SpiderLabs Blog

HOW TO: Setting up Encrypted Communications Channels in Oracle Database (1)

In this article, I will explain how to set up an encrypted communications channel in Oracle ...

Microsoft Patch Tuesday, September 2015

Today marks Patch Tuesday for September and this month brings with it 12 bulletins. Four are rated ...

Lessons in Spam JavaScript Obfuscation Layers

Spammers seem to be adding layers of obfuscation to their malware attachments in an attempt to ...

SpiderLabs Radio for the Week of August 31, 2015

In this week's episode:

Debugging SAP ASE .NET Provider Issues

I've recently been chasing a bug that made it impossible to call one built-in stored procedure ...

About Two SAP Adaptive Server Enterprise (ASE) Extended Procedure Subsystem Vulnerabilities

Recently SAP patched two important security issues in Adaptive Server Enterprise (ASE). One is ...

SpiderLabs Radio for the Week of August 24, 2015

In this week's episode:

SpiderLabs Radio for the Week of August 17, 2015

In this week's episode:

Two Vulnerabilities Reported by SpiderLabs Fixed in Oracle Critical Patch Update July 2015

In July, Oracle released a Critical Patch Update for multiple products including Oracle Database ...

Microsoft Patch Tuesday for August 2015

Today marks Patch Tuesday for August. Almost identical to last month's list, August clocks in with ...

SpiderLabs Radio for the Week of July 27, 2015

In this week's episode:

RIG Reloaded - Examining the Architecture of RIG Exploit Kit 3.0

A few months ago the RIG exploit kit took quite a hit when its source code was leaked by a ...

Username Enumeration against OpenSSH-SELinux with CVE-2015-3238

I recently disclosed a low-risk vulnerability in Linux-PAM versions prior to 1.2.1 which allows ...

Tsar Team Microsoft Office Zero Day CVE-2015-2424

After the publication of Flash and IE zero days following the Hacking Team leak, researchers have ...

Finding XSS Vulnerabilities More Quickly with Dynamic Contextual Analysis

Cross-Site Scripting (XSS) has been around since the 1990s and countless scanners have been created ...

SpiderLabs Radio for the Week of July 13, 2015

In this week's episode:

Microsoft Patch Tuesday July 2015

July's Patch Tuesday is here and brings with it a rather large 14 bulletins with 4 Critical and 10 ...

SpiderLabs Radio for the Week of Jul 6, 2015

In this week's episode we talk about the Hacking Team getting hacked.

A Flash Exploit (CVE-2015-5119) From the Hacking Team Leak

***Update July 12, 2015--It was recently discovered that Hacking Team possessed an additional ...

AppDetectivePRO and DbProtect Knowledgebase Update 4.51

This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available.

Malvertisement – A Nuclear EK Tale

Over the past couple of years delivering malware via advertisements, or "malvertisement," has ...

Attacking Ruby Gem Security with CVE-2015-3900

A Ruby gem is a standard packaging format used for Ruby libraries and applications. This packaging ...

SpiderLabs Radio for the Week of June 15, 2015

In this week's episode:

Trustwave 2015 Global Security Report Available Now

Microsoft Patch Tuesday, June 2015

It's that time of the month again, Patch Tuesday for June! With only eight total bulletins (2 ...

SpiderLabs Radio for the Week of June 1, 2015

In this week's episode:

New Episode of Punkey PoS Malware Airs

Reruns from the 1980s are all the rage these days, and like the sitcom it's based on, we've ...

AppDetectivePRO and DbProtect Knowledgebase Update 4.50

This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available.