Malvertisement – A Nuclear EK Tale
Over the past couple of years delivering malware via advertisements, or "malvertisement," has ...
Read MoreAttacking Ruby Gem Security with CVE-2015-3900
A Ruby gem is a standard packaging format used for Ruby libraries and applications. This packaging ...
Read MoreMicrosoft Patch Tuesday, June 2015
It's that time of the month again, Patch Tuesday for June! With only eight total bulletins (2 ...
Read MoreNew Episode of Punkey PoS Malware Airs
Reruns from the 1980s are all the rage these days, and like the sitcom it's based on, we've ...
Read MoreAppDetectivePRO and DbProtect Knowledgebase Update 4.50
This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available.
Read MoreChanges in Oracle Database 12c password hashes
Oracle has made improvements to user password hashes within Oracle Database 12c. By using a ...
Read MoreAdventures in Social Engineering: The Evil Reference
I recently completed a social engineering gig targeting four bank locations. After a phone call and ...
Read MoreMalicious Macros Evades Detection by Using Unusual File Format
A couple of months ago we observed an influx of XML spam attachments that were actually Office ...
Read More[Honeypot Alert] Fritz!Box – Remote Command Execution Exploit Attempt
Our web honeypots picked up some exploit attempts for a remote command execution vulnerability in ...
Read MoreMicrosoft Patch Tuesday, May 2015
May's Patch Tuesday is upon us and with it comes three Critical and eleven Important rated ...
Read MoreAppDetectivePRO and DbProtect Knowledgebase Update 4.49
This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available.
Read MoreSpiderLabs Radio for the Week of May 4, 2015
SpiderLabs Radio will be on hiatus this week so our host can catch up on the entire Star Wars ...
Read MoreBedep trojan malware spread by the Angler exploit kit gets political
We recently observed what seems to be a group of cybercriminals helping spread pro-Russia messaging ...
Read MoreSAP Adaptive Server Enterprise Vulnerabilities discussed @RSAC
Last week I gave a talk at RSA USA 2015 on SAP Adaptive Server Enterprise security, specifically on ...
Read MoreOpen Challenge: Ruby YAML.load(YOUR_STRING_HERE) == RCE?
For some, the challenge may already be quite clear by the title of this post, but I'm going to add ...
Read MoreSpiderLabs Radio for the Week of April 20, 2015
In this week's episode it's all things RSA Conference. I'll be discussing two talks put on by ...
Read MoreCVE-2014-6284 - 'Probe' login access vulnerability in SAP ASE
The SpiderLabs team at Trustwave published a new advisory today which details issues discovered in ...
Read MoreCryptowall and phishing delivered through JavaScript Attachments
While most emails with malicious attachments seem to be zipped Windows executables or exploited ...
Read MoreNew POS Malware Emerges - Punkey
During a recent United States Secret Service investigation, Trustwave encountered a new family of ...
Read MoreMicrosoft Patch Tuesday, April 2015
April's Microsoft Patch Tuesday has arrived with 11 bulletins including four rated Critical and ...
Read More