Showing 1231 results

Database Security Knowledgebase Update 5.04

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.04 includes new checks for SAP (Sybase) ASE, Microsoft SQL Server, MySQL and Oracle, and updated checks for Microsoft SQL Server. New Vulnerability and Configuration Check Highlights SAP...

TrustKeeper Scan Engine Update for August 17, 2016

Summary The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy! New Vulnerability Test Highlights Some of the more interesting vulnerability tests we added...

OWASP ModSecurity CRS Version 3.0 RC1 Released

Trustwave has been dedicated to supporting ModSecurity and the associated community for the better part of a decade. Over this time, ModSecurity and the associated OWASP Core Rule Set (CRS) have seen major advances and are currently positioned as leading...

TrustKeeper Scan Engine Update for August 02, 2016

Summary The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy! New Vulnerability Test Highlights Some of the more interesting vulnerability tests we added...

Microsoft Patch Tuesday, August 2016

Today is August's Patch and with only 9 bulletins with 27 unique CVEs it's one of the lightest months in recent history. Four of the bulletins are rated Critical with the other five are rated as Important. Internet Explorer and...

Turning Up The Heat on IoT: TRANE Comfortlink XL850

The Internet of Things (IoT) continues to explode in the consumer market as demand for network connected devices has spread to all kinds non-traditional network connected systems from toasters to toilets and from refrigerators to lamps. Unfortunately this rush to...

To Obfuscate, or not to Obfuscate

Introduction Malware's goal is to bypass computer defenses, infect a target, and often remain on the system as long as possible. A variety of techniques are used to accomplish these goals. Deciding which of these techniques to use depends on...

SAP ASE file creation vulnerability (CVE-2016-6196)

Recently SAP released a patch for an Adaptive Server Enterprise vulnerability that allows legitimate database users to create files on disk where the server process can write to. This is useful when doing a chained database attack - first create...

Denial of Service: A Survival Guide

From Anonymous style SYN flooding to Application layer denial of service, denial of service is a subject that has been often confused with hacking by the grand public. While your data might not be stolen, the impact both on sales...

TrustKeeper Scan Engine Update for July 20, 2016

Summary The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy! New Vulnerability Test Highlights Some of the more interesting vulnerability tests we added...

Database Security Knowledgebase Update 5.03

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.00 includes new checks for Microsoft SQL Server, MySQL, Oracle and Teradata and new CIS policies for MySQL v1.0.2 and Oracle 11gR2 v2.0.0. New Vulnerability and Configuration Check...

TrustKeeper Scan Engine Update for July 07, 2016

Summary The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy! New Vulnerability Test Highlights Some of the more interesting vulnerability tests we added...

Microsoft Patch Tuesday, July 2016

July's Patch Tuesday is here and brings with it five bulletins rated Critical and 6 rated Important. These eleven bulletins patch 47 unique CVEs (not including the monthly Adobe Flash CVEs which clock in at 24 critical CVEs). Our usual...

Malware Authors Adopt CEO Fraud Techniques

CEO Fraud scams, a type of Business Email Compromise (BEC), have gained popularity among scammers recently. These scams use the power of the CEO's name to try and elicit a response from a targeted employee of an organization. For more...

PoSeidon Adventures in Memory

Background As an Incident Responder I get the unique opportunity to see a lot of malware and in most cases that I investigate, the malware is of the card number stealing type. To be more specific, I deal with a...

Linux Kernel ROP - Ropping your way to # (Part 2)

Introduction In Part 1 of this tutorial, we have demonstrated how to find useful ROP gadgets and build a privilege escalation ROP chain for our test system (3.13.0-32 kernel - Ubuntu 12.04.5 LTS). We have also developed a vulnerable kernel...