Showing 1332 results

ModSecurity Web Application Firewall - Commercial Rules Update

We have recently released new commercial rules for ModSecurity Web Application Firewall (WAF) v2.9 and above. These rules' purpose is to protect against new emerging attacks that target vulnerabilities in public software. For this release we are highlighting virtual patches...

"Don't Mine Me" – Coinhive

What's worse than annoying ads on a website? Crypto Miner on a website! Over the last couple of weeks there has been a lot of talk about Coinhive, a service that claims to provide an alternative to advertising for monetizing...

VAT Return with a Vengeance

Authors: Dr. Fahim Abbasi, Gerald Carsula and Rodel Mendrez Scam Overview Her Majesty's Revenue & Customs (HMRC) is the UK department responsible for collecting taxes and other tax related services like VAT returns. On 6th September, 2017, scammers launched a...

Locky Part 2: As the Seasons Change so is Locky

It's that time of year where the seasons are changing. The Northern Hemisphere moves into Autumn, and the Southern Hemisphere moves to Spring. So it is with Locky. As we discussed in our last post, spam campaigns were downloading Locky...

Microsoft Patch Tuesday, October 2017

October is here and brings with it patches for 62 CVEs and a handful of additional advisories. 28 of the vulnerabilities patched are rated "Critical" and 34 are rated "Important". The largest number of vulnerabilities patched (18 total) reside in...

Post-Soviet Bank Heists: A Hybrid Cybercrime Study

Today we are publishing a SpiderLabs Advanced Threat Report that details a major cyberattack targeting banks mainly located in post-Soviet states. All the attacks share a common profile and the finely tuned orchestration of the entire operation shows an innovative...

Emotet lives another day using Fake O2 invoice notifications

Authors: Dr. Fahim Abbasi and Nicholas Ramos We witnessed a widespread phishing campaign targeting O2 customers, that surfaced on 18th August, 2017 and continued intermittently until 21st August, 2017. Telefonica UK Limited, trading as O2, is a major telco provider...

Malware Xeroing in on Cloud Accounting Customers

Authors: Dr. Fahim Abbasi and Rodel Mendrez We witnessed a sophisticated phishing campaign on 16th August 2017, targeting victims by sending spoofed phishing email messages appearing to come from Xero. Xero is a New Zealand-based software company that develops cloud-based...

ModSecurity version 3.0.0 first release candidate

Recently we announced the first release candidate for libModSecurity (also as known as ModSecurity version 3). The goal was to turn ModSecurity into a mature library that could be used seamlessly regardless of web server or platform. The motivations for...

The Spam, JavaScript and Ransomware Triangle

Authors: Dr. Fahim Abbasi and Nicholas Ramos Introduction Our global spam honeypot sensors detected a pervasive email campaign that was leveraging a zipped attachment containing a malicious JavaScript. When opened, the JavaScript was used to infect victims with ransomware. This...

Necurs Unleashed "Locky diablo" from Hell

Over two days in early August (the 8th and 9th), amidst of the active distribution of Trickbot malware, a new Locky ransomware variant called "diablo" has emerged from hell. The Trustwave SpiderLabs Spam Research Database has picked up a large...

Announcing ModSecurity version 2.9.2

We recently released ModSecurity version 2.9.2. The release contains a number of bug fixes, including two security issues: Allan Boll reported an uninitialized variable that may lead to a crash on Windows platform. Brian Adeloye reported an infinite loop on...

Microsoft Patch Tuesday, August 2017

August's Patch Tuesday brings with it a relatively light month closing holes in 48 CVEs. Over all there are 26 CVEs rated "Critical", 21 rated "Important" and 1 rated "Moderate". Across all of these vulnerabilities security updates for software and...