Hacker's Wish Come True After Infecting Visitors of Make-A-Wish Website With Cryptojacking
November 19, 2018 | Simon Kenin
After coming back from a vacation, the first thing to do is catch up with what ...
DOH! DNS Over HTTPS Poses Possible Risks to Enterprises
October 26, 2018 | David Middlehurst
Introduction David Middlehurst of Trustwave SpiderLabs presented at the first ...
10 Years On – A Look Back at MS08-067
October 23, 2018 | Trustwave SpiderLabs
It has been ten years since the release of MS08-067. Unlike many of the other ...
Red Alert v2.0: Misadventures in Reversing Android Bot Malware
October 22, 2018 | Rodel Mendrez
(Analysis by Rodel Mendrez and Lloyd Macrohon)
SingHealth Data Breach – An Analytical Perspective
October 22, 2018 | Admin
Executive Summary On July 20th 2018, the Singapore authorities announced1 that ...
Unpatched Remote Code Execution in Reprise License Manager
October 22, 2018 | Admin
During a recent penetration testing engagement, I came across a particularly ...
WD My Cloud EX2 Serves Your Files to Anyone
October 22, 2018 | Martin Rakhmanov
Western Digital's My Cloud is a popular storage/backup device that lets users ...
Underground Code of Honor – Part 1 of 3
October 22, 2018 | SpiderLabs Researcher
"We are all honorable men here, we do not have to give each other assurances as ...
TWSL2011-004: Cross-Site Scripting Vulnerability in ZyXEL ZyWALL 70 Firewall
October 22, 2018 | Josh Grunzweig
The SpiderLabs team at Trustwave published a new advisory today, which details ...
The Underground Job Market – Part 2 of 3
October 18, 2018 | SpiderLabs Researcher
"Leave your ego at the door every morning, and just do some truly great work. ...
Microsoft Patch Tuesday, October 2018
October 09, 2018 | Karl Sigler
October's Patch Tuesday is here and with it come patches for 49 CVEs and a ...
Credential Leak Flaws in Windows PureVPN Client
September 27, 2018 | Admin
Using a VPN (Virtual Private Network) can bring many advantages, particularly ...
CVE-2018-16962: Webroot SecureAnywhere macOS Kernel Level Memory Corruption
September 13, 2018 | Neil Kettle
Trustwave recently discovered a locally exploitable issue in the macOS version ...
Patch Tuesday, September 2018
September 04, 2018 | Karl Sigler
September's Patch Tuesday is here with patches for 61 CVEs and two roll up ...
Drupal Cache Poisoning SA-CORE-2018-005
August 31, 2018 | Admin
(Analysis by Lena Frid, Bar Menachem and Victor Hora)
Firework: Leveraging Microsoft Workspaces in a Penetration Test
August 30, 2018 | Admin
Overview WCX files can be used to configure a Microsoft Workplace on a system ...
Oracle Critical Patch Update July 2018 and Security Alert for CVE-2018-3110
August 27, 2018 | Vladimir Zakharevich
On July 17th 2018 Oracle released Critical Patch Update (CPU) in accordance ...
CVE-2018-8006: XSS in Apache ActiveMQ
August 24, 2018 | Bruno Oliveira
A cross site scripting (XSS) vulnerability exists in Apache ActiveMQprior to ...
Bank Malspam Revisited
August 22, 2018 | Phil Hay
Last week we wrote about some malicious spam containing Microsoft Publisher ...
Alina: Following The Shadow Part 1
August 18, 2018 | Josh Grunzweig
Last I spoke with you, I went into the details of a family of Point of Sale ...
Malspam Campaign Targets Banks Using Microsoft Publisher
August 17, 2018 | Homer Pacag
It's very unusual for malware authors to utilize publishing software like ...
Patch Tuesday, August 2018
August 14, 2018 | Karl Sigler
Patch Tuesday, August 2018
Mapping Social Media with Facial Recognition: A New Tool for Penetration Testers and Red Teamers
August 08, 2018 | Jacob Wilkin
Performing intelligence gathering is a time-consuming process, it typically ...
CVE-2018-2892 - Kernel Level Privilege Escalation in Oracle Solaris
July 24, 2018 | Neil Kettle
Trustwave recently discovered a locally exploitable issue in all current ...
Malicious SettingContent now Delivered Through PDF
July 23, 2018 | Admin
Recently, a proof-of-conceptemerged on how the filetype SettingContent can be ...
DanaBot Riding Fake MYOB Invoice Emails
July 16, 2018 | Dr. Fahim Abbasi
Authors: Dr. Fahim Abbasi and Diana Lopera
Web Application Security-ModSecurity Commercial Rules, Update for June 2018
June 30, 2018 | Admin
Overview for rules released by Trustwave SpiderLabs in November for ModSecurity ...
Adobe Flash Player 0-Day (CVE-2018-5002)
June 12, 2018 | SpiderLabs Researcher
An Adobe advisory regarding a zero-day vulnerability in Adobe Flash Player was ...