Tale of the Two Payloads – TrickBot and Nitol
A couple of weeks ago, we observed the Necurs botnet distributing a new malware spam campaign with ...
Read More
Spammed JScript Phones Home To Download NemucodAES And Kovter
Contributed by: Gerald Carsula, Rodel Mendez and Nicholas Ramos
Read MoreModSecurity Web Application Firewall - Commercial Rules Update (1)
We have released new commercial rules for ModSecurity Web Application Firewall (WAF) v2.9 and ...
Read MorePetya From The Wire: Detection using IDPS
Most malware that traverses a network do so with specific indicators, some of which look like ...
Read MoreMicrosoft Patch Tuesday, July 2017
July's Patch Tuesday brings patches for 54 CVEs, nearly half the number patched in June and back to ...
Read MoreA Computational Complexity Attack against Racoon and ISAKMP Fragmentation
Trustwave recently reported a remotely exploitable computational complexity vulnerability in the ...
Read MorePetya Ransomware: A glimpse of the past, the present, and the future
Ransomware seem to be the trend now and this type of malware will no doubt continue to grow. But do ...
Read MoreElephone P9000 Lock Screen Lockout Bypass
Brute force attacks against smartphones are not usually a viable attack vector. Manufacturers ...
Read More0-Day Alert: Your Humax WiFi Router Might Be In Danger
Over the years WiFi Routers have been notoriously susceptible to simple attacks. In early 2017, ...
Read MoreThe Petya/NotPetya Ransomware Campaign
This is an ongoing, emerging story and may be updated after posting.
Read MoreModSecurity version 3: Fuzzing as part of the QA
The stability of any given project is often tracked by its maturity, which is generally measured by ...
Read MoreMinimalist Alina PoS Variant Starts Using SSL
More than four years ago, we published a series of blogs discussing in-depth analysis of Alina ...
Read MoreModSecurity Web Application Firewall - Commercial Rules Update
We have just released new commercial rules for ModSecurity Web Application Firewall (WAF) v2.9 and ...
Read MoreKOVTER and CERBER on a One-Two Punch using Fake Delivery Notification
We previously outlined a spam campaign that delivered FAKEGLOBE and CERBER ransomwares. This week ...
Read MoreMicrosoft Patch Tuesday, June 2017
For the June 2017 Patch Tuesday Microsoft is releasing 97 CVEs, nearly double the number of ...
Read MoreThe WannaCry Impact on Databases Trustwave Database Security Knowledgebase Special Update 5.15
WannaCry is a network worm that exploits a vulnerability in Microsoft's implementation of the SMB ...
Read MoreFakeGlobe and Cerber Ransomware: Sneaking under the radar while WeCry
Recently, we observed a constant influx of spam that distributes two ransomware families, perhaps ...
Read MoreNecurs Recurs
The Necurs botnet, which was responsible for millions of malicious spam messages last year, has ...
Read MoreURSNIF is Back Riding a New Wave of Spam
The infamous data-stealing URSNIF malware has done it again and it's here to collect more ...
Read MoreAdvanced Malware Detection with Suricata Lua Scripting
Normal IDPS signatures using either Snort or Suricata have quite a few options and, if regex is ...
Read MoreTheShadowBrokers Babytalk Translation
TheShadowBrokers have just released a blog post (written in a child-like style to mock the lack of ...
Read MoreWannaCry: We Want to Cry
Contributors: Phil Hay, Rodel Mendrez, Gerald Carsula, Nicholas Ramos, Homer Pacag For the last few ...
Read MoreWannaCry: We Want to Cry
For the last few days the WannaCry ransomware event created mayhem, where organizations worldwide ...
Read MoreThe WannaCry Ransomware Campaign
By now you have likely heard about the WannaCry (aka WannaCrypt) ransomware campaign that has taken ...
Read MoreMicrosoft Patch Tuesday, May 2017
Microsoft is releasing 56 CVEs for the May 2017 Patch Tuesday today. This includes 15 CVEs rated ...
Read MoreMultiple Vulnerabilities in Avast Antivirus
Last year I decided to do some security research on an antivirus product. Avast seemed a good ...
Read More