[Honeypot Alert] Is-human Wordpress Plugin Remote Command Execution Attack Detected
January 13, 2012 | Ryan Barnett
Our web honeypot logs picked up an attack aimed at exploiting the Is-human ...
[Honeypot Alert] Extensive 'setup.php' Scanning Detected
January 12, 2012 | Ryan Barnett
The SpiderLabs Research Team has identified an extensive scanning campaign ...
Microsoft Patch Tuesday (January 2012): Media Player and The BEAST
January 10, 2012 | Admin
The statisticians over at the Patch Tuesday Farmer's Almanac are saying that 7 ...
ModSecurity Mitigations for ASP.NET HashTable DoS Vulnerability (CVE-2011-3414)
January 09, 2012 | Ryan Barnett
ThreatPost had a news story today about PoC code that was released to the full ...
[Honeypot Alert] Multiple Local File Inclusion Attacks
January 09, 2012 | Ryan Barnett
Our web server honeypot log analysis has picked up some targeted local file ...
Analyzing PDF Malware - Part 2
January 06, 2012 | Admin
Where were we?
ModSecurity Advanced Topic of the Week: Mitigation of 'Slow Read' Denial of Service Attack
January 06, 2012 | Ryan Barnett
Slow-Read DoS Attack Background Another tweak in the ongoing "Slow" DoS attacks ...
Introducing SQLol
January 06, 2012 | Dan Crowley
At the most recent Austin Hackers Association meeting I unveiled a project I've ...
Virtual Patch for ASP.Net Forms Authentication Bypass Vulnerability (CVE-2011-3416)
January 04, 2012 | Ryan Barnett
Last Thursday, Microsoft released an out-of-band security patch (MS11-100) ...
[Honeypot Alert] phpThumb() 'fltr[]' Parameter Command Injection Detected
December 28, 2011 | Ryan Barnett
The SpiderLabs Research Team has identified active scanning for the phpThumb() ...
TWSL2011-019: Cross-Site Scripting Vulnerability in phpMyAdmin
December 23, 2011 | Robert Foggia
The Spiderlabs team at Trustwave published a new advisory for a ...
TWSL2011-018: Authentication Bypass Vulnerability in IBM TS3100/TS3200 Web User Interface
December 21, 2011 | Robert Foggia
The Spiderlabs team at Trustwave published a new advisory for a authentication ...
[Honeypot Alert] User Agent Field Arbitrary PHP Code Execution
December 21, 2011 | Ryan Barnett
While reviewing today's web honeypot logs, SpiderLabs Research identified two ...
[Honeypot Alert] phpAlbum PHP Code Execution Attacks
December 19, 2011 | Ryan Barnett
We have seen a number of scans probing for phpAlbum code execution vulns in our ...
Announcing Release of OWASP ModSecurity Core Rule Set v2.2.3
December 19, 2011 | Ryan Barnett
The SpiderLabs Research Team is pleased to announce the ModSecurity OWASP Core ...
BayThreat Follow-up: More About Mobile Devices and Privacy
December 15, 2011 | Luiz Eduardo Dos Santos
We just saw a recent post here on SpiderLabs Anterior about one of mostly used ...
Mobile Device Location Tracking, and Why It Matters
December 14, 2011 | Admin
Throughout the past decade, there has been a substantial increase in mobile ...
[Honeypot Alert] Awstats Command Injection Scanning Detected
December 13, 2011 | Ryan Barnett
Issue Detected Our daily web honeypot analysis has detected an increase in ...
Microsoft Patch Tuesday, December 2011
December 13, 2011 | Admin
This Patch Tuesday, there are 3 new Critical and 10 new Important Bulletins. ...
[Honeypot Alert] WordPress/Joomla/Mambo SQL Injection Scanning Detected
December 09, 2011 | Ryan Barnett
Our web honeypot analysis today detected scanning looking for SQL Injection ...
[Honeypot Alert] WordPress/Joomla/Mambo SQL Injection Scanning Detected
December 09, 2011 | Ryan Barnett
Our web honeypot analysis today detected scanning looking for SQL Injection ...
[Honeypot Alert] Mass Joomla Component LFI Attacks Identified
November 17, 2011 | Ryan Barnett
Joomla Component LFI Vulnerabilities Joomla has hundreds of Controller ...
Trustwave Protections Deployed: MS11-083
November 15, 2011 | Robert Foggia
Last week, it was Microsoft's Patch Tuesday! For November, Microsoft released ...
Trustwave Protections Deployed: Duqu
November 06, 2011 | Robert Foggia
Recent reports of the zero-day exploit found in the Win32k True Type Font ...
NickiSpy.C - Android Malware Analysis Demo
October 26, 2011 | Josh Grunzweig
Recently I got the chance to dig into a nice little piece of Android spyware, ...
Interesting Authentication Bypass Vulnerabilities
September 30, 2011 | Admin
Recently I've been writing a talk called "Authentication Bypass Zoo: Pwnage and ...
TWSL2011-013: Multiple Vulnerabilities in IceWarp Mail Server
September 23, 2011 | Admin
The Spiderlabs team at Trustwave published a new advisory today which detail ...
Trustwave Releases New ModSecurity Rules and Support
September 22, 2011 | Admin
ModSecurity is the most popular open source web application firewall (WAF) ...