SpiderLabs Radio for the Week of April 20, 2015
In this week's episode it's all things RSA Conference. I'll be discussing two talks put on by ...
Read MoreCVE-2014-6284 - 'Probe' login access vulnerability in SAP ASE
The SpiderLabs team at Trustwave published a new advisory today which details issues discovered in ...
Read MoreCryptowall and phishing delivered through JavaScript Attachments
While most emails with malicious attachments seem to be zipped Windows executables or exploited ...
Read MoreNew POS Malware Emerges - Punkey
During a recent United States Secret Service investigation, Trustwave encountered a new family of ...
Read MoreMicrosoft Patch Tuesday, April 2015
April's Microsoft Patch Tuesday has arrived with 11 bulletins including four rated Critical and ...
Read MoreBring Out Your Dead: An Update on the PCI relevance of SSLv3
In October, a tidal wave of discussion surrounding SSLv3 hit the information security community ...
Read MoreOWASP/WASC Distributed Web Honeypots Project Re-Launch - Seeking Participants
The SpiderLabs Research Team is proud to announce that we are officially re-launching the ...
Read MoreDrupal Compromise Analysis Including Indicators of Compromise
I would like to thank fellow SpiderLabs Researcher Chaim Sanders and Dennis Wilson, Bryant Smith ...
Read MoreAbout SAP security notice 2113333
SAP published security notice 2113333 "Multiple SQL injection vulnerabilities in SAP ASE" on ...
Read MoreTrustKeeper Scan Engine Update – March 18, 2015
The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management ...
Read MoreDumping LSA Secrets on NT5 x64
The Bug On the x64 version of Windows 2003 or XP (kernel 5.2), almost every tool fails to dump the ...
Read MoreMicrosoft Patch Tuesday, March 2015
March comes in like a lion this Microsoft Patch Tuesday with 14 bulletins including four rated ...
Read MoreAttackers concealing malicious macros in XML files
XML files are harmless text files right? Wrong! The group behind the malicious Microsoft Office ...
Read More[Honeypot Alert] FHS Null Byte Attack (CVE-2014-6287) Attempts to Install DDoS Malware (Iptablex)
Our web honeypots picked up some exploit attempts for CVE-2014-6287 which is a command execution ...
Read MoreRIG Exploit Kit – Diving Deeper into the Infrastructure
Following our previous blog post about the leaking of the RIG exploit kit's source code, we dug ...
Read MoreSpiderLabs Radio for the Week of February 16, 2015
Unfortunately there will be no SpiderLabs Radio podcast this week. I've discovered it's very hard ...
Read MoreAppDetectivePRO and DbProtect Knowledgebase Update 4.46
This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available.
Read MoreTWSL2015-001 and TWSL2015-002: New Advisories Affect IceWarp Mail Server and Magnolia CMS
The SpiderLabs team at Trustwave published two new advisories today which detail issues discovered ...
Read MoreRIG Exploit Kit Source Code Leak - The End or Just the Beginning of RIG?
Recently, source code for the RIG exploit kit was leaked. An independent security researcher posted ...
Read More