Showing 327 results for: Security Research ×

URSNIF is Back Riding a New Wave of Spam

The infamous data-stealing URSNIF malware has done it again and it's here to collect more keystrokes, login credentials, browsing activities, and other user activities. It continues to undress and dress itself differently, time and time again. Earlier this year, we...

Multiple Vulnerabilities in Avast Antivirus

Last year I decided to do some security research on an antivirus product. Avast seemed a good target since it is among most popular AV products used by home users and, as an added bonus, there is a bug bounty...

Exploiting Privilege Escalation in Serv-U by SolarWinds

I was recently working on an external network penetration test where I identified a new vulnerability in a file sharing web application called Serv-U by SolarWinds. This vulnerability granted me administrative privileges to the Serv-U application, and, allowed for remote...

Authentication and Encryption in PAS Web Shell Variant

Introduction During a recent incident response case, we were tasked with discovering the point of entry for an attacker that had compromised the entire Windows network. Among other things we uncovered evidence of web application attacks targeting the company's public...

Undocumented Backdoor Account in DBLTek GoIP

Trustwave recently reported a remotely exploitable issue in the Telnet administrative interface of numerous DblTek branded devices. The issue permits a remote attacker to gain a shell with root privileges on the affected device due to a vendor backdoor in...

Unauthenticated Backdoor Access in Unanet

The default configuration of the Unanet web application has a backdoor that can allow unauthenticated users to login and manipulate the user accounts and the roles they maintain. This vulnerability is due to a code branch that exists within the...

Underground Scams: Cutting the Head Off a Snake

Shortly after publishing our post about Terror EK, "King Cobra" (a Twitter account that we mentioned at the end of that blog post), tweeted a note to us: Figure 1: King Cobra's tweet to Trustwave This, along with other feedback...

Terror Exploit Kit? More like Error Exploit Kit

Q: What does it take to create a simple, yet fully functioning exploit kit? A: Just a little bit of determination. A few weeks ago a website popped up on our radar: www[.]***empowernetwork[.]com This web site, like many others in...

Steganalysis, the Counterpart of Steganography

In my last blog post I discussed the art of embedding secret messages in any file so that only the sender and the receiver know about the presence of that message. This is called steganography. In this post I will...

New Carbanak / Anunak Attack Methodology

In the last month Trustwave was engaged by multiple hospitality businesses for investigations by an unknown attacker or attackers. The modus operandi for all three investigations were very similar and appear to be a new Carbanak gang attack methodology, focused...

Bopