Hacking a Reporter: UK Edition
Over the summer, a U.K. journalist asked the Trustwave SpiderLabs team to target her with an online ...
Read More
Powerpoint Vulnerability (CVE-2014-4114) used in Malicious Spam
Following last week's announcement of a zero-day vulnerability for PowerPoint (CVE-2014-4114), we ...
Read MoreSpam Campaign Taking Advantage of Ebola Scare May Lead To Malware Infections
Cybercriminals have inevitably taken advantage of the publicization of the Ebola virus in the news ...
Read MoreSpiderLabs Radio: October 16, 2014
In this episode we'll be talking about the zero days patched by Microsoft's Patch Tuesday as well ...
Read MoreJailbreak Detection Methods
This post concludes our three-part series about mobile security. Today's post will outline some ...
Read MoreMicrosoft Patch Tuesday, October 2014
Today is the October Microsoft Patch Tuesday, and it addresses eight separate bulletins. Three ...
Read MoreExploring and Exploiting iOS Web Browsers
Today we begin a three-post series about mobile security. We start with a discussion of ...
Read MoreExecuting Apps on Jailbroken Devices
This post is part two of a three-part series about mobile security. Today's post will discuss the ...
Read MoreMicrosoft Advance Notification for October 2014
On Tuesday, October 14, Microsoft will publish their newest security update. This patch Tuesday ...
Read MoreShellshock a Week Later: What We Have Seen
Trustwave, like most other information security firms, has been busy investigating the ShellShock ...
Read MoreSpiderLabs Radio: September 25, 2014
The SpiderLabs Radio podcast is on hiatus this week as we absorb all of the wonderful content from ...
Read MoreIdentify Crimeware Strains with Edit Distance
When trying to identify crimeware/malware, it's a good idea to design a multi-part system that ...
Read MoreCVE-2014-6283: Privilege Escalation Vulnerability and Potential Remote Code Execution in SAP Adaptive Server Enterprise
On May 12, 2014, SAP published updates to Adaptive Server Enterprise versions 15.0. 15.5 and 15.7 ...
Read MoreLeveraging LFI To Get Full Compromise On WordPress Sites
In this post I will discuss how a serious but mostly ignored vulnerability can lead to a full ...
Read More[Honeypot Alert] New Bot Malware (BoSSaBoTv2) Attacking Web Servers Discovered
Our web honeypots picked up some interesting attack traffic. The initial web application attack ...
Read MoreSpiderLabs Radio: September 11, 2014
In this episode I talk about the non-existent massive leak of 5 million Google email credentials ...
Read MoreIndicators of Compromise: A Discussion with Karl Sigler
Head over to the Trustwave blog for a video discussion about indicators of compromise with Karl ...
Read MoreMicrosoft Patch Tuesday, September 2014
Today is Microsoft Patch Tuesday and it's one of the lightest of the year. This release includes ...
Read MoreStupid Spammer Tricks – Reversing Characters
Spammers engaged in phishing attacks constantly try to get their emails past spam filters. They try ...
Read MoreMicrosoft Advance Notification for September 2014
On Tuesday, September 9th, Microsoft will publish their next security update release. This is the ...
Read More[Honeypot Alert] Active Probes for WordPress revslider_show_image Plugin Local File Inclusion Flaw
A local file inclusion vulnerability in the WordPress Slider Revolution Plugin has been released:
Read More