About Two Recently Patched IBM DB2 LUW Vulnerabilities
IBM recently released patches for three security vulnerabilities affecting various versions of DB2 ...
Read MoreMicrosoft Patch Tuesday, July 2014
July's Microsoft Patch Tuesday is a light release with two "Critical" bulletins, three "Important" ...
Read MoreMicrosoft Advance Notification for July 2014
Microsoft will publish their next security patch release on Tuesday, July 8. This seems to be a ...
Read More8 Common Pitfalls of Heartbleed Identification and Remediation (CVE-2014-0160)
Unfortunately, one of the biggest vulnerabilities disclosed this year, Heartbleed, has been ...
Read MoreAnalysis of a New Banking Trojan Spammed by Cutwail
The Cutwail spambot has a long history of sending spam with attached malicious files such as Zbot, ...
Read MoreWeak passwords? Better call The Doctor.
Every network presents its own unique opportunity for a penetration tester. Often, hidden among the ...
Read MoreNAC doesn’t like your penetration testing device? IPv6 to the rescue!
Sometimes when I conduct a network penetration test it's just too easy to get to the "crown ...
Read MoreSetting HoneyTraps with ModSecurity: Adding Fake Hidden Form Fields
This blog post continues with the topic of setting "HoneyTraps" within your web applications to ...
Read MoreMicrosoft Patch Tuesday, June 2014
June's Microsoft Patch Tuesday contains seven bulletins, including two rated "Critical" and five ...
Read MoreFrom a Username to Full Account Takeover
In the past year there have been many major data breach incidents in which usernames, email ...
Read MoreSpiderLabs Radio: June 5, 2014
In this episode I talk about some odd ransom ware targeting Apple iDevices and I go over the ...
Read MoreMicrosoft Advance Notification for June 2014
Microsoft will be releasing the next security patch release on Tuesday, June 10th. This release ...
Read MoreCVE-2014-0515 Goes to Brazil for World Cup 2014
The FIFA World Cup 2014 begings June 12 and enthusiasm about the event has shown itself in ...
Read MoreCVE-2014-2120 – A Tale of Cisco ASA “Zero-Day”
A few months ago I was trying to PoC a known cross-site scripting vulnerability in the Cisco ASA ...
Read MoreThird-Party Auth Token Theft: The Big Picture
Nothing sets the technical journalists abuzz like the prospect of a catastrophic, Internet-wide ...
Read MoreWireless Cameras and Webcams: Are You Being Watched?
Trustwave SpiderLabs recently disclosed vulnerabilities in several models of Y-Cam brand wireless ...
Read MoreJava-based Malware Distributed Through Spam
For the past few months, we've observed more spam with Java-based malware attachments. The recent ...
Read MoreMass Malicious PDF Email Campaigns from Cutwail
Over the last two weeks we have noticed a high number of emails with PDF attachments in our spam ...
Read MoreTrustkeeper Scan Engine Update - May 21, 2014
We're back to bring you a large Scan Engine update. We've packed this release with tons of new ...
Read MoreBaby's first NX+ASLR bypass
Recently, I've been trying to improve my skills with regards to exploiting memory corruption flaws. ...
Read More