Showing 1322 results

Malware Xeroing in on Cloud Accounting Customers

Authors: Dr. Fahim Abbasi and Rodel Mendrez We witnessed a sophisticated phishing campaign on 16th August 2017, targeting victims by sending spoofed phishing email messages appearing to come from Xero. Xero is a New Zealand-based software company that develops cloud-based...

ModSecurity version 3.0.0 first release candidate

Recently we announced the first release candidate for libModSecurity (also as known as ModSecurity version 3). The goal was to turn ModSecurity into a mature library that could be used seamlessly regardless of web server or platform. The motivations for...

The Spam, JavaScript and Ransomware Triangle

Authors: Dr. Fahim Abbasi and Nicholas Ramos Introduction Our global spam honeypot sensors detected a pervasive email campaign that was leveraging a zipped attachment containing a malicious JavaScript. When opened, the JavaScript was used to infect victims with ransomware. This...

Necurs Unleashed "Locky diablo" from Hell

Over two days in early August (the 8th and 9th), amidst of the active distribution of Trickbot malware, a new Locky ransomware variant called "diablo" has emerged from hell. The Trustwave SpiderLabs Spam Research Database has picked up a large...

Announcing ModSecurity version 2.9.2

We recently released ModSecurity version 2.9.2. The release contains a number of bug fixes, including two security issues: Allan Boll reported an uninitialized variable that may lead to a crash on Windows platform. Brian Adeloye reported an infinite loop on...

Microsoft Patch Tuesday, August 2017

August's Patch Tuesday brings with it a relatively light month closing holes in 48 CVEs. Over all there are 26 CVEs rated "Critical", 21 rated "Important" and 1 rated "Moderate". Across all of these vulnerabilities security updates for software and...

Chip Off the Old EMV

Recently, Jason Knowles of ABC 7's I-Team asked us, "What is the security risk if your EMV chip falls off your credit card? What could someone do with that?" My first thought was, "How in the hell does the chip...

Tale of the Two Payloads – TrickBot and Nitol

A couple of weeks ago, we observed the Necurs botnet distributing a new malware spam campaign with a payload combo that includes Trickbot and Nitol. Trickbot is a banking trojan that first appeared late last year targeting banks in Europe,...

Petya From The Wire: Detection using IDPS

Most malware that traverses a network do so with specific indicators, some of which look like legitimate network traffic and others that are completely unique to the malware. A single IDPS signature can have high confidence of detecting an infection...

Microsoft Patch Tuesday, July 2017

July's Patch Tuesday brings patches for 54 CVEs, nearly half the number patched in June and back to the patch levels we saw in April and May. Over all there are 19 CVEs rated "Critical", 32 rated "Important" and 3...

A Computational Complexity Attack against Racoon and ISAKMP Fragmentation

Trustwave recently reported a remotely exploitable computational complexity vulnerability in the racoon isakmp daemon that is part of the ipsec-tools open-source project (http://ipsec-tools.sourceforge.net/). The vulnerability is present in the handling of fragmented packets. A computational complexity attack seeks to cause...

Elephone P9000 Lock Screen Lockout Bypass

Brute force attacks against smartphones are not usually a viable attack vector. Manufacturers employ scaling lockouts that progress into longer and longer periods between attempts and, if the user is security conscious, the device may wipe after 10 attempts. However...