Showing 1221 results

TrustKeeper Scan Engine Update for July 20, 2016

Summary The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy! New Vulnerability Test Highlights Some of the more interesting vulnerability tests we added...

Database Security Knowledgebase Update 5.03

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.00 includes new checks for Microsoft SQL Server, MySQL, Oracle and Teradata and new CIS policies for MySQL v1.0.2 and Oracle 11gR2 v2.0.0. New Vulnerability and Configuration Check...

TrustKeeper Scan Engine Update for July 07, 2016

Summary The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy! New Vulnerability Test Highlights Some of the more interesting vulnerability tests we added...

Microsoft Patch Tuesday, July 2016

July's Patch Tuesday is here and brings with it five bulletins rated Critical and 6 rated Important. These eleven bulletins patch 47 unique CVEs (not including the monthly Adobe Flash CVEs which clock in at 24 critical CVEs). Our usual...

Malware Authors Adopt CEO Fraud Techniques

CEO Fraud scams, a type of Business Email Compromise (BEC), have gained popularity among scammers recently. These scams use the power of the CEO's name to try and elicit a response from a targeted employee of an organization. For more...

PoSeidon Adventures in Memory

Background As an Incident Responder I get the unique opportunity to see a lot of malware and in most cases that I investigate, the malware is of the card number stealing type. To be more specific, I deal with a...

Linux Kernel ROP - Ropping your way to # (Part 2)

Introduction In Part 1 of this tutorial, we have demonstrated how to find useful ROP gadgets and build a privilege escalation ROP chain for our test system (3.13.0-32 kernel - Ubuntu 12.04.5 LTS). We have also developed a vulnerable kernel...

TrustKeeper Scan Engine Update for June 16, 2016

Summary The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy! New Vulnerability Test Highlights Some of the more interesting vulnerability tests we added...

Microsoft Patch Tuesday, June 2016

June's Patch Tuesday doesn't hold many surprises and is similar to the past several months with 17 bulletins and 36 unique CVEs in Microsoft products as well as an additional 37 CVEs patched in Adobe Flash. Six of these bulletins...

Linux Kernel ROP - Ropping your way to # (Part 1)

Kernel ROP In-kernel ROP (Return Oriented Programming) is a useful technique that is often used to bypass restrictions associated with non-executable memory regions. For example, on default kernels1, it presents a practical approach for bypassing kernel and user address separation...

Zero Day Auction for the Masses

UPDATE: The seller once again lowered their price on the 6th of June to $85,000USD. This means that the exploit hasn't sold yet and seller may be having problems finding a buyer. Over the years we've seen practically exponential growth...

Digging in the Spam Folder

Introduction Unlike spam that appears in my real-world mailbox, the numerous unwanted parcels that arrive continuously in my Gmail spam folder are a gold mine. Not because I'm being offered $1.5 million USD to help with a foreign currency deposit,...

Database Security Knowledgebase Update 5.02

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.02 includes new checks for Microsoft SQL Server and SAP (Sybase) ASE New Vulnerability and Configuration Check Highlights Microsoft SQL Server Orphaned users Examines for orphaned users. Risk:...

TrustKeeper Scan Engine Update for May 31, 2016

Summary The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Highlights of the update include coverage for 24 new vulnerabilities, DROWN attack detection and...

Suzy's Phishing Season

Although most SWG-related blogs talk about exploit kits and malicious code, today we would like to discuss something else in the form of a phishing campaign we recently spotted. Phishing often receives less attention from the InfoSec industry because unlike...