Digging in the Spam Folder
Introduction Unlike spam that appears in my real-world mailbox, the numerous unwanted parcels that ...
Read More
Suzy’s Phishing Season
Although most SWG-related blogs talk about exploit kits and malicious code, today we would like to ...
Read MoreEarlier Flaws Revisited: MS Office and PDF Combo Attack
Recently, we came across a campaign spamming out emails containing both DOC and PDF attachments ...
Read MoreAbout SAP ASE DSAM SQL Injection (CVE-2016-4013)
SAP introduced a new feature in SP02 for Adaptive Server Enterprise 16.0 that provides support for ...
Read MoreDatabase Security Knowledgebase Update 5.01
This month's update for Database Security Knowledgebase is now available.
Read MorePrivilege Escalation Vulnerability In Lenovo Solution Center (CVE-2016-1876)
Trustwave has reported several issues in Lenovo software in the past. Last week Lenovo published an ...
Read MoreMicrosoft Patch Tuesday, May 2016
May's Patch Tuesday is here and brings with it 16 Bulletins with 51 unique CVEs. The bulletins are ...
Read MoreMicrosoft Patch Tuesday, April 2016
April is here and with it comes a new Patch Tuesday. This month Microsoft is releasing 13 bulletins ...
Read MoreIntercepting SSL And HTTPS Traffic With mitmproxy and SSLsplit
Looking for vulnerabilities in mobile applications and smart home devices presents multiple ...
Read MoreTWSL2016-006: Multiple XSS Vulnerabilities reported for Zen Cart
Today Trustwave released a vulnerability advisory in conjunction with Zen Cart. Researchers from ...
Read MoreEvery Tool in the Tool Box
Introduction When I teach people about reverse engineering, I often hear the following statement: ...
Read MoreAngler Takes Malvertising to New Heights
We have just discovered an advertising campaign that has been placing malicious advertisements on ...
Read MoreTWSL2016-004: Multiple Cross-Site Scripting (XSS) Vulnerabilities in Magnolia CMS
Trustwave SpiderLabs published an advisory today in conjunction with Magnolia International Ltd. ...
Read MoreTWSL2016-005: Memory corruption in a third-party component: how to find what’s wrong
In continuation of this post: ...
Read MoreTWSL2016-003: Sophos Anti-Virus Mac OS X Version Update File Unlinking Vulnerability
While researching inter-process communication on Mac OS X, I found a small security issue with ...
Read MoreMassive Volume of Ransomware Downloaders being Spammed
We are currently seeing extraordinarily huge volumes of JavaScript attachments being spammed out, ...
Read MoreMicrosoft Patch Tuesday, March 2016
Today is March's Patch Tuesday with 13 bulletins and 39 unique CVEs, which is about the same level ...
Read MorePoSeidon Completionist
Introduction Most gamers have explored every nook and cranny of their favorite game, completing ...
Read MoreData Extraction via String Concatenation in a Blind SQL Injection Vulnerability
Day One: In Which The Heavens Part, But Only Slightly A few weeks ago while performing a web ...
Read MoreAngler Takes Malvertising to New Heights
We have just discovered an advertising campaign that has been placing malicious advertisements on ...
Read MoreMicrosoft Patch Tuesday, February 2016
February Patch Tuesday is here with double the number of vulnerabilities that were patched in ...
Read MoreAngler Exploit Kit – Gunning For the Top Spot
They say that with great power comes great responsibility. In the world of websites the more ...
Read MoreBase64 versus Plaintext Observations
Recently we have been working on the libmodsecurity project. As part of the project we no longer ...
Read MoreNeutrino Exploit Kit Not Responding – Bug or Feature?
A couple of weeks ago we were looking at some exploit kits in one of our lab environments and ...
Read MoreMicrosoft Patch Tuesday, January 2016
It's a new year and with it comes a fresh batch of CVEs. As expected this January's Patch Tuesday ...
Read MoreAbout CVE-2015-8518: SAP Adaptive Server Enterprise Extended Stored Procedure Unauthorized Invocation
SAP released an update for SAP ASE 16.0 and 15.7 that addresses a serious security flaw discovered ...
Read MoreModSecurity Python Bindings: Parsing ModSecurity rules from Python
One of the good things about the next generation of ModSecurity, libModSecurity (AKA ModSecurity ...
Read More