Drupal Compromise Analysis Including Indicators of Compromise
I would like to thank fellow SpiderLabs Researcher Chaim Sanders and Dennis Wilson, Bryant Smith ...
Read MoreStay Informed
Sign up to receive the latest security news and trends straight to your inbox from Trustwave.
[Honeypot Alert] FHS Null Byte Attack (CVE-2014-6287) Attempts to Install DDoS Malware (Iptablex)
Our web honeypots picked up some exploit attempts for CVE-2014-6287 which is a command execution ...
Read MoreAnnouncing ModSecurity v2.9.0 Stable Release
The SpiderLabs Research - ModSecurity Team is proud to announce the stable release of version 2.9.0 ...
Read MoreGHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
A heap-based buffer overflow vulnerability in glibc (CVE-2015-0235) was announced this week.
Read More[Honeypot Alert] Wordpress Wp Symposium 14.11 - Unauthenticated Shell Upload Exploit Attempt
Our web honeypots picked up some exploit attempts for the recently released vulnerability in the WP ...
Read MoreModSecurity Advanced Topic of the Week: Detecting Malware with Fuzzy Hashing
We witnessed a sophisticated phishing campaign on 16th August 2017, targeting victims by sending ...
Read MoreSetting HoneyTraps with ModSecurity: Adding Fake Cookies
This blog post continues with the topic of setting "HoneyTraps" within your web applications to ...
Read MoreShellshock a Week Later: What We Have Seen
Trustwave, like most other information security firms, has been busy investigating the ShellShock ...
Read More[Honeypot Alert] New Bot Malware (BoSSaBoTv2) Attacking Web Servers Discovered
Our web honeypots picked up some interesting attack traffic. The initial web application attack ...
Read More[Honeypot Alert] Active Probes for WordPress revslider_show_image Plugin Local File Inclusion Flaw
A local file inclusion vulnerability in the WordPress Slider Revolution Plugin has been released:
Read MoreBlackhat Arsenal 2014: Live ModSecurity Demonstrations
If you are heading out to Blackhat USA 2014 in Las Vegas this week, please stop by the Arsenal ...
Read More[Honeypot Alert] Wordpress XML-RPC Brute Force Scanning
There are news reports of new Wordpress XML-PRC brute force attacks being seen in the wild. The ...
Read MoreSetting HoneyTraps with ModSecurity: Adding Fake Hidden Form Fields
This blog post continues with the topic of setting "HoneyTraps" within your web applications to ...
Read MoreModSecurity Advanced Topic of the Week: JSON Support
Submitted by Felipe Costa and Ryan Barnett (SpiderLabs Research - ModSecurity Team)
Read More[Honeypot Alert] JCE Joomla Extension Attacks
Our web honeypots picked up some increased exploit attempts for an old Joomla Content Editor (JCE) ...
Read MoreColdFusion Admin Compromise Analysis (CVE-2010-2861)
In a previous blog post, I provided "Method of Entry" analysis for a ColdFusion compromise baed on ...
Read MoreWordPress XML-RPC PingBack Vulnerability Analysis
There were news stories this week outlining how attackers are abusing the XML-PRC "pingback" ...
Read MoreModSecurity Advanced Topic of the Week: Detecting Browser Fingerprint Changes During Sessions
This blog post will discuss a section from Recipe 8-5: Detecting Browser Fingerprint Changes During ...
Read MoreModSecurity Advanced Topic of the Week: HMAC Token Protection
This blog post presents a powerful feature of ModSecurity v2.7 that has been highly under-utilized ...
Read More[Honeypot Alert] More PHP-CGI Scanning (apache-magika.c)
In the past 24 hours, one of the WASC Distributed Web Honeypot participant's sensors picked up ...
Read MorePHP.Net Site Infected with Malware
Earlier today, users attempting to access the www.php.net site were met with malware warnings from ...
Read MoreHiding Webshell Backdoor Code in Image Files
Looks Can Be Deceiving Do any of these pictures look suspicious?
Read MoreAV Vendors Targeted in Defacement Campaign
Attacked Sites The KDMS hacking team recently defaced several popular websites include Whatsapp.com ...
Read MoreSetting HoneyTraps with ModSecurity: Adding Fake robots.txt Disallow Entries
The following blog post is taken from Recipe 3-2: Adding Fake robots.txt Disallow Entries in my new ...
Read More[Honeypot Alert] Probes for Apache Struts 2.X OGNL Vulnerability
Today our web honeypot sensors picked up probes for the recent Apache Struts 2.X OGNL vulnerability ...
Read More