10,000 Litecoins Worth $230,000 USD Were Stolen!

Newspapers, commentators and bloggers have lately been asking whether digital currencies, such as ...

Read More

Beware! Bats hide in your jQuery!

Injection of malicious code into JavaScript files is not new; however, we recently observed a steep ...

Read More

What Dirty Little Secrets You Find on eBay

So I do networking (computers and wifi things) at a number of security conferences (Thotcon & ...

Read More

SpiderLabs Radio: January 16, 2014

In this episode:

Read More

Trustwave Analysis of the January 2014 Oracle CPU

It's the second Tuesday in January, so it is Oracle Critical Patch Update (CPU) time. The January ...

Read More

Setting HoneyTraps with ModSecurity: Adding Fake HTML Comments

This blog post continues with the topic of setting "HoneyTraps" within your web applications to ...

Read More

Microsoft Patch Tuesday, January 2014

Hopefully January's Patch Tuesday is a sign of things to come for 2014. With only four bulletins, ...

Read More

SpiderLabs Radio: January 10, 2014

In this week's podcast we talk about malware offered up in onlines ads, the return of email hacker ...

Read More

SAP Sybase ASE 15.7 security updates

SAP Sybase Adaptive Server Enterprise is a relational database management product used to store ...

Read More

Microsoft Advance Notification for January 2014

Microsoft is scheduled to release the next security update for consumers on January 14th with ...

Read More

SpiderLabs Radio: January 3, 2014

Welcome to the SpiderLabs Radio Reboot! As we bid our old host, Space Rogue, a fond farewell, we ...

Read More

DaumGame ActiveX 0day

One might think that vulnerabilities in ActiveX controls are a thing of the past, but we continue ...

Read More

The Case of an Obscure Injection

During a recent application penetration test, I came across what proved to be an interesting SQL ...

Read More

Wendel's Small Hacking Tricks - A not so common and neat Oracle [for Windows] hack.

Since 2003 a large part of my workday has been devoted solely to hacking systems. Over this time ...

Read More

How Snotnose the Elf was Able to Compromise The North Pole Domain and Retrieve the Nice and Naughty Lists

Last Winter, Snotnose won the North vs South Pole CTF contest, and Santa awarded him the ultimate ...

Read More

Exploiting Password Recovery Functionalities

Password recovery functionalities can result in vulnerabilities in the same application they are ...

Read More

Quick Joomla Refresher

I haven't come into contact with Joomla for a while, but I had the opportunity recently in a ...

Read More

Announcing ModSecurity v2.7.6 Release (CI Platform Usage)

The ModSecurity Project team is pleased to announce public release version 2.7.6. Full Release ...

Read More

The Curious Case of the Malicious IIS Module: Prologue (Method of Entry Analysis)

Earlier this week, SpiderLabs Research team released a blog post outlining analysis of a malicious ...

Read More

The Kernel is calling a zero(day) pointer – CVE-2013-5065 – Ring Ring

SpiderLabs investigates a number of suspicious binary files on a daily basis. A week ago we came ...

Read More

Microsoft Patch Tuesday, December 2013

'Tis the season for an increase in cyber-criminal activities. In the past couple months, ...

Read More

The Curious Case of the Malicious IIS Module

Recently, we've seen a few instances of a malicious DLL that is installed as an IIS module making ...

Read More

Microsoft Advance Notification for December 2013

On December 10th, Microsoft will begin deploying their security updates to consumers with affected ...

Read More

Physical Address Strangeness in Spam

Ten years ago, Congress passed the "CAN-SPAM Act" (also known as theYou-CAN-SPAM Act, since it ...

Read More

Hacking a Reporter: Sleepless Nights Outside a Brooklyn Brownstone (Part 3 of 3)

This post is the conclusion of a three-part series (read the first here and the second here) that ...

Read More

Look What I Found: Moar Pony!

In our last episode of "Look What I Found" we talked about a fairly large instance of the Pony ...

Read More

[Honeypot Alert] More PHP-CGI Scanning (apache-magika.c)

In the past 24 hours, one of the WASC Distributed Web Honeypot participant's sensors picked up ...

Read More

SpiderLabs Responder Updates

Responder is a penetration-testing tool in active development. To continue making it the best tool ...

Read More