RedKit Payload - Binary Fun

Before I jump into this blog post, I'd like to point out some interesting developments with the ...

Read More

Recent Mass SQL Injection Payload Analysis

There have been a number of mass SQL Injection campaigns targeting ASP/ASP.Net/MS-SQL sites over ...

Read More

Update from Trustwave SpiderLabs EMEA, London

It was a hectic week in London. In case you hadn't heard its was InfoSec Europe week, but we were ...

Read More

Brazilian Banking Malware: Pay Your Bill Slacker!

I recently got wind of an interesting little sample that I believe originated as part of a ...

Read More

Winning! PenTest Manager pwns SC Europe Innovation Award

We Won! :-) Thanks to all the hard work of the Trustwave's Engineering teams, IT, SpiderLabs, and ...

Read More

WordPress 3.3.2 Addresses Setup XSS Vulnerabilities

Back in January we released a security advisory for WordPress, which included four vulnerabilities ...

Read More

Pwning a Spammer's Keylogger

Recently, while scrounging around our spam traps, I spotted this ordinary piece of malicious spam. ...

Read More

Once Again Cutwail Spam Campaign Ends Up In Phoenix Exploit Kit

In the past few months, a certain cybercrime group operates a large stable malware infrastructure, ...

Read More

Come and Join Us at InfoSecurity

This week we will be presenting and speaking at InfoSecurity, Europe's No.1 Information Security ...

Read More

TWSL2012-012: Cross-Site Scripting Vulnerability in Support Incident Tracker

Trustwave SpiderLabs has published a new advisory today for a reflective Cross-Site Scripting ...

Read More

SC Magazine Innovation Award Finalist - Trustwave SpiderLabs PenTest Manager

PenTest Manager, the cutting edge penetration test management and reporting platform used by ...

Read More

[Honeypot Alert] Joomla com_s5clanroster Local File Inclusion Attacks

Our web honeypots picked up some increased scanning for the following Exploit-DB vulnerability:

Read More

Australian Apple Store Customers Targeted by Phishers

Recently, we came across a phishing attack targeting Australian Apple Store customers. The phishing ...

Read More

Smart Meter Attacks: Old Vectors Die Hard

Much has been made of the recent attacks against a Puerto Rican utility's smart metering system, ...

Read More

TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow sFlow Analyzer

Trustwave SpiderLabs has published a new advisory yesterday for multiple vulnerabilities found in ...

Read More

[Honeypot Alert] Zeroboard now_connect() Remote Code Execution Attacks

Our web honeypots recently identified attacks for CVE-2009-4834 which is a vulnerability within ...

Read More

RCE root in all current Samba versions

While perusing the change log for the release of SAMBA that was pushed out today a member of the ...

Read More

Microsoft Patch Tuesday: IE, Common Control, and Digitized Chuck Yeager

For those of you that remember Microsoft Works, today's update will be special for you. Finally, ...

Read More

PenTest Manager: Now with Secure File Transfer

PenTest Manager, the cutting-edge reporting tool created by Trustwave SpiderLabs to manage, track, ...

Read More

Hack Your Own Code: Advanced training for Developers

Mike Park and Marc Bown recently locked themselves in a conference room, working day and night on ...

Read More

ModSecurity Advanced Topic of the Week: Automated Virtual Patching using OWASP Zed Attack Proxy

Automated Virtual Patching using OWASP Zed Attack Proxy The SpiderLabs Research Team has added an ...

Read More

SpiderLabs Radio Podcast: March 2012

We have just released the SpiderLabs Radio March Edition. This show is packed with interviews from ...

Read More

Upcoming SpiderLabs Speaking Events - March / April 2012

At Trustwave SpiderLabs we encourage our team members to frequently perform their own research and ...

Read More

TWSL2012-005: Cross-Site Scripting Vulnerability in osCommerce Platform

Trustwave SpiderLabs has published a new advisory today for a Cross-Site Scripting vulnerability ...

Read More

A New Neighbor in Town: The Nuclear Pack v2.0 Exploit Kit

In the past few years, cybercriminals have been increasingly using exploit kits to spread malware. ...

Read More

[Honeypot Alert] Large Scale LFI Attack From Brazillian Domains

Our web sensors picked up a big uptick in Local File Inclusion (LFI) attacks today. We received ...

Read More

Dirty RAT Eats Nate's Banana

I've got a real treat for everyone today, as I received approval to blog about an interesting piece ...

Read More

LIKE, omg!

If you read this blog, you might have seen my earlier post regarding my configurable SQL injection ...

Read More