Jumping through the hoops: multi-stage malicious PDF spam

We've recently encountered a number of malicious spam messages with PDFs attached. The PDFs ...

Read More

Quaverse RAT: Remote-Access-as-a-Service

***UPDATE as of September 28, 2015 - see the bottom of this post for removal instructions***

Read More

HOW TO: Setting up Encrypted Communications Channels in Oracle Database

In this article, I will explain how to set up an encrypted communications channel in Oracle ...

Read More

SpiderLabs Radio for the Week of September 14, 2015

In this week's episode:

Read More

HOW TO: Setting up Encrypted Communications Channels in Oracle Database (1)

In this article, I will explain how to set up an encrypted communications channel in Oracle ...

Read More

Microsoft Patch Tuesday, September 2015

Today marks Patch Tuesday for September and this month brings with it 12 bulletins. Four are rated ...

Read More

Lessons in Spam JavaScript Obfuscation Layers

Spammers seem to be adding layers of obfuscation to their malware attachments in an attempt to ...

Read More

SpiderLabs Radio for the Week of August 31, 2015

In this week's episode:

Read More

Debugging SAP ASE .NET Provider Issues

I've recently been chasing a bug that made it impossible to call one built-in stored procedure ...

Read More

About Two SAP Adaptive Server Enterprise (ASE) Extended Procedure Subsystem Vulnerabilities

Recently SAP patched two important security issues in Adaptive Server Enterprise (ASE). One is ...

Read More

SpiderLabs Radio for the Week of August 24, 2015

In this week's episode:

Read More

SpiderLabs Radio for the Week of August 17, 2015

In this week's episode:

Read More

Two Vulnerabilities Reported by SpiderLabs Fixed in Oracle Critical Patch Update July 2015

In July, Oracle released a Critical Patch Update for multiple products including Oracle Database ...

Read More

Microsoft Patch Tuesday for August 2015

Today marks Patch Tuesday for August. Almost identical to last month's list, August clocks in with ...

Read More

SpiderLabs Radio for the Week of July 27, 2015

In this week's episode:

Read More

RIG Reloaded - Examining the Architecture of RIG Exploit Kit 3.0

A few months ago the RIG exploit kit took quite a hit when its source code was leaked by a ...

Read More

Username Enumeration against OpenSSH-SELinux with CVE-2015-3238

I recently disclosed a low-risk vulnerability in Linux-PAM versions prior to 1.2.1 which allows ...

Read More

Tsar Team Microsoft Office Zero Day CVE-2015-2424

After the publication of Flash and IE zero days following the Hacking Team leak, researchers have ...

Read More

Finding XSS Vulnerabilities More Quickly with Dynamic Contextual Analysis

Cross-Site Scripting (XSS) has been around since the 1990s and countless scanners have been created ...

Read More

SpiderLabs Radio for the Week of July 13, 2015

In this week's episode:

Read More

Microsoft Patch Tuesday July 2015

July's Patch Tuesday is here and brings with it a rather large 14 bulletins with 4 Critical and 10 ...

Read More

SpiderLabs Radio for the Week of Jul 6, 2015

In this week's episode we talk about the Hacking Team getting hacked.

Read More

A Flash Exploit (CVE-2015-5119) From the Hacking Team Leak

***Update July 12, 2015--It was recently discovered that Hacking Team possessed an additional ...

Read More

AppDetectivePRO and DbProtect Knowledgebase Update 4.51

This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available.

Read More

Malvertisement – A Nuclear EK Tale

Over the past couple of years delivering malware via advertisements, or "malvertisement," has ...

Read More

Attacking Ruby Gem Security with CVE-2015-3900

A Ruby gem is a standard packaging format used for Ruby libraries and applications. This packaging ...

Read More

SpiderLabs Radio for the Week of June 15, 2015

In this week's episode:

Read More

Trustwave 2015 Global Security Report Available Now

Read More