Microsoft Patch Tuesday, February 2016
February Patch Tuesday is here with double the number of vulnerabilities that were patched in ...
Read MoreAngler Exploit Kit – Gunning For the Top Spot
They say that with great power comes great responsibility. In the world of websites the more ...
Read MoreBase64 versus Plaintext Observations
Recently we have been working on the libmodsecurity project. As part of the project we no longer ...
Read MoreNeutrino Exploit Kit Not Responding – Bug or Feature?
A couple of weeks ago we were looking at some exploit kits in one of our lab environments and ...
Read MoreMicrosoft Patch Tuesday, January 2016
It's a new year and with it comes a fresh batch of CVEs. As expected this January's Patch Tuesday ...
Read MoreAbout CVE-2015-8518: SAP Adaptive Server Enterprise Extended Stored Procedure Unauthorized Invocation
SAP released an update for SAP ASE 16.0 and 15.7 that addresses a serious security flaw discovered ...
Read MoreModSecurity Python Bindings: Parsing ModSecurity rules from Python
One of the good things about the next generation of ModSecurity, libModSecurity (AKA ModSecurity ...
Read MoreAn Overview of the Upcoming libModSecurity
libModSecurity is a major rewrite of ModSecurity. It preserves the rich syntax and feature set of ...
Read MoreNeutrino Exploit Kit – One Flash File to Rule Them All
There's been a bit of talk about the Neutrino exploit kit lately, most of it revolving around sites ...
Read MoreEndless Evasion Racing Game
In the past year we have been exploring the Magnitude Exploit Kit - one of the major actors in the ...
Read More3-in-1 Malware Infection through Spammed JavaScript Attachments
Recently we've observed a massive uptick of malicious spam with JavaScript attachments with an ...
Read MoreProtecting Your Sites from Apache.Commons Vulnerabilities
Overview A few weeks ago, FoxGlove Security released this important blog post that includes several ...
Read MoreDefender for IoT’s Firmware Analysis Tool is Exceptional
One of my "pastimes," if you will, is to check out the features of various security tools. I had ...
Read MoreJoomla 0-Day Exploited In the Wild (CVE-2015-8562)
A recent new 0-day in Joomla discovered by Sucuri (Sucuri Blog) has drawn a lot of attention from ...
Read MoreMom Spies a Hack
Have you ever wondered if all that informal training you do with your friends & family is ...
Read MoreMicrosoft Patch Tuesday, December 2015
The December Microsoft Path Tuesday is upon us and it does not bring any happy tidings. It brings ...
Read MoreAnother Brick in the FrameworkPoS
Introduction FrameworkPoS is a well-documented family of malware that targets Point of Sale (PoS) ...
Read MoreNew Memory Scraping Technique in Cherry Picker PoS Malware
Introduction Working primarily with point of sale malware, we regularly see the telltale signs of ...
Read MoreShining the Spotlight on Cherry Picker PoS Malware
Introduction For the last five years Trustwave has been monitoring a threat across a number of ...
Read MoreBOM Obfuscation in Spam
Spammers try all sorts of tricks to obfuscate, including trying to obfuscate URLs so they cannot be ...
Read MoreMicrosoft Patch Tuesday, November 2015
November's Patch Tuesday marks a return to business as usual. Where October was a rather light ...
Read MoreOracle Database 11.2 SQLi in XML index statistics processing (CVE-2015-4900)
In the October 2015 'Critical Patch Update' Oracle fixed a flaw in XML index support code: namely ...
Read MoreAbout Lenovo System Update Vulnerabilities and CVE-2015-6971
Over the past seven months, a number of vulnerabilities in Lenovo System Update software have come ...
Read MoreSpiderLabs Radio for the Week of October 19, 2015
Two separate SpiderLabs vulnerabilities released:
Read MoreJoomla SQL Injection Vulnerability Exploit Results in Full Administrative Access
Trustwave SpiderLabs researcher Asaf Orpani has discovered an SQL injection vulnerability in ...
Read MoreHow To Decrypt Ruby SSL Communications with Wireshark
Debugging a program that communicates with a remote endpoint usually involves analyzing the network ...
Read More