[Honeypot Alert] Inside the Attacker's Toolbox: Webshell Usage Logging
In a previous blog post, we discussed the common lifecycle of web server botnet recruitment. While ...
Read More
Discovering BMW Car Systems: Getting Started
Since I love both (in)security and cars, it is not uncommon for me to mix those things on a regular ...
Read MoreSpiderLabs Radio June 14, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave's ...
Read MoreSometimes, The PenTest Gods Shine On You
Settling down for a hacking session usually means lots of hard work and a long grind towards target ...
Read MoreMicrosoft Patch Tuesday, June 2013
Finally, patch Tuesday has arrived and fortunately this one will be a real treat. This release ...
Read MoreTWSL2013-007: Multiple Vulnerabilities in VLC Media Player - Web Interface
Yesterday, Trustwave SpiderLabs has published an advisory for multiple vulnerabilities in the VLC ...
Read MoreTWSL2013-006: Cross-Site Scripting Vulnerability in Coldbox
Trustwave SpiderLabs has published a new advisory yesterday fora reflective cross-site scripting ...
Read More[Honeypot Alert] Active Exploits Attempts for Plesk Vulnerability
Last week, hacker "kingcope" provided PoC expliot code for a Plesk 0-day on the Full Disclosure ...
Read MoreBehind the Phish: Romance Perhaps?
When I look at the masses of spam we receive on a daily basis, I often wonder who is behind it all. ...
Read MoreSpiderLabs Radio June 7, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave's ...
Read MoreMicrosoft Advance Notification for June 2013
So far this year we has had two Patch Tuesday months with seven bulletins (January and March) and ...
Read MoreModSecurity Updates: Nginx Stable Release and Google Summer of Code Participation
Availability of ModSecurity 2.7.4: Nginx Stable Release The ModSecurity Development Team is pleased ...
Read MoreThe Speed is from the Devil – Some Thoughts about Google’s New Disclosure Policy
If you follow info-security news, you might have heard about Google considering a change in its ...
Read MoreAlina: Following The Shadow Part 2
This will likely be the final blog post in this series on the Alina Point of Sale (POS) malware ...
Read MoreSpiderLabs Radio May 31, 2013 w/ Space Rogue
This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave's ...
Read MoreUnder The Hood: Linksys Remote Command Injection Vulnerabilities
Several models in the Linksys E-Series WiFi routers running their respective current firmwares are ...
Read MoreModSecurity Performance Recommendations
Sometimes we see ModSecurity users asking about performance in the mail-list. During this post I ...
Read MoreSpiderLabs Radio May 24, 2013 w/ Space Rogue
This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave's ...
Read MoreMachine Learning Update 1
It has been almost exactly a month since my last post regarding the new project I am working on, so ...
Read MoreSpiderLabs Radio May 17, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave's ...
Read MoreAnalysis of Malicious Document Files Spammed by Cutwail
In our Global Security Report, we highlighted a zero day vulnerability in the Windows Common ...
Read MoreTWSL2013-002: Multiple XSS Vulnerabilities in The Bug Genie
Trustwave SpiderLabs has published a new security advisory for multiple Cross-Site Scripting (XSS) ...
Read MoreMicrosoft Patch Tuesday, May 2013
I keep hoping for an easy relaxing Patch Tuesday of say, only two or three bulletins but so far ...
Read MoreSpiderLabs Radio May 10, 2013 w/ Space Rogue
This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave's ...
Read MoreIntroducing the Burp Notes Extension
As a Security Analyst I spend a significant amount of time working in tools like Burp Suite. On any ...
Read More5 ways to protect your E-Commerce site
The Trustwave Spiderlabs team frequently responds to E-commerce data breaches. The number of ...
Read More