Microsoft Patch Tuesday: Help Is On The Way!
This may sound a bit odd but "nosteve" who usually gives his take on the patch Tuesday release is ...
Read MoreTHOTCON 0x3 - Hacker Brew Contest
This year's instantiation of the THOTCON hacking conference issued a unique challenge:
Read MoreTWSL2012-004: Multiple Vulnerabilities in Zen Cart
The SpiderLabs team at Trustwave published a new advisory yesterday, which details multiple ...
Read MorePHP-CGI Exploitation by Example
Late last week, a vulnerability in PHP-CGI was disclosed, which allows all sorts of bad for folks ...
Read More[Honeypot Alert] (UPDATE) Active Exploit Attempts for PHP-CGI Vuln
UPDATE - we have received more exploit attempt details from web hosting provider DreamHost. Thanks ...
Read MoreA Wild Exploit Kit Appears... Meet RedKit
During our research we have recently encountered a new private exploit kit. The developers behind ...
Read MoreRedKit Payload - Binary Fun
Before I jump into this blog post, I'd like to point out some interesting developments with the ...
Read MoreRecent Mass SQL Injection Payload Analysis
There have been a number of mass SQL Injection campaigns targeting ASP/ASP.Net/MS-SQL sites over ...
Read MoreUpdate from Trustwave SpiderLabs EMEA, London
It was a hectic week in London. In case you hadn't heard its was InfoSec Europe week, but we were ...
Read MoreBrazilian Banking Malware: Pay Your Bill Slacker!
I recently got wind of an interesting little sample that I believe originated as part of a ...
Read MoreWinning! PenTest Manager pwns SC Europe Innovation Award
We Won! :-) Thanks to all the hard work of the Trustwave's Engineering teams, IT, SpiderLabs, and ...
Read MoreWordPress 3.3.2 Addresses Setup XSS Vulnerabilities
Back in January we released a security advisory for WordPress, which included four vulnerabilities ...
Read MorePwning a Spammer's Keylogger
Recently, while scrounging around our spam traps, I spotted this ordinary piece of malicious spam. ...
Read MoreOnce Again Cutwail Spam Campaign Ends Up In Phoenix Exploit Kit
In the past few months, a certain cybercrime group operates a large stable malware infrastructure, ...
Read MoreCome and Join Us at InfoSecurity
This week we will be presenting and speaking at InfoSecurity, Europe's No.1 Information Security ...
Read MoreTWSL2012-012: Cross-Site Scripting Vulnerability in Support Incident Tracker
Trustwave SpiderLabs has published a new advisory today for a reflective Cross-Site Scripting ...
Read MoreSC Magazine Innovation Award Finalist - Trustwave SpiderLabs PenTest Manager
PenTest Manager, the cutting edge penetration test management and reporting platform used by ...
Read More[Honeypot Alert] Joomla com_s5clanroster Local File Inclusion Attacks
Our web honeypots picked up some increased scanning for the following Exploit-DB vulnerability:
Read MoreAustralian Apple Store Customers Targeted by Phishers
Recently, we came across a phishing attack targeting Australian Apple Store customers. The phishing ...
Read MoreSmart Meter Attacks: Old Vectors Die Hard
Much has been made of the recent attacks against a Puerto Rican utility's smart metering system, ...
Read MoreTWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow sFlow Analyzer
Trustwave SpiderLabs has published a new advisory yesterday for multiple vulnerabilities found in ...
Read More[Honeypot Alert] Zeroboard now_connect() Remote Code Execution Attacks
Our web honeypots recently identified attacks for CVE-2009-4834 which is a vulnerability within ...
Read MoreRCE root in all current Samba versions
While perusing the change log for the release of SAMBA that was pushed out today a member of the ...
Read MoreMicrosoft Patch Tuesday: IE, Common Control, and Digitized Chuck Yeager
For those of you that remember Microsoft Works, today's update will be special for you. Finally, ...
Read MorePenTest Manager: Now with Secure File Transfer
PenTest Manager, the cutting-edge reporting tool created by Trustwave SpiderLabs to manage, track, ...
Read MoreHack Your Own Code: Advanced training for Developers
Mike Park and Marc Bown recently locked themselves in a conference room, working day and night on ...
Read MoreModSecurity Advanced Topic of the Week: Automated Virtual Patching using OWASP Zed Attack Proxy
Automated Virtual Patching using OWASP Zed Attack Proxy The SpiderLabs Research Team has added an ...
Read MoreSpiderLabs Radio Podcast: March 2012
We have just released the SpiderLabs Radio March Edition. This show is packed with interviews from ...
Read More