Malvertisement – A Nuclear EK Tale

Over the past couple of years delivering malware via advertisements, or "malvertisement," has ...

Read More

Attacking Ruby Gem Security with CVE-2015-3900

A Ruby gem is a standard packaging format used for Ruby libraries and applications. This packaging ...

Read More

SpiderLabs Radio for the Week of June 15, 2015

In this week's episode:

Read More

Trustwave 2015 Global Security Report Available Now

Read More

Microsoft Patch Tuesday, June 2015

It's that time of the month again, Patch Tuesday for June! With only eight total bulletins (2 ...

Read More

SpiderLabs Radio for the Week of June 1, 2015

In this week's episode:

Read More

New Episode of Punkey PoS Malware Airs

Reruns from the 1980s are all the rage these days, and like the sitcom it's based on, we've ...

Read More

AppDetectivePRO and DbProtect Knowledgebase Update 4.50

This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available.

Read More

Changes in Oracle Database 12c password hashes

Oracle has made improvements to user password hashes within Oracle Database 12c. By using a ...

Read More

SpiderLabs Radio for the Week of May 25, 2015

In this week's episode:

Read More

Adventures in Social Engineering: The Evil Reference

I recently completed a social engineering gig targeting four bank locations. After a phone call and ...

Read More

Malicious Macros Evades Detection by Using Unusual File Format

A couple of months ago we observed an influx of XML spam attachments that were actually Office ...

Read More

[Honeypot Alert] Fritz!Box – Remote Command Execution Exploit Attempt

Our web honeypots picked up some exploit attempts for a remote command execution vulnerability in ...

Read More

SpiderLabs Radio for the Week of May 11, 2015

In this week's episode:

Read More

Microsoft Patch Tuesday, May 2015

May's Patch Tuesday is upon us and with it comes three Critical and eleven Important rated ...

Read More

AppDetectivePRO and DbProtect Knowledgebase Update 4.49

This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available.

Read More

SpiderLabs Radio for the Week of May 4, 2015

SpiderLabs Radio will be on hiatus this week so our host can catch up on the entire Star Wars ...

Read More

SpiderLabs Radio for the Week of April 27, 2015

In this week`s episode:

Read More

Bedep trojan malware spread by the Angler exploit kit gets political

We recently observed what seems to be a group of cybercriminals helping spread pro-Russia messaging ...

Read More

SAP Adaptive Server Enterprise Vulnerabilities discussed @RSAC

Last week I gave a talk at RSA USA 2015 on SAP Adaptive Server Enterprise security, specifically on ...

Read More

Open Challenge: Ruby YAML.load(YOUR_STRING_HERE) == RCE?

For some, the challenge may already be quite clear by the title of this post, but I'm going to add ...

Read More

SpiderLabs Radio for the Week of April 20, 2015

In this week's episode it's all things RSA Conference. I'll be discussing two talks put on by ...

Read More

CVE-2014-6284 - 'Probe' login access vulnerability in SAP ASE

The SpiderLabs team at Trustwave published a new advisory today which details issues discovered in ...

Read More

Cryptowall and phishing delivered through JavaScript Attachments

While most emails with malicious attachments seem to be zipped Windows executables or exploited ...

Read More

SpiderLabs Radio for the Week of April 13, 2015

In this week's episode:

Read More

New POS Malware Emerges - Punkey

During a recent United States Secret Service investigation, Trustwave encountered a new family of ...

Read More

Microsoft Patch Tuesday, April 2015

April's Microsoft Patch Tuesday has arrived with 11 bulletins including four rated Critical and ...

Read More

SpiderLabs Radio for the Week of February 2, 2015

In this week's episode:

Read More