Two Privilege Escalation Vulnerabilities in McAfee Security Scan Plus
January 23, 2017 | Martin Rakhmanov
This post will discuss two separate Local Privilege Escalation vulnerabilities ...
Is ModSecurity’s SecRules Turing Complete?
January 20, 2017 | Chaim Sanders
Have you ever seen a rule for ModSecurity? They may look similar to the ...
Operation Grand Mars: a comprehensive profile of Carbanak activity in 2016/17
January 18, 2017 | SpiderLabs Researcher
The Trustwave SpiderLabs team has been actively tracking a malicious campaign ...
Microsoft Patch Tuesday, January 2017
January 10, 2017 | SpiderLabs Researcher
It's everyone's favorite Patch Tuesday, January's Patch Tuesday. Historically ...
Terror Exploit Kit? More like Error Exploit Kit
January 09, 2017 | Simon Kenin
Q: What does it take to create a simple, yet fully functioning exploit kit?
Steganalysis, the Counterpart of Steganography
December 22, 2016 | Jesus Olguin
In my last blog post I discussed the art of embedding secret messages in any ...
Raiding the Piggy Bank: Webshell Secrets Revealed
December 19, 2016 | James Antonakos
Introduction
Microsoft Patch Tuesday, December 2016
December 13, 2016 | SpiderLabs Researcher
December's Patch Tuesday is here to greet you with the pleasant tidings of ...
A Backdoor in Skype for Mac OS X
December 12, 2016 | SpiderLabs Pen Testing LAC
Trustwave recently reported a locally exploitable issue in the Skype Desktop ...
New Carbanak / Anunak Attack Methodology
November 15, 2016 | SpiderLabs Researcher
In the last month Trustwave was engaged by multiple hospitality businesses for ...
OWASP Core Rule Set 3.0.0 (Final) release
November 11, 2016 | Chaim Sanders
The OWASP Core Rule Set (CRS) team is excited to announce the immediate ...
Microsoft Patch Tuesday, November 2016
November 08, 2016 | SpiderLabs Researcher
The November Patch Tuesday is here and it's a big one with 14 bulletins ...
Bopup Communications Server Remote Buffer Overflow Vulnerability
November 04, 2016 | Neil Kettle
Trustwave recently discovered a remotely exploitable issue in all current ...
About SAP Adaptive Server Enterprise dbcc import_sproc SQL injection vulnerability (CVE-2016-7402)
October 20, 2016 | Martin Rakhmanov
This vulnerability was introduced in SAP Adaptive Server Enterprise 16.0 SP02 ...
OWASP ModSecurity CRS Version 3.0 RC2 Released
October 19, 2016 | Chaim Sanders
The OWASP Core Rule Set (CRS) is an Open Source project run by the Open Web ...
Down the Rabbit Hole: Extracting Maliciousness from MSG Files Without Outlook
October 12, 2016 | Rodel Mendrez
Email As Infection Vector
Microsoft Patch Tuesday, October 2016
October 11, 2016 | SpiderLabs Researcher
October has arrived with seasonal changes and a new Microsoft Patch Tuesday. ...
RIG's Facelift
September 30, 2016 | Rami Kogan
RIG EK has been in the headlines recently mainly because both EITEST and ...
Steganography... what is that?
September 19, 2016 | Jesus Olguin
When people think about Information Security the first word that generally ...
Necurs – the Heavyweight Malware Spammer
September 14, 2016 | Phil Hay
Today we want to dwell upon a pesky botnet that goes by the name of Necurs, and ...
Microsoft Patch Tuesday, September 2016
September 13, 2016 | SpiderLabs Researcher
September's Patch Tuesday is upon us and it's the biggest one so far this year. ...
Sundown EK – Stealing Its Way to the Top
September 02, 2016 | SpiderLabs Researcher
Sundown is one of the newest Exploit Kits on the market these days, and like ...
OWASP ModSecurity CRS Version 3.0 RC1 Released
August 15, 2016 | Chaim Sanders
Trustwave has been dedicated to supporting ModSecurity and the associated ...
Microsoft Patch Tuesday, August 2016
August 08, 2016 | SpiderLabs Researcher
Today is August's Patch and with only 9 bulletins with 27 unique CVEs it's one ...
Turning Up The Heat on IoT: TRANE Comfortlink XL850
August 07, 2016 | Jeff Kitson
The Internet of Things (IoT) continues to explode in the consumer market as ...
To Obfuscate, or not to Obfuscate
August 04, 2016 | Eric Merritt
Introduction Malware's goal is to bypass computer defenses, infect a target, ...
SAP ASE file creation vulnerability (CVE-2016-6196)
August 02, 2016 | Martin Rakhmanov
Recently SAP released a patch for an Adaptive Server Enterprise vulnerability ...
Slinging Hash: Speeding Cyber Threat Hunting Methodologies via Hash-Based Searching
August 01, 2016 | James Antonakos
The term "hash" is thrown around in casual IT conversation quite a bit ...