SpiderLabs Radio December 7, 2012 w/ Space Rogue

We are back with a third (new) episode of SpiderLabs Radio hosted by Space Rogue. This weeks news ...

Read More

[Honeypot Alert] SQL Injection Scanning Detected in WordPress Error Logs

Normally for these Web Honeypot alert blog posts, I show snippets of the Apache access_log file ...

Read More

Microsoft Advance Notification for December 2012

Next week is Patch Tuesday, so this week we get the advance notification for the last updates ...

Read More

Blackberry OS 10 BlackLists Batman and PoohBear

A Blackberry oriented website in the UK was the first to notice an interesting new feature in the ...

Read More

CCCDC Blue Teams vs Corporate Blue Team Comparision

This weekend was the Community College Cyber Defense competition at Iowa State University. I had ...

Read More

Proxmark 3, now with more Android

It's no secret; I'm a fan of the Proxmark 3 RFID testing board. It's a device straight out of the ...

Read More

[Honeypot Alert] SQL Injection Scanning Targeting Joomla Plugins

The following SQL Injection attack payloads targeting Joomla components were identified in our web ...

Read More

The Return of SpiderLabs Radio: Now with Space Rogue

The SpiderLabs podcast known as SpiderLabs Radio has gone through many different formats over the ...

Read More

An Analysis of a Fake Vodafone Bill PDF File

We haven't come across many malicious PDF files recently in our spam traps, so when we found this ...

Read More

[Honeypot Alert] User-Agent Field XSS Attacks

Our web honeypots picked up some more XSS attacks today:

Read More

Detecting Successful XSS Testing with JS Overrides

Do you know when an attacker or security researcher successfully finds a Cross-site Scripting (XSS) ...

Read More

Microsoft Patch Tuesday, November 2012 – Lions and Tigers and RCE, Oh My!

I feel some compassion for those system administrators alongthe East Coast of the US this week. Big ...

Read More

CVE-2012-4969 and the Unnamed Admin Panel

While CVE-2012-4969 isn't new, we are still curious about the various ways this vulnerability can ...

Read More

Microsoft Advanced Notification for November 2012 - RCE, Yikes!

Microsoft has released its advance notification for next weeks Patch Tuesday updates.

Read More

CWE the Vote

It's a nice, sunny day in Cleveland, my friends. Tonight, after the votes are counted, including my ...

Read More

Introducing Responder-1.0

Responder is a multi threaded tool that answers to IPv4 LLMNR (Link-local Multicast Name ...

Read More

TWSL2012-016: Multiple Vulnerabilities in Bitweaver

The Trustwave SpiderLabs team has published a new advisory for multiple vulnerabilities in ...

Read More

Worm Propagates Through Skype Messages

For the past week, we've received a lot of reports of a worm that propagates through Skype known as ...

Read More

mDNS - Telling the world about you (and your device)

Luiz Eduardo ( @effffn) and Rodrigo Montoro ( @spookerlabs ) have presented "Mobile Snitch -Devices ...

Read More

Microsoft Patch Tuesday, October 2012 – Legend of Zelda Edition

Hope you enjoyed last months light patch Tuesday with only two bulletins as this month we are right ...

Read More

Microsoft Advanced Notification for October 2012 – Lync, SQL, Headache

Microsoft has released its Advanced Notification for October 2012. After last months release of ...

Read More

The Grey Line Between Feature and Vulnerability, iOS edition

I do a lot of Mobile Application Penetration testing for some of our largest clients. Mobile is the ...

Read More

Trustwave Re-Certified as an Approved Scanning Vendor by PCI SSC

Each year Trustwave undergoes a rigorous testing process maintained by the PCI Security Standards ...

Read More

James Bond's Dry Erase Marker: The Hotel PenTest Pen

You may have seen the talk and demonstration by Cody Brocious that allows him to open an Onity ...

Read More

Announcing the availability of ModSecurity extension for Nginx

ModSecurity for Nginx ModSecurity for Nginx is a web server plug-in for the Nginx web server ...

Read More

How Should WAFs Handle Authorized Vulnerability Scanning Traffic?

I have been asked this question more and more over the years as organizations are dealing with both ...

Read More

Trustwave SpiderLabs in Africa

Africa. The land of origin; the original unknown.

Read More

Update from Trustwave SpiderLabs EMEA

Europe, Middle East and Africa consists of around 120 countries depending on the definition of each ...

Read More