In the realm of malware, ransomware has been king for the last few years, compromising unsecured hosts and kindly requesting payment from their rightful owners. Back in January 2017, an attacker extended the concept to MongoDB and was hitting unsecured...

I was recently working on an external network penetration test where I identified a new vulnerability in a file sharing web application called Serv-U by SolarWinds. This vulnerability granted me administrative privileges to the Serv-U application, and, allowed for remote...

Introduction During a recent incident response case, we were tasked with discovering the point of entry for an attacker that had compromised the entire Windows network. Among other things we uncovered evidence of web application attacks targeting the company's public...

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.12 includes new and updated checks for Oracle and Sybase ASE. New Vulnerability and Configuration Check Highlights Oracle SQL Injection in CDBView package o Database Activity Monitoring -...

We knew that the Microsoft's Valentine's gift to cancel Patch Tuesday on February 14th was only going to be a temporary stay and, sure enough, Patch Tuesday is back and bigger than ever for March. Over all there are 18...

SIEM often gets a bad rap, but the real culprit for ineffective deployments of the threat detection and response technology could be a lack of internal skills across many companies.

Trustwave recently reported a remotely exploitable issue in the Telnet administrative interface of numerous DblTek branded devices. The issue permits a remote attacker to gain a shell with root privileges on the affected device due to a vendor backdoor in...

Trustwave
Twitter Feed

Follow Us @Trustwave