Undocumented Backdoor Account in DBLTek GoIP
Trustwave recently reported a remotely exploitable issue in the Telnet administrative interface of ...
Read MoreHanz Ostmaster’s revenge: An SSL Validation issue
Why would I title a blog post with the name 'Hanz Ostmaster'? Don't worry, it's not some new named ...
Read MoreUnauthenticated Backdoor Access in Unanet
The default configuration of the Unanet web application has a backdoor that can allow ...
Read MoreDatabase Security Knowledgebase Update 5.11
This month's update for Database Security Knowledgebase is now available.
Read MoreUnderground Scams: Cutting the Head Off a Snake
Shortly after publishing our post about Terror EK, "King Cobra" (a Twitter account that we ...
Read MoreCVE-2017-5521: Bypassing Authentication on NETGEAR Routers
Home routers are the first and sometimes last line of defense for a network. Despite this fact, ...
Read MoreSVG Files Are Not As Benign As It May Seem
Bad guys are getting quite creative trying to evade spam filters and antivirus scanners. Last week, ...
Read MoreCreating the ModSecurity v3 IDS connector as part of Google Summer of Code
A note from the Trustwave Spiderlabs ModSecurity team:
Read MoreTwo Privilege Escalation Vulnerabilities in McAfee Security Scan Plus
This post will discuss two separate Local Privilege Escalation vulnerabilities in the McAfee ...
Read MoreIs ModSecurity’s SecRules Turing Complete?
Have you ever seen a rule for ModSecurity? They may look similar to the following:
Read MoreOperation Grand Mars: a comprehensive profile of Carbanak activity in 2016/17
The Trustwave SpiderLabs team has been actively tracking a malicious campaign conducted by the ...
Read MoreMicrosoft Patch Tuesday, January 2017
It's everyone's favorite Patch Tuesday, January's Patch Tuesday. Historically January has always ...
Read MoreTerror Exploit Kit? More like Error Exploit Kit
Q: What does it take to create a simple, yet fully functioning exploit kit?
Read MoreSteganalysis, the Counterpart of Steganography
In my last blog post I discussed the art of embedding secret messages in any file so that only the ...
Read MoreMicrosoft Patch Tuesday, December 2016
December's Patch Tuesday is here to greet you with the pleasant tidings of patches for all of your ...
Read MoreA Backdoor in Skype for Mac OS X
Trustwave recently reported a locally exploitable issue in the Skype Desktop API Mac OS-X which ...
Read MoreNew Carbanak / Anunak Attack Methodology
In the last month Trustwave was engaged by multiple hospitality businesses for investigations by an ...
Read MoreOWASP Core Rule Set 3.0.0 (Final) release
The OWASP Core Rule Set (CRS) team is excited to announce the immediate availability of the OWASP ...
Read MoreMicrosoft Patch Tuesday, November 2016
The November Patch Tuesday is here and it's a big one with 14 bulletins covering 68 unique CVEs. ...
Read MoreBopup Communications Server Remote Buffer Overflow Vulnerability
Trustwave recently discovered a remotely exploitable issue in all current versions of "B Labs" ...
Read MoreAbout SAP Adaptive Server Enterprise dbcc import_sproc SQL injection vulnerability (CVE-2016-7402)
This vulnerability was introduced in SAP Adaptive Server Enterprise 16.0 SP02 PL03: prior versions ...
Read MoreOWASP ModSecurity CRS Version 3.0 RC2 Released
The OWASP Core Rule Set (CRS) is an Open Source project run by the Open Web Application Security ...
Read MoreDown the Rabbit Hole: Extracting Maliciousness from MSG Files Without Outlook
Email As Infection Vector
Read MoreMicrosoft Patch Tuesday, October 2016
October has arrived with seasonal changes and a new Microsoft Patch Tuesday. This Patch Tuesday ...
Read MoreRIG's Facelift
RIG EK has been in the headlines recently mainly because both EITEST and PseudoDarkLeech (big ...
Read MoreSteganography... what is that?
When people think about Information Security the first word that generally comes mind is "Hacking", ...
Read MoreNecurs – the Heavyweight Malware Spammer
Today we want to dwell upon a pesky botnet that goes by the name of Necurs, and in particular its ...
Read More