Upcoming SpiderLabs Speaking Events - March / April 2012
At Trustwave SpiderLabs we encourage our team members to frequently perform their own research and ...
Read MoreTWSL2012-005: Cross-Site Scripting Vulnerability in osCommerce Platform
Trustwave SpiderLabs has published a new advisory today for a Cross-Site Scripting vulnerability ...
Read MoreA New Neighbor in Town: The Nuclear Pack v2.0 Exploit Kit
In the past few years, cybercriminals have been increasingly using exploit kits to spread malware. ...
Read More[Honeypot Alert] Large Scale LFI Attack From Brazillian Domains
Our web sensors picked up a big uptick in Local File Inclusion (LFI) attacks today. We received ...
Read MoreDirty RAT Eats Nate's Banana
I've got a real treat for everyone today, as I received approval to blog about an interesting piece ...
Read MoreLIKE, omg!
If you read this blog, you might have seen my earlier post regarding my configurable SQL injection ...
Read MoreThe Race for MS12-020
So if you missed our previous blog post on the MS Patch Tuesday earlier this week, or missed any of ...
Read More[Honeypot Alert] More WordPress is_human Plugin Remote Command Injection Attack Detected
As we first noted in a previous Honeypot Alert Blog post, our web honeypots have again received ...
Read More[Honeypot Alert] Status Report for February 2012
Monthly Web Honeypot Status Report We have received a tremendous amount of positive feedback on our ...
Read MoreOWASP Virtual Patching Survey Results
In a previous blog post, we issued a call for assistance to help OWASP with a virtual patching ...
Read MoreDetecting Brazilian Banking Trojans with Snort http_inspect
If you take a look at malware samples down here in Brazil, probably in most of Latin America they ...
Read MoreVirtual Patch for Movable Types XSS (CVE 2012-1262)
My SpiderLabs Research colleague Jonathan Claudius recently identified an XSS flaw in the Movable ...
Read MorePIG - Finding Your Target Without Saying a Word
You see blogs, talks, presentations, and tutorials on how to break into boxes all the time. These ...
Read MoreSpiderLabs Threat Intelligence Program
So a lot of people have been asking me "What do you do at Trustwave?" and I tell them I am the ...
Read More[Honeypot Alert] phpMyAdmin Code Injection Attacks for Botnet Recruitment
Our web honeypots picked up the following attacks today:
Read More#TWContest: And the winner of the @Trustwave @SpiderLabs 2012 Global Security Report contest is...
Here is a summary of the questions and answers:
Read More#TWContest: One in how many organizations use insecure remote access...
The question was… "One in how many organizations use insecure remote access solutions as seen ...
Read MoreCall for Assistance: OWASP Virtual Patching Survey
Identification of web application vulnerabilities is only half the battle with remediation efforts ...
Read More#TWContest: The two main motivations for web-based attacks are...
On Thursday we posted our sixth question of the Trustwave 2012 Global Security Report Twitter ...
Read MoreTrustwave SpiderLabs: My First Nine Days
So as some of you may have heard I now work at Trustwave for their SpiderLabs group headed up by ...
Read More#TWContest: The correct data aggregation technique is...
On Tuesday we posted our fifth question of the Trustwave 2012 Global Security Report Twitter ...
Read MoreTop Ten Web Protection Techniques of 2011
Top Ten Web Hacking Techniques of 2011 Every year the web security community votes on the top web ...
Read More#TWContest: The top 'origin' of attack is...
The question was… "What was the top "origin" of attack as seen through Trustwave SpiderLabs ...
Read MoreCommon Attack Methodologies Identified in European Customers
As you may have heard, Trustwave SpiderLabs released our Global Security Report (GSR) 2012 Report, ...
Read More