrime-stats-2024/ #GuidePointSecurity #SecurityScorecard #AbnormalSecurity #OstermanResearch #cybersecurity #VIPRESecurity #cybercrime #Ironscales #ReliaQuest #Don'tmiss #Trustwave #Hotstuff #SpyCloud #Cofense #Imperva #Akamai #Egress #report #Sophos #survey #Thales #News #Visa

Cybercrime stats you can’t ignore https://www.helpnetsecurity.com/2024/05/07/cybercrime-stats-2024/ #GuidePointSecurity #SecurityScorecard #AbnormalSecurity #OstermanResearch #cybersecurity #VIPRESecurity #cybercrime #Ironscales #ReliaQuest #Don'tmiss #Trustwave #Hotstuff #SpyCloud #Cofense #Imperva #Akamai #Egress #report #Sophos #survey #Thales #News #Visa

Tech industry’s focus on innovation leaves security behind https://www.helpnetsecurity.com/2024/03/26/technology-companies-cyber-threats/ #digitaltransformation #cybersecurity #cybercrime #Trustwave #report #survey #News

📬 Ov3r_Stealer verbreitet sich über Facebook-Anzeigen
#Cyberangriffe #Internet #ITSicherheit #DiscordURL #Ov3r_Stealer #Phemedrone #PowerShellSkript #Schadsoftware #SoftwareCracking #Trustwave https://sc.tarnkappe.info/130db9

📬 Ov3r_Stealer verbreitet sich über Facebook-Anzeigen
#Cyberangriffe #Internet #ITSicherheit #DiscordURL #Ov3r_Stealer #Phemedrone #PowerShellSkript #Schadsoftware #SoftwareCracking #Trustwave https://sc.tarnkappe.info/130db9

📬 Ov3r_Stealer verbreitet sich über Facebook-Anzeigen
#Cyberangriffe #Internet #ITSicherheit #DiscordURL #Ov3r_Stealer #Phemedrone #PowerShellSkript #Schadsoftware #SoftwareCracking #Trustwave https://sc.tarnkappe.info/130db9

📬 Ov3r_Stealer verbreitet sich über Facebook-Anzeigen
#Cyberangriffe #Internet #ITSicherheit #DiscordURL #Ov3r_Stealer #Phemedrone #PowerShellSkript #Schadsoftware #SoftwareCracking #Trustwave https://sc.tarnkappe.info/130db9

📬 Ov3r_Stealer verbreitet sich über Facebook-Anzeigen
#Cyberangriffe #Internet #ITSicherheit #DiscordURL #Ov3r_Stealer #Phemedrone #PowerShellSkript #Schadsoftware #SoftwareCracking #Trustwave https://sc.tarnkappe.info/130db9

"🛡️ Mitigation Tips Against Stealthy VBA Macros 📝"**

To protect against these stealthy VBA macros, consider disabling macros in Microsoft Office and restricting execution to trusted sources. 🚫📄

Educate users about the risks associated with enabling macros and employ robust email gateways for scanning attachments. 🎓📧

A YARA rule is also available to flag potential threats without relying on PDF header checks. 🚩🔍

key points:

Malicious Word Document in a PDF-like Header: The malicious Word document is concealed within a PDF-like header that contains the signature %PDF-1.7, typically associated with PDF files.

MIME Encapsulation of HTML Documents: Within the fake PDF structure, there is a MIME encapsulation of aggregate HTML documents (MHTML Web Archive) that contains an embedded Base64 encoded ActiveMIME object. ActiveMIME is an undocumented Microsoft file format often used to store VBA Macros.

Obfuscation Techniques: Various obfuscation techniques are employed to evade detection based on signatures. These include the use of a non-compliant MIME type, fragmentation of Base64 encoded strings, and URL percent-encoded strings to obscure links.

PDF Header Not Required: Interestingly, the embedded MHT document file doesn't actually require a PDF header. Any text preceding the MHT file allows Microsoft Word to open the document file and execute the malicious macro if enabled.

Evasion of Signature-Based Detection: This technique can evade signature-based detection systems that specifically scan for a PDF header. The analysis shows a significant difference in detection rates between samples with and without the fake PDF header.

