Microsoft Patch Tuesday, November 2016
The November Patch Tuesday is here and it's a big one with 14 bulletins covering 68 unique CVEs. ...
Read More
Bopup Communications Server Remote Buffer Overflow Vulnerability
Trustwave recently discovered a remotely exploitable issue in all current versions of "B Labs" ...
Read MoreAbout SAP Adaptive Server Enterprise dbcc import_sproc SQL injection vulnerability (CVE-2016-7402)
This vulnerability was introduced in SAP Adaptive Server Enterprise 16.0 SP02 PL03: prior versions ...
Read MoreOWASP ModSecurity CRS Version 3.0 RC2 Released
The OWASP Core Rule Set (CRS) is an Open Source project run by the Open Web Application Security ...
Read MoreDown the Rabbit Hole: Extracting Maliciousness from MSG Files Without Outlook
Email As Infection Vector
Read MoreMicrosoft Patch Tuesday, October 2016
October has arrived with seasonal changes and a new Microsoft Patch Tuesday. This Patch Tuesday ...
Read MoreRIG's Facelift
RIG EK has been in the headlines recently mainly because both EITEST and PseudoDarkLeech (big ...
Read MoreSteganography... what is that?
When people think about Information Security the first word that generally comes mind is "Hacking", ...
Read MoreNecurs – the Heavyweight Malware Spammer
Today we want to dwell upon a pesky botnet that goes by the name of Necurs, and in particular its ...
Read MoreMicrosoft Patch Tuesday, September 2016
September's Patch Tuesday is upon us and it's the biggest one so far this year. While past months ...
Read MoreSundown EK – Stealing Its Way to the Top
Sundown is one of the newest Exploit Kits on the market these days, and like many up-and-coming ...
Read MoreOWASP ModSecurity CRS Version 3.0 RC1 Released
Trustwave has been dedicated to supporting ModSecurity and the associated community for the better ...
Read MoreMicrosoft Patch Tuesday, August 2016
Today is August's Patch and with only 9 bulletins with 27 unique CVEs it's one of the lightest ...
Read MoreTurning Up The Heat on IoT: TRANE Comfortlink XL850
The Internet of Things (IoT) continues to explode in the consumer market as demand for network ...
Read MoreTo Obfuscate, or not to Obfuscate
Introduction Malware's goal is to bypass computer defenses, infect a target, and often remain on ...
Read MoreSAP ASE file creation vulnerability (CVE-2016-6196)
Recently SAP released a patch for an Adaptive Server Enterprise vulnerability that allows ...
Read MoreDenial of Service: A Survival Guide
From Anonymous style SYN flooding to Application layer denial of service, denial of service is a ...
Read MoreMicrosoft Patch Tuesday, July 2016
July's Patch Tuesday is here and brings with it five bulletins rated Critical and 6 rated ...
Read MoreHow I Cracked a Keylogger and Ended Up in Someone's Inbox
It all started from a spam campaign. Figure 1 shows a campaign we picked up recently from our spam ...
Read MoreMalware Authors Adopt CEO Fraud Techniques
CEO Fraud scams, a type of Business Email Compromise (BEC), have gained popularity among scammers ...
Read MoreCEO Fraud Scams and How to Deal With Them at the Email Gateway
Email scams known as "CEO Fraud" are very common right now. They are a type of "Business Email ...
Read MoreAbout Lenovo Solution Center 3.3.002 Vulnerabilities (CVE-2016-5249)
After patching set of issues reported by Trustwave SpiderLabs last month, Lenovo released another ...
Read MoreLinux Kernel ROP - Ropping your way to # (Part 2)
Introduction In Part 1 of this tutorial, we have demonstrated how to find useful ROP gadgets and ...
Read MoreMicrosoft Patch Tuesday, June 2016
June's Patch Tuesday doesn't hold many surprises and is similar to the past several months with 17 ...
Read MoreLinux Kernel ROP - Ropping your way to # (Part 1)
Kernel ROP In-kernel ROP (Return Oriented Programming) is a useful technique that is often used to ...
Read MoreZero Day Auction for the Masses
UPDATE: The seller once again lowered their price on the 6th of June to $85,000USD. This means that ...
Read More