Another Brick in the FrameworkPoS
Introduction FrameworkPoS is a well-documented family of malware that targets Point of Sale (PoS) ...
Read MoreNew Memory Scraping Technique in Cherry Picker PoS Malware
Introduction Working primarily with point of sale malware, we regularly see the telltale signs of ...
Read MoreShining the Spotlight on Cherry Picker PoS Malware
Introduction For the last five years Trustwave has been monitoring a threat across a number of ...
Read MoreBOM Obfuscation in Spam
Spammers try all sorts of tricks to obfuscate, including trying to obfuscate URLs so they cannot be ...
Read MoreMicrosoft Patch Tuesday, November 2015
November's Patch Tuesday marks a return to business as usual. Where October was a rather light ...
Read MoreOracle Database 11.2 SQLi in XML index statistics processing (CVE-2015-4900)
In the October 2015 'Critical Patch Update' Oracle fixed a flaw in XML index support code: namely ...
Read MoreAbout Lenovo System Update Vulnerabilities and CVE-2015-6971
Over the past seven months, a number of vulnerabilities in Lenovo System Update software have come ...
Read MoreSpiderLabs Radio for the Week of October 19, 2015
Two separate SpiderLabs vulnerabilities released:
Read MoreJoomla SQL Injection Vulnerability Exploit Results in Full Administrative Access
Trustwave SpiderLabs researcher Asaf Orpani has discovered an SQL injection vulnerability in ...
Read MoreHow To Decrypt Ruby SSL Communications with Wireshark
Debugging a program that communicates with a remote endpoint usually involves analyzing the network ...
Read MoreZero-day in Magmi database client for popular e-commerce platform Magento targeted in the wild
We've observed HTTP requests associated with an exploit attempt on the Magento e-commerce platform. ...
Read MoreAppDetectivePRO and DbProtect Knowledgebase Update 4.54
This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available.
Read MoreMicrosoft Patch Tuesday for October 2015
October's Patch Tuesday is upon us and with only six bulletins, it's one of lightest releases we've ...
Read MoreJumping through the hoops: multi-stage malicious PDF spam
We've recently encountered a number of malicious spam messages with PDFs attached. The PDFs ...
Read MoreQuaverse RAT: Remote-Access-as-a-Service
***UPDATE as of September 28, 2015 - see the bottom of this post for removal instructions***
Read MoreHOW TO: Setting up Encrypted Communications Channels in Oracle Database
In this article, I will explain how to set up an encrypted communications channel in Oracle ...
Read MoreHOW TO: Setting up Encrypted Communications Channels in Oracle Database (1)
In this article, I will explain how to set up an encrypted communications channel in Oracle ...
Read MoreMicrosoft Patch Tuesday, September 2015
Today marks Patch Tuesday for September and this month brings with it 12 bulletins. Four are rated ...
Read MoreLessons in Spam JavaScript Obfuscation Layers
Spammers seem to be adding layers of obfuscation to their malware attachments in an attempt to ...
Read MoreDebugging SAP ASE .NET Provider Issues
I've recently been chasing a bug that made it impossible to call one built-in stored procedure ...
Read MoreAbout Two SAP Adaptive Server Enterprise (ASE) Extended Procedure Subsystem Vulnerabilities
Recently SAP patched two important security issues in Adaptive Server Enterprise (ASE). One is ...
Read MoreTwo Vulnerabilities Reported by SpiderLabs Fixed in Oracle Critical Patch Update July 2015
In July, Oracle released a Critical Patch Update for multiple products including Oracle Database ...
Read More