Microsoft Patch Tuesday, January 2017

It's everyone's favorite Patch Tuesday, January's Patch Tuesday. Historically January has always ...

Read More

Terror Exploit Kit? More like Error Exploit Kit

Q: What does it take to create a simple, yet fully functioning exploit kit?

Read More

Steganalysis, the Counterpart of Steganography

In my last blog post I discussed the art of embedding secret messages in any file so that only the ...

Read More

Raiding the Piggy Bank: Webshell Secrets Revealed

Introduction

Read More

Microsoft Patch Tuesday, December 2016

December's Patch Tuesday is here to greet you with the pleasant tidings of patches for all of your ...

Read More

A Backdoor in Skype for Mac OS X

Trustwave recently reported a locally exploitable issue in the Skype Desktop API Mac OS-X which ...

Read More

New Carbanak / Anunak Attack Methodology

In the last month Trustwave was engaged by multiple hospitality businesses for investigations by an ...

Read More

OWASP Core Rule Set 3.0.0 (Final) release

The OWASP Core Rule Set (CRS) team is excited to announce the immediate availability of the OWASP ...

Read More

Microsoft Patch Tuesday, November 2016

The November Patch Tuesday is here and it's a big one with 14 bulletins covering 68 unique CVEs. ...

Read More

Bopup Communications Server Remote Buffer Overflow Vulnerability

Trustwave recently discovered a remotely exploitable issue in all current versions of "B Labs" ...

Read More

About SAP Adaptive Server Enterprise dbcc import_sproc SQL injection vulnerability (CVE-2016-7402)

This vulnerability was introduced in SAP Adaptive Server Enterprise 16.0 SP02 PL03: prior versions ...

Read More

OWASP ModSecurity CRS Version 3.0 RC2 Released

The OWASP Core Rule Set (CRS) is an Open Source project run by the Open Web Application Security ...

Read More

Down the Rabbit Hole: Extracting Maliciousness from MSG Files Without Outlook

Email As Infection Vector

Read More

Microsoft Patch Tuesday, October 2016

October has arrived with seasonal changes and a new Microsoft Patch Tuesday. This Patch Tuesday ...

Read More

RIG's Facelift

RIG EK has been in the headlines recently mainly because both EITEST and PseudoDarkLeech (big ...

Read More

Steganography... what is that?

When people think about Information Security the first word that generally comes mind is "Hacking", ...

Read More

Necurs – the Heavyweight Malware Spammer

Today we want to dwell upon a pesky botnet that goes by the name of Necurs, and in particular its ...

Read More

Microsoft Patch Tuesday, September 2016

September's Patch Tuesday is upon us and it's the biggest one so far this year. While past months ...

Read More

Sundown EK – Stealing Its Way to the Top

Sundown is one of the newest Exploit Kits on the market these days, and like many up-and-coming ...

Read More

OWASP ModSecurity CRS Version 3.0 RC1 Released

Trustwave has been dedicated to supporting ModSecurity and the associated community for the better ...

Read More

Microsoft Patch Tuesday, August 2016

Today is August's Patch and with only 9 bulletins with 27 unique CVEs it's one of the lightest ...

Read More

Turning Up The Heat on IoT: TRANE Comfortlink XL850

The Internet of Things (IoT) continues to explode in the consumer market as demand for network ...

Read More

To Obfuscate, or not to Obfuscate

Introduction Malware's goal is to bypass computer defenses, infect a target, and often remain on ...

Read More

SAP ASE file creation vulnerability (CVE-2016-6196)

Recently SAP released a patch for an Adaptive Server Enterprise vulnerability that allows ...

Read More

Denial of Service: A Survival Guide

From Anonymous style SYN flooding to Application layer denial of service, denial of service is a ...

Read More

Slinging Hash: Speeding Cyber Threat Hunting Methodologies via Hash-Based Searching

Introduction

Read More

Microsoft Patch Tuesday, July 2016

July's Patch Tuesday is here and brings with it five bulletins rated Critical and 6 rated ...

Read More

How I Cracked a Keylogger and Ended Up in Someone's Inbox

It all started from a spam campaign. Figure 1 shows a campaign we picked up recently from our spam ...

Read More