SpiderLabs Radio: May 15, 2014
In this episode:
Read MoreMicrosoft Patch Tuesday, May 2014
May's Microsoft Patch Tuesday contains eight bulletins, the most of any release so far this year. ...
Read MoreMicrosoft Advance Notification for May 2014
Tuesday, May 13 marks the next Microsoft security patch release. This release will contain eight ...
Read MoreExploit Kit Roundup: Best of Obfuscation Techniques
The world of exploit kits is an ever-changing one, if you happen to look away even just for one ...
Read More[Honeypot Alert] Open Flash Charts File Upload Attacks
Our web honeypots picked up some increased scanning/exploit activity for the following file upload ...
Read MoreDetecting A Surveillance State - Part 4 Cellular Attacks
This is the fourth and final post in my series of posts about state actor surveillance ...
Read MoreMicrosoft Internet Explorer 0-Day (CVE-2014-1776)
A zero-day vulnerability in Microsoft Internet Explorer, CVE-2014-1776, was recently discovered ...
Read MoreLnk files in Email Malware Distribution
Recently I have noticed more use of .lnk files used in malware distribution via email. These files ...
Read MoreModSecurity Advanced Topic of the Week: JSON Support
Submitted by Felipe Costa and Ryan Barnett (SpiderLabs Research - ModSecurity Team)
Read MorePrivilege Escalation Vulnerability in Cisco ASA's SSL VPN
Trustwave SpiderLabs security researcher Jonathan Claudius has discovered a privilege escalation ...
Read MoreNetSupport Information Leakage Using Nmap Script
NetSupport allows corporations to remotely manage and connect to PC's and servers from a central ...
Read MoreTrustwave Analysis of the April 2014 Oracle CPU for Databases
The 17th of April fell this week, which means it is Oracle Critical Patch Update (CPU) time. The ...
Read MoreSpiderLabs Radio: April 10, 2014
In this episode I bid a fond farewell to Windows XP; Microsoft patches that RTF 0-day ...
Read MoreFarewell to XP
As Karl noted in his Patch Tuesday post, yesterday was the last day of support for Windows XP.
Read MoreDetecting A Surveillance State - Part 3 Infected Firmware
In this third installment of Detecting A Surveillance State blog series I will move away from ...
Read MoreCapturing Ghosts: Using inotify to defeat an Android DRM system
Apart from our typical application penetration testing engagements, clients sometimes come to us ...
Read MoreMicrosoft Patch Tuesday, April 2014
April's Microsoft Patch Tuesday is on par with the prior releases this year. There are only four ...
Read MoreSpiderLabs Radio: April 3, 2014
In this episode I talk about GMail making HTTPS mandatory, a move some people don't like; Microsoft ...
Read MoreMicrosoft Word RTF 0-Day (CVE-2014-1761)
A zero-day vulnerability in Microsoft Word involving the handling of the RTF file format was ...
Read MoreMicrosoft Advance Notification for April 2014
The Microsoft April security release is almost upon us with security updates scheduled to deploy on ...
Read MoreOld School Code Injection in an ATM .dll
During our last ATM review engagement, we found some interesting executable files that were run by ...
Read MoreAn Intro to NetSupport Manager Scripts
On a recent gig I was hit with hundreds of hosts running a service on port TCP 5405, the NetSupport ...
Read MoreStupid Spammer Tricks – Multi-Character Set Text
Looking to refinance your house? Install solar panels? Hey, this email about refinancing (or solar ...
Read More