A zero day exploit was discovered targeting trade agencies and other related organizations in China toward the end of April. The vulnerability is a Use-After-Free (UAF) memory corruption bug in the Microsoft VBScript engine. By taking advantage of the vulnerability,...

This year marks a historic decade-long milestone of the Trustwave Global Security Report (GSR), an annual report that touches on the current state of cybersecurity and the evolving threat landscape.

Read More 

Electron – the widely used desktop application framework that renders top programs – suffered from a security vulnerability that potentially allows miscreants to execute evil code on victims’ computers.

Read More 

A few weeks ago, I came across a vulnerability that affected all current versions of Electron at the time (< 1.7.13, < 1.8.4, and < 2.0.0-beta.3). The vulnerability allowed nodeIntegration to be re-enabled, leading to the potential for remote code execution. If you're unfamiliar with Electron, it is a popular framework that allows you to create cross-platform desktop applications using HTML, CSS, and JavaScript.

May's Patch Tuesday is here and it looks like these monthly releases have plateaued at around 70 CVEs patched per month. May comes in with 68 CVEs total including 21 rated "Critical", 44 rated "Important", and three rated "Low". Among...

Drupal, the popular Content Management System, (might) have seen better days. There's been a lot of attention to it lately in regards to a nasty Remote Code Execution (RCE) vulnerability. In particular a number of builds in the 7.x and...

Western Digital's My Cloud is a popular storage/backup device that lets users backup and store important documents, photos and media files. Unfortunately the default configuration of a new My Cloud EX2 drive allows any unauthenticated local network user to grab...

The internet has never been an especially safe place, but at least one small corner of it – email – was less perilous for most users in 2017.

Read More 

Trustwave
Twitter Feed

Follow Us @Trustwave