Mitigation Advice: To protect users from such threats, the summary provides several mitigation recommendations, including configuring Microsoft Office to disable macros by default, restricting macro execution to trusted sources, educating users about macro risks, and using robust email gateways for scanning attachments.

YARA Rule: A YARA rule is provided to identify potential malicious macros embedded in files without conducting PDF header checking. This rule checks for specific strings and patterns within files to flag potential threats.

Source: Trustwave SpiderLabs Blog

Tags: #Cybersecurity #Mitigation #UserEducation #YARARule #Trustwave #SpiderLabs #EmailSecurity 🌐🔐🛡️

📬 Rilide-Malware befällt Chromium-Browser und stiehlt Krypto-Coins
#Krypto #Malware #2FA #AuroraStealer #Brave #Chromium #EkipaRAT #GoogleAds #googlechrome #GoogleDrive #KryptoWallet #Kryptowährungen #MaaS #MicrosoftEdge #Opera #Rilide #Trustwave #Vivaldi https://tarnkappe.info/artikel/krypto/rilide-malware-befaellt-chromium-browser-und-stiehlt-krypto-coins-272435.html

📬 Rilide-Malware befällt Chromium-Browser und stiehlt Krypto-Coins
#Krypto #Malware #2FA #AuroraStealer #Brave #Chromium #EkipaRAT #GoogleAds #googlechrome #GoogleDrive #KryptoWallet #Kryptowährungen #MaaS #MicrosoftEdge #Opera #Rilide #Trustwave #Vivaldi https://tarnkappe.info/artikel/krypto/rilide-malware-befaellt-chromium-browser-und-stiehlt-krypto-coins-272435.html

📬 Rilide-Malware befällt Chromium-Browser und stiehlt Krypto-Coins
#Krypto #Malware #2FA #AuroraStealer #Brave #Chromium #EkipaRAT #GoogleAds #googlechrome #GoogleDrive #KryptoWallet #Kryptowährungen #MaaS #MicrosoftEdge #Opera #Rilide #Trustwave #Vivaldi https://tarnkappe.info/artikel/krypto/rilide-malware-befaellt-chromium-browser-und-stiehlt-krypto-coins-272435.html

📬 Rilide-Malware befällt Chromium-Browser und stiehlt Krypto-Coins
#Krypto #Malware #2FA #AuroraStealer #Brave #Chromium #EkipaRAT #GoogleAds #googlechrome #GoogleDrive #KryptoWallet #Kryptowährungen #MaaS #MicrosoftEdge #Opera #Rilide #Trustwave #Vivaldi https://tarnkappe.info/artikel/krypto/rilide-malware-befaellt-chromium-browser-und-stiehlt-krypto-coins-272435.html

📬 Rilide-Malware befällt Chromium-Browser und stiehlt Krypto-Coins
#Krypto #Malware #2FA #AuroraStealer #Brave #Chromium #EkipaRAT #GoogleAds #googlechrome #GoogleDrive #KryptoWallet #Kryptowährungen #MaaS #MicrosoftEdge #Opera #Rilide #Trustwave #Vivaldi https://tarnkappe.info/artikel/krypto/rilide-malware-befaellt-chromium-browser-und-stiehlt-krypto-coins-272435.html

Reflected #XSS flaw in Canon Medical ’s Vitrea View could expose patient info

#Trustwave researchers discovered two XSS flaws in Canon Medical ’s Vitrea View tool.

https://securityaffairs.co/wordpress/136545/hacking/canon-medical-vitrea-view-xss.html

Android-мессенджер со 100 млн загрузок раскрывает пересылаемые медиафайлы #уязвимость, #конфиденциальность, #приложение, #мессенджер, #Android, #Trustwave https://www.securitylab.ru/news/514204.php https://twitter.com/SecurityLabnews/status/1329682148211773440/photo/1

Trustwave обнаружила хакера, который продал данные о 186 миллионах избирателей США #Trustwave, #хакер, #США https://www.securitylab.ru/news/513301.php https://twitter.com/SecurityLabnews/status/1319378000698363905/photo/1

Уязвимость в СУБД IBM Db2 может привести к утечке данных и отказу в обслуживании #Trustwave, #уязвимость https://www.securitylab.ru/news/511351.php https://twitter.com/SecurityLabnews/status/1296441868947947523/photo/1