Jumping through the hoops: multi-stage malicious PDF spam
We've recently encountered a number of malicious spam messages with PDFs attached. The PDFs ...
Read More
Quaverse RAT: Remote-Access-as-a-Service
***UPDATE as of September 28, 2015 - see the bottom of this post for removal instructions***
Read MoreHOW TO: Setting up Encrypted Communications Channels in Oracle Database
In this article, I will explain how to set up an encrypted communications channel in Oracle ...
Read MoreHOW TO: Setting up Encrypted Communications Channels in Oracle Database (1)
In this article, I will explain how to set up an encrypted communications channel in Oracle ...
Read MoreMicrosoft Patch Tuesday, September 2015
Today marks Patch Tuesday for September and this month brings with it 12 bulletins. Four are rated ...
Read MoreLessons in Spam JavaScript Obfuscation Layers
Spammers seem to be adding layers of obfuscation to their malware attachments in an attempt to ...
Read MoreDebugging SAP ASE .NET Provider Issues
I've recently been chasing a bug that made it impossible to call one built-in stored procedure ...
Read MoreAbout Two SAP Adaptive Server Enterprise (ASE) Extended Procedure Subsystem Vulnerabilities
Recently SAP patched two important security issues in Adaptive Server Enterprise (ASE). One is ...
Read MoreTwo Vulnerabilities Reported by SpiderLabs Fixed in Oracle Critical Patch Update July 2015
In July, Oracle released a Critical Patch Update for multiple products including Oracle Database ...
Read MoreMicrosoft Patch Tuesday for August 2015
Today marks Patch Tuesday for August. Almost identical to last month's list, August clocks in with ...
Read MoreRIG Reloaded - Examining the Architecture of RIG Exploit Kit 3.0
A few months ago the RIG exploit kit took quite a hit when its source code was leaked by a ...
Read MoreUsername Enumeration against OpenSSH-SELinux with CVE-2015-3238
I recently disclosed a low-risk vulnerability in Linux-PAM versions prior to 1.2.1 which allows ...
Read MoreTsar Team Microsoft Office Zero Day CVE-2015-2424
After the publication of Flash and IE zero days following the Hacking Team leak, researchers have ...
Read MoreFinding XSS Vulnerabilities More Quickly with Dynamic Contextual Analysis
Cross-Site Scripting (XSS) has been around since the 1990s and countless scanners have been created ...
Read MoreMicrosoft Patch Tuesday July 2015
July's Patch Tuesday is here and brings with it a rather large 14 bulletins with 4 Critical and 10 ...
Read MoreSpiderLabs Radio for the Week of Jul 6, 2015
In this week's episode we talk about the Hacking Team getting hacked.
Read MoreA Flash Exploit (CVE-2015-5119) From the Hacking Team Leak
***Update July 12, 2015--It was recently discovered that Hacking Team possessed an additional ...
Read MoreAppDetectivePRO and DbProtect Knowledgebase Update 4.51
This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available.
Read MoreMalvertisement – A Nuclear EK Tale
Over the past couple of years delivering malware via advertisements, or "malvertisement," has ...
Read MoreAttacking Ruby Gem Security with CVE-2015-3900
A Ruby gem is a standard packaging format used for Ruby libraries and applications. This packaging ...
Read More