Turning Up The Heat on IoT: TRANE Comfortlink XL850
The Internet of Things (IoT) continues to explode in the consumer market as demand for network ...
Read MoreTo Obfuscate, or not to Obfuscate
Introduction Malware's goal is to bypass computer defenses, infect a target, and often remain on ...
Read MoreSAP ASE file creation vulnerability (CVE-2016-6196)
Recently SAP released a patch for an Adaptive Server Enterprise vulnerability that allows ...
Read MoreDenial of Service: A Survival Guide
From Anonymous style SYN flooding to Application layer denial of service, denial of service is a ...
Read MoreMicrosoft Patch Tuesday, July 2016
July's Patch Tuesday is here and brings with it five bulletins rated Critical and 6 rated ...
Read MoreHow I Cracked a Keylogger and Ended Up in Someone's Inbox
It all started from a spam campaign. Figure 1 shows a campaign we picked up recently from our spam ...
Read MoreMalware Authors Adopt CEO Fraud Techniques
CEO Fraud scams, a type of Business Email Compromise (BEC), have gained popularity among scammers ...
Read MoreCEO Fraud Scams and How to Deal With Them at the Email Gateway
Email scams known as "CEO Fraud" are very common right now. They are a type of "Business Email ...
Read MoreAbout Lenovo Solution Center 3.3.002 Vulnerabilities (CVE-2016-5249)
After patching set of issues reported by Trustwave SpiderLabs last month, Lenovo released another ...
Read MoreLinux Kernel ROP - Ropping your way to # (Part 2)
Introduction In Part 1 of this tutorial, we have demonstrated how to find useful ROP gadgets and ...
Read MoreMicrosoft Patch Tuesday, June 2016
June's Patch Tuesday doesn't hold many surprises and is similar to the past several months with 17 ...
Read MoreLinux Kernel ROP - Ropping your way to # (Part 1)
Kernel ROP In-kernel ROP (Return Oriented Programming) is a useful technique that is often used to ...
Read MoreZero Day Auction for the Masses
UPDATE: The seller once again lowered their price on the 6th of June to $85,000USD. This means that ...
Read MoreDigging in the Spam Folder
Introduction Unlike spam that appears in my real-world mailbox, the numerous unwanted parcels that ...
Read MoreSuzy’s Phishing Season
Although most SWG-related blogs talk about exploit kits and malicious code, today we would like to ...
Read MoreEarlier Flaws Revisited: MS Office and PDF Combo Attack
Recently, we came across a campaign spamming out emails containing both DOC and PDF attachments ...
Read MoreAbout SAP ASE DSAM SQL Injection (CVE-2016-4013)
SAP introduced a new feature in SP02 for Adaptive Server Enterprise 16.0 that provides support for ...
Read MoreDatabase Security Knowledgebase Update 5.01
This month's update for Database Security Knowledgebase is now available.
Read MorePrivilege Escalation Vulnerability In Lenovo Solution Center (CVE-2016-1876)
Trustwave has reported several issues in Lenovo software in the past. Last week Lenovo published an ...
Read MoreMicrosoft Patch Tuesday, May 2016
May's Patch Tuesday is here and brings with it 16 Bulletins with 51 unique CVEs. The bulletins are ...
Read MoreMicrosoft Patch Tuesday, April 2016
April is here and with it comes a new Patch Tuesday. This month Microsoft is releasing 13 bulletins ...
Read MoreIntercepting SSL And HTTPS Traffic With mitmproxy and SSLsplit
Looking for vulnerabilities in mobile applications and smart home devices presents multiple ...
Read MoreTWSL2016-006: Multiple XSS Vulnerabilities reported for Zen Cart
Today Trustwave released a vulnerability advisory in conjunction with Zen Cart. Researchers from ...
Read MoreEvery Tool in the Tool Box
Introduction When I teach people about reverse engineering, I often hear the following statement: ...
Read MoreAngler Takes Malvertising to New Heights
We have just discovered an advertising campaign that has been placing malicious advertisements on ...
Read MoreTWSL2016-004: Multiple Cross-Site Scripting (XSS) Vulnerabilities in Magnolia CMS
Trustwave SpiderLabs published an advisory today in conjunction with Magnolia International Ltd. ...
Read More