Changes in Oracle Database 12c password hashes
Oracle has made improvements to user password hashes within Oracle Database 12c. By using a ...
Read More
Adventures in Social Engineering: The Evil Reference
I recently completed a social engineering gig targeting four bank locations. After a phone call and ...
Read MoreMalicious Macros Evades Detection by Using Unusual File Format
A couple of months ago we observed an influx of XML spam attachments that were actually Office ...
Read More[Honeypot Alert] Fritz!Box – Remote Command Execution Exploit Attempt
Our web honeypots picked up some exploit attempts for a remote command execution vulnerability in ...
Read MoreMicrosoft Patch Tuesday, May 2015
May's Patch Tuesday is upon us and with it comes three Critical and eleven Important rated ...
Read MoreAppDetectivePRO and DbProtect Knowledgebase Update 4.49
This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available.
Read MoreSpiderLabs Radio for the Week of May 4, 2015
SpiderLabs Radio will be on hiatus this week so our host can catch up on the entire Star Wars ...
Read MoreBedep trojan malware spread by the Angler exploit kit gets political
We recently observed what seems to be a group of cybercriminals helping spread pro-Russia messaging ...
Read MoreSAP Adaptive Server Enterprise Vulnerabilities discussed @RSAC
Last week I gave a talk at RSA USA 2015 on SAP Adaptive Server Enterprise security, specifically on ...
Read MoreOpen Challenge: Ruby YAML.load(YOUR_STRING_HERE) == RCE?
For some, the challenge may already be quite clear by the title of this post, but I'm going to add ...
Read MoreSpiderLabs Radio for the Week of April 20, 2015
In this week's episode it's all things RSA Conference. I'll be discussing two talks put on by ...
Read MoreCVE-2014-6284 - 'Probe' login access vulnerability in SAP ASE
The SpiderLabs team at Trustwave published a new advisory today which details issues discovered in ...
Read MoreCryptowall and phishing delivered through JavaScript Attachments
While most emails with malicious attachments seem to be zipped Windows executables or exploited ...
Read MoreNew POS Malware Emerges - Punkey
During a recent United States Secret Service investigation, Trustwave encountered a new family of ...
Read MoreMicrosoft Patch Tuesday, April 2015
April's Microsoft Patch Tuesday has arrived with 11 bulletins including four rated Critical and ...
Read MoreBring Out Your Dead: An Update on the PCI relevance of SSLv3
In October, a tidal wave of discussion surrounding SSLv3 hit the information security community ...
Read MoreOWASP/WASC Distributed Web Honeypots Project Re-Launch - Seeking Participants
The SpiderLabs Research Team is proud to announce that we are officially re-launching the ...
Read MoreDrupal Compromise Analysis Including Indicators of Compromise
I would like to thank fellow SpiderLabs Researcher Chaim Sanders and Dennis Wilson, Bryant Smith ...
Read MoreAbout SAP security notice 2113333
SAP published security notice 2113333 "Multiple SQL injection vulnerabilities in SAP ASE" on ...
Read MoreTrustKeeper Scan Engine Update – March 18, 2015
The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management ...
Read More