Microsoft Patch Tuesday, January 2017
It's everyone's favorite Patch Tuesday, January's Patch Tuesday. Historically January has always ...
Read MoreTerror Exploit Kit? More like Error Exploit Kit
Q: What does it take to create a simple, yet fully functioning exploit kit?
Read MoreSteganalysis, the Counterpart of Steganography
In my last blog post I discussed the art of embedding secret messages in any file so that only the ...
Read MoreMicrosoft Patch Tuesday, December 2016
December's Patch Tuesday is here to greet you with the pleasant tidings of patches for all of your ...
Read MoreA Backdoor in Skype for Mac OS X
Trustwave recently reported a locally exploitable issue in the Skype Desktop API Mac OS-X which ...
Read MoreNew Carbanak / Anunak Attack Methodology
In the last month Trustwave was engaged by multiple hospitality businesses for investigations by an ...
Read MoreOWASP Core Rule Set 3.0.0 (Final) release
The OWASP Core Rule Set (CRS) team is excited to announce the immediate availability of the OWASP ...
Read MoreMicrosoft Patch Tuesday, November 2016
The November Patch Tuesday is here and it's a big one with 14 bulletins covering 68 unique CVEs. ...
Read MoreBopup Communications Server Remote Buffer Overflow Vulnerability
Trustwave recently discovered a remotely exploitable issue in all current versions of "B Labs" ...
Read MoreAbout SAP Adaptive Server Enterprise dbcc import_sproc SQL injection vulnerability (CVE-2016-7402)
This vulnerability was introduced in SAP Adaptive Server Enterprise 16.0 SP02 PL03: prior versions ...
Read MoreOWASP ModSecurity CRS Version 3.0 RC2 Released
The OWASP Core Rule Set (CRS) is an Open Source project run by the Open Web Application Security ...
Read MoreDown the Rabbit Hole: Extracting Maliciousness from MSG Files Without Outlook
Email As Infection Vector
Read MoreMicrosoft Patch Tuesday, October 2016
October has arrived with seasonal changes and a new Microsoft Patch Tuesday. This Patch Tuesday ...
Read MoreRIG's Facelift
RIG EK has been in the headlines recently mainly because both EITEST and PseudoDarkLeech (big ...
Read MoreSteganography... what is that?
When people think about Information Security the first word that generally comes mind is "Hacking", ...
Read MoreNecurs – the Heavyweight Malware Spammer
Today we want to dwell upon a pesky botnet that goes by the name of Necurs, and in particular its ...
Read MoreMicrosoft Patch Tuesday, September 2016
September's Patch Tuesday is upon us and it's the biggest one so far this year. While past months ...
Read MoreSundown EK – Stealing Its Way to the Top
Sundown is one of the newest Exploit Kits on the market these days, and like many up-and-coming ...
Read MoreOWASP ModSecurity CRS Version 3.0 RC1 Released
Trustwave has been dedicated to supporting ModSecurity and the associated community for the better ...
Read MoreMicrosoft Patch Tuesday, August 2016
Today is August's Patch and with only 9 bulletins with 27 unique CVEs it's one of the lightest ...
Read MoreTurning Up The Heat on IoT: TRANE Comfortlink XL850
The Internet of Things (IoT) continues to explode in the consumer market as demand for network ...
Read MoreTo Obfuscate, or not to Obfuscate
Introduction Malware's goal is to bypass computer defenses, infect a target, and often remain on ...
Read MoreSAP ASE file creation vulnerability (CVE-2016-6196)
Recently SAP released a patch for an Adaptive Server Enterprise vulnerability that allows ...
Read MoreDenial of Service: A Survival Guide
From Anonymous style SYN flooding to Application layer denial of service, denial of service is a ...
Read MoreMicrosoft Patch Tuesday, July 2016
July's Patch Tuesday is here and brings with it five bulletins rated Critical and 6 rated ...
Read MoreHow I Cracked a Keylogger and Ended Up in Someone's Inbox
It all started from a spam campaign. Figure 1 shows a campaign we picked up recently from our spam ...
Read More