SpiderLabs Radio: January 30, 2014

In this episode we look at a rash of gas pump credit card skimmers, the Syrian Electronic Army ...

Read More

Introducing ModSecurity Status Reporting

The Trustwave SpiderLabs Research team is committed to making ModSecurity the best open source WAF ...

Read More

ModSecurity Advanced Topic of the Week: HMAC Token Protection

This blog post presents a powerful feature of ModSecurity v2.7 that has been highly under-utilized ...

Read More

SpiderLabs Radio: January 23, 2014

In this episode I sit down with Grayson Lenik, a forensic expert for Trustwave SpiderLabs. We talk ...

Read More

10,000 Litecoins Worth $230,000 USD Were Stolen!

Newspapers, commentators and bloggers have lately been asking whether digital currencies, such as ...

Read More

Beware! Bats hide in your jQuery!

Injection of malicious code into JavaScript files is not new; however, we recently observed a steep ...

Read More

What Dirty Little Secrets You Find on eBay

So I do networking (computers and wifi things) at a number of security conferences (Thotcon & ...

Read More

SpiderLabs Radio: January 16, 2014

In this episode:

Read More

Trustwave Analysis of the January 2014 Oracle CPU

It's the second Tuesday in January, so it is Oracle Critical Patch Update (CPU) time. The January ...

Read More

Setting HoneyTraps with ModSecurity: Adding Fake HTML Comments

This blog post continues with the topic of setting "HoneyTraps" within your web applications to ...

Read More

Microsoft Patch Tuesday, January 2014

Hopefully January's Patch Tuesday is a sign of things to come for 2014. With only four bulletins, ...

Read More

SpiderLabs Radio: January 10, 2014

In this week's podcast we talk about malware offered up in onlines ads, the return of email hacker ...

Read More

SAP Sybase ASE 15.7 security updates

SAP Sybase Adaptive Server Enterprise is a relational database management product used to store ...

Read More

Microsoft Advance Notification for January 2014

Microsoft is scheduled to release the next security update for consumers on January 14th with ...

Read More

SpiderLabs Radio: January 3, 2014

Welcome to the SpiderLabs Radio Reboot! As we bid our old host, Space Rogue, a fond farewell, we ...

Read More

DaumGame ActiveX 0day

One might think that vulnerabilities in ActiveX controls are a thing of the past, but we continue ...

Read More

The Case of an Obscure Injection

During a recent application penetration test, I came across what proved to be an interesting SQL ...

Read More

Wendel's Small Hacking Tricks - A not so common and neat Oracle [for Windows] hack.

Since 2003 a large part of my workday has been devoted solely to hacking systems. Over this time ...

Read More

How Snotnose the Elf was Able to Compromise The North Pole Domain and Retrieve the Nice and Naughty Lists

Last Winter, Snotnose won the North vs South Pole CTF contest, and Santa awarded him the ultimate ...

Read More

Exploiting Password Recovery Functionalities

Password recovery functionalities can result in vulnerabilities in the same application they are ...

Read More

Quick Joomla Refresher

I haven't come into contact with Joomla for a while, but I had the opportunity recently in a ...

Read More

Announcing ModSecurity v2.7.6 Release (CI Platform Usage)

The ModSecurity Project team is pleased to announce public release version 2.7.6. Full Release ...

Read More

The Curious Case of the Malicious IIS Module: Prologue (Method of Entry Analysis)

Earlier this week, SpiderLabs Research team released a blog post outlining analysis of a malicious ...

Read More

The Kernel is calling a zero(day) pointer – CVE-2013-5065 – Ring Ring

SpiderLabs investigates a number of suspicious binary files on a daily basis. A week ago we came ...

Read More

Microsoft Patch Tuesday, December 2013

'Tis the season for an increase in cyber-criminal activities. In the past couple months, ...

Read More

The Curious Case of the Malicious IIS Module

Recently, we've seen a few instances of a malicious DLL that is installed as an IIS module making ...

Read More

Microsoft Advance Notification for December 2013

On December 10th, Microsoft will begin deploying their security updates to consumers with affected ...

Read More

Physical Address Strangeness in Spam

Ten years ago, Congress passed the "CAN-SPAM Act" (also known as theYou-CAN-SPAM Act, since it ...

Read More