DOH! DNS Over HTTPS Poses Possible Risks to Enterprises
Introduction David Middlehurst of Trustwave SpiderLabs presented at the first ever conference ...
Read More10 Years On – A Look Back at MS08-067
It has been ten years since the release of MS08-067. Unlike many of the other incidents over the ...
Read MoreUnderground Code of Honor – Part 1 of 3
"We are all honorable men here, we do not have to give each other assurances as if we were ...
Read MoreRed Alert v2.0: Misadventures in Reversing Android Bot Malware
(Analysis by Rodel Mendrez and Lloyd Macrohon)
Read MoreSingHealth Data Breach – An Analytical Perspective
Executive Summary On July 20th 2018, the Singapore authorities announced1 that Singapore's largest ...
Read MoreTWSL2011-004: Cross-Site Scripting Vulnerability in ZyXEL ZyWALL 70 Firewall
The SpiderLabs team at Trustwave published a new advisory today, which details a vulnerability ...
Read MoreUnpatched Remote Code Execution in Reprise License Manager
During a recent penetration testing engagement, I came across a particularly interesting web ...
Read MoreWD My Cloud EX2 Serves Your Files to Anyone
Western Digital's My Cloud is a popular storage/backup device that lets users backup and store ...
Read MoreThe Underground Job Market – Part 2 of 3
"Leave your ego at the door every morning, and just do some truly great work. Few things will make ...
Read MoreMicrosoft Patch Tuesday, October 2018
October's Patch Tuesday is here and with it come patches for 49 CVEs and a "Defense in Depth" ...
Read MoreCredential Leak Flaws in Windows PureVPN Client
Using a VPN (Virtual Private Network) can bring many advantages, particularly when you want to ...
Read MoreCVE-2018-16962: Webroot SecureAnywhere macOS Kernel Level Memory Corruption
Trustwave recently discovered a locally exploitable issue in the macOS version of the Webroot ...
Read MorePatch Tuesday, September 2018
September's Patch Tuesday is here with patches for 61 CVEs and two roll up patches, one for ...
Read MoreDrupal Cache Poisoning SA-CORE-2018-005
(Analysis by Lena Frid, Bar Menachem and Victor Hora)
Read MoreFirework: Leveraging Microsoft Workspaces in a Penetration Test
Overview WCX files can be used to configure a Microsoft Workplace on a system with a couple of ...
Read MoreOracle Critical Patch Update July 2018 and Security Alert for CVE-2018-3110
On July 17th 2018 Oracle released Critical Patch Update (CPU) in accordance with their predefined ...
Read MoreCVE-2018-8006: XSS in Apache ActiveMQ
A cross site scripting (XSS) vulnerability exists in Apache ActiveMQprior to version 5.15.5. Apache ...
Read MoreBank Malspam Revisited
Last week we wrote about some malicious spam containing Microsoft Publisher files, leading to the ...
Read MoreAlina: Following The Shadow Part 1
Last I spoke with you, I went into the details of a family of Point of Sale (POS) malware, named ...
Read MoreMalspam Campaign Targets Banks Using Microsoft Publisher
It's very unusual for malware authors to utilize publishing software like Microsoft Publisher which ...
Read MoreMapping Social Media with Facial Recognition: A New Tool for Penetration Testers and Red Teamers
Performing intelligence gathering is a time-consuming process, it typically starts by attempting to ...
Read MoreCVE-2018-2892 - Kernel Level Privilege Escalation in Oracle Solaris
Trustwave recently discovered a locally exploitable issue in all current versions of Oracle Solaris ...
Read MoreMalicious SettingContent now Delivered Through PDF
Recently, a proof-of-conceptemerged on how the filetype SettingContent can be abused when getting ...
Read MorePatch Tuesday, July 2018
July's Patch Tuesday is here with patches for 53 CVEs and the standard roll up of patches for ...
Read MoreWeb Application Security-ModSecurity Commercial Rules, Update for June 2018
Overview for rules released by Trustwave SpiderLabs in November for ModSecurity Commercial Rules ...
Read MoreAdobe Flash Player 0-Day (CVE-2018-5002)
An Adobe advisory regarding a zero-day vulnerability in Adobe Flash Player was published late last ...
Read More