Tsar Team Microsoft Office Zero Day CVE-2015-2424
After the publication of Flash and IE zero days following the Hacking Team leak, researchers have ...
Read MoreFinding XSS Vulnerabilities More Quickly with Dynamic Contextual Analysis
Cross-Site Scripting (XSS) has been around since the 1990s and countless scanners have been created ...
Read MoreMicrosoft Patch Tuesday July 2015
July's Patch Tuesday is here and brings with it a rather large 14 bulletins with 4 Critical and 10 ...
Read MoreSpiderLabs Radio for the Week of Jul 6, 2015
In this week's episode we talk about the Hacking Team getting hacked.
Read MoreA Flash Exploit (CVE-2015-5119) From the Hacking Team Leak
***Update July 12, 2015--It was recently discovered that Hacking Team possessed an additional ...
Read MoreAppDetectivePRO and DbProtect Knowledgebase Update 4.51
This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available.
Read MoreMalvertisement – A Nuclear EK Tale
Over the past couple of years delivering malware via advertisements, or "malvertisement," has ...
Read MoreAttacking Ruby Gem Security with CVE-2015-3900
A Ruby gem is a standard packaging format used for Ruby libraries and applications. This packaging ...
Read MoreMicrosoft Patch Tuesday, June 2015
It's that time of the month again, Patch Tuesday for June! With only eight total bulletins (2 ...
Read MoreNew Episode of Punkey PoS Malware Airs
Reruns from the 1980s are all the rage these days, and like the sitcom it's based on, we've ...
Read MoreAppDetectivePRO and DbProtect Knowledgebase Update 4.50
This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available.
Read MoreChanges in Oracle Database 12c password hashes
Oracle has made improvements to user password hashes within Oracle Database 12c. By using a ...
Read MoreAdventures in Social Engineering: The Evil Reference
I recently completed a social engineering gig targeting four bank locations. After a phone call and ...
Read MoreMalicious Macros Evades Detection by Using Unusual File Format
A couple of months ago we observed an influx of XML spam attachments that were actually Office ...
Read More[Honeypot Alert] Fritz!Box – Remote Command Execution Exploit Attempt
Our web honeypots picked up some exploit attempts for a remote command execution vulnerability in ...
Read MoreMicrosoft Patch Tuesday, May 2015
May's Patch Tuesday is upon us and with it comes three Critical and eleven Important rated ...
Read MoreAppDetectivePRO and DbProtect Knowledgebase Update 4.49
This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available.
Read MoreSpiderLabs Radio for the Week of May 4, 2015
SpiderLabs Radio will be on hiatus this week so our host can catch up on the entire Star Wars ...
Read MoreBedep trojan malware spread by the Angler exploit kit gets political
We recently observed what seems to be a group of cybercriminals helping spread pro-Russia messaging ...
Read MoreSAP Adaptive Server Enterprise Vulnerabilities discussed @RSAC
Last week I gave a talk at RSA USA 2015 on SAP Adaptive Server Enterprise security, specifically on ...
Read MoreOpen Challenge: Ruby YAML.load(YOUR_STRING_HERE) == RCE?
For some, the challenge may already be quite clear by the title of this post, but I'm going to add ...
Read More