The Australian Securities and Investment Commission (ASIC) is an independent government agency that is Australia's corporate, market and financial services regulator. ASIC provides several services including registration services for Australian companies. Opportunist Scammers taking advantage of the new year, leveraged...

Malware authors often distribute malware through code macros in Microsoft Office documents such as Word, Excel, or PowerPoint. Regardless of the particular Office version, macros can be executed whenever the user opens the file. By default users get warnings from...

A zero day Flash exploit caught targeting South Korean users was announced by South Korea's CERT on January 31, 2018. The exploit was embedded in an Excel spreadsheet. Upon opening the spreadsheet the Flash file loads a second stage which...

February's Patch Tuesday is here and after the light January, it's back with patches for 50 CVEs and two "roll up" advisories. Running down the CVEs, there are 14 rated "Critical", 34 rated "Important" and 2 rated "Moderate". Once again...

Last year I discovered multiple vulnerabilities in NETGEAR products. Now that these vulnerabilities have gone through the disclosure process and have been patched we can discuss the technical details. TWSL2018-002: Password Recovery and File Access on Some Routers and Modem...

While performing security research on personal storage I found some vulnerabilities in the WD (Western Digital) MyCloud device. Trustwave reported them to WD back in 2017 and now that patches are available we can discuss the technical details. The first...

Over the past few months there has been a lot going on with ModSecurity. There was libModSecurity (aka 3.0) release which was covered in details in a recent blog post by Lead Developer @zimmerle. There was also two recent presentations...

libModSecurity aka ModSecurity version 3.0 is out there. libModSecurity starts a new era in terms of ModSecurity extensibility. The modular architecture provides flexibility to extend ModSecurity core with scripting languages and from scripting languages. Facilitating work such as: UI integration,...

Happy 2018 everyone! January's Patch Tuesday will ease you into the new year with just 23 CVEs patched. Historically January has always been a light patch month. The release patches one CVE each that's rated "Critical", "Moderate" and "Low". The...

Trustwave
Twitter Feed

Follow Us @Trustwave