SpiderLabs Radio: September 25, 2014
The SpiderLabs Radio podcast is on hiatus this week as we absorb all of the wonderful content from ...
Read MoreIdentify Crimeware Strains with Edit Distance
When trying to identify crimeware/malware, it's a good idea to design a multi-part system that ...
Read MoreCVE-2014-6283: Privilege Escalation Vulnerability and Potential Remote Code Execution in SAP Adaptive Server Enterprise
On May 12, 2014, SAP published updates to Adaptive Server Enterprise versions 15.0. 15.5 and 15.7 ...
Read MoreLeveraging LFI To Get Full Compromise On WordPress Sites
In this post I will discuss how a serious but mostly ignored vulnerability can lead to a full ...
Read More[Honeypot Alert] New Bot Malware (BoSSaBoTv2) Attacking Web Servers Discovered
Our web honeypots picked up some interesting attack traffic. The initial web application attack ...
Read MoreSpiderLabs Radio: September 11, 2014
In this episode I talk about the non-existent massive leak of 5 million Google email credentials ...
Read MoreIndicators of Compromise: A Discussion with Karl Sigler
Head over to the Trustwave blog for a video discussion about indicators of compromise with Karl ...
Read MoreMicrosoft Patch Tuesday, September 2014
Today is Microsoft Patch Tuesday and it's one of the lightest of the year. This release includes ...
Read MoreStupid Spammer Tricks – Reversing Characters
Spammers engaged in phishing attacks constantly try to get their emails past spam filters. They try ...
Read MoreMicrosoft Advance Notification for September 2014
On Tuesday, September 9th, Microsoft will publish their next security update release. This is the ...
Read More[Honeypot Alert] Active Probes for WordPress revslider_show_image Plugin Local File Inclusion Flaw
A local file inclusion vulnerability in the WordPress Slider Revolution Plugin has been released:
Read MoreBitcoin Transaction Malleability Theory in Practice – Blackhat USA 2014
***UPDATE: 10/17/2014
Read MoreMonkey Patching the Matrix
For those of you not familiar with monkey patching, it's a mechanism to "extend or modify the ...
Read MoreMicrosoft Patch Tuesday, August 2014
August's Microsoft Patch Tuesday is upon us and Microsoft is issuing nine security bulletins, two ...
Read MoreMagnitude Exploit Kit Backend Infrastructure Insight - Part I
In our recently released Trustwave Global Security Report Online and previous Magnitude blog post, ...
Read MoreIt’s ALIVE: Trustwave Global Security Report Online Now Available
This morning we unveiled our reinvented Trustwave Global Security Report. It's a living report, ...
Read MoreA Peek Into the Lion's Den – The Magnitude [aka PopAds] Exploit Kit
Recently we managed to get an unusual peek into the content that is used on the servers of the ...
Read MoreBlackhat Arsenal 2014: Live ModSecurity Demonstrations
If you are heading out to Blackhat USA 2014 in Las Vegas this week, please stop by the Arsenal ...
Read MoreSpiderLabs Radio: July 31, 2014
Hello loyal listeners. I just wanted to let you know that this is not the podcast you were looking ...
Read MoreBackoff - Technical Analysis
As discussed in the an advisory published by US-CERT, Trustwave SpiderLabs has discovered a ...
Read More[Honeypot Alert] Wordpress XML-RPC Brute Force Scanning
There are news reports of new Wordpress XML-PRC brute force attacks being seen in the wild. The ...
Read More