Showing 1252 results

New Carbanak / Anunak Attack Methodology

In the last month Trustwave was engaged by two separate hospitality clients, and one restaurant chain for investigations by an unknown attacker or attackers. The modus operandi for all three investigations were very similar and appear to be a new...

OWASP Core Rule Set 3.0.0 (Final) release

The OWASP Core Rule Set (CRS) team is excited to announce the immediate availability of the OWASP Core Rule Set Version 3.0.0 stable release. This release represents over two and a half years of effort with nearly 1000 commits and...

TrustKeeper Scan Engine Update for November 02, 2016

Summary The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy! New Vulnerability Test Highlights Some of the more interesting vulnerability tests we added...

Microsoft Patch Tuesday, November 2016

The November Patch Tuesday is here and it's a big one with 14 bulletins covering 68 unique CVEs. Despite the large volume of patches, this patch cycle still promises to be less painful than Election Day here in the USA....

Bopup Communications Server Remote Buffer Overflow Vulnerability

Trustwave recently discovered a remotely exploitable issue in all current versions of "B Labs" Bopup Communications Server. The issues were discovered and confirmed to exist in version 4.5.1.12872 as detailed in the recently posted Trustwave advisory. Bopup Communications Server runs...

Database Security Knowledgebase Update 5.06

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.06 includes new and updated checks for IBMDB2 LUW, Microsoft SQL Server and SAP (Sybase) ASE. New Vulnerability and Configuration Check Highlights IBMDB2 LUW Restrict Access to SYSCAT.AUDITPOLICIES...

OWASP ModSecurity CRS Version 3.0 RC2 Released

The OWASP Core Rule Set (CRS) is an Open Source project run by the Open Web Application Security Project (OWASP) and is frequently paired with the Open Source ModSecurity project. As part of Trustwave's commitment to ModSecurity, the Spiderlabs Web...

Microsoft Patch Tuesday, October 2016

October has arrived with seasonal changes and a new Microsoft Patch Tuesday. This Patch Tuesday brings with it 10 bulletins with a total of 36 unique CVE's, definitely a step back from September's massive list, but also not a light...

TrustKeeper Scan Engine Update for October 07, 2016

Summary The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy! New Vulnerability Test Highlights Some of the more interesting vulnerability tests we added...

RIG's Facelift

RIG EK has been in the headlines recently mainly because both EITEST and PseudoDarkLeech (big traffic gates) have been redirecting traffic to RIG to deliver the CrypMIC Ransomware. A year ago we published a deep analysis of RIG which described...

TrustKeeper Scan Engine Update for September 22, 2016

Summary The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy! New Vulnerability Test Highlights Some of the more interesting vulnerability tests we added...

Database Security Knowledgebase Update 5.05

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.05 includes new and updated checks for MySQL. New Vulnerability and Configuration Check Highlights MySQL Locked Accounts Check for accounts that have been locked Risk: Informational Relevant CVEs:...

Steganography... what is that?

When people think about Information Security the first word that generally comes mind is "Hacking", but there are many disciplines in security and one of them is called "Steganography", an offshoot of encryption and "data hiding". The word "steganography" can...

Necurs – the Heavyweight Malware Spammer

Today we want to dwell upon a pesky botnet that goes by the name of Necurs, and in particular its spamming activities. The botnet has been responsible for a massive amount of malware distributed via spam over the last 18...

TrustKeeper Scan Engine Update for September 09, 2016

Summary The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy! New Vulnerability Test Highlights Some of the more interesting vulnerability tests we added...

Microsoft Patch Tuesday, September 2016

September's Patch Tuesday is upon us and it's the biggest one so far this year. While past months have been relatively light, September has nearly twice as many vulnerabilities patched compared to August. All told September contains 14 bulletins patching...

Sundown EK – Stealing Its Way to the Top

Sundown is one of the newest Exploit Kits on the market these days, and like many up-and-coming exploit kits before it, this means that it is in under constant development. With the recent disappearance of the Angler and Nuclear exploit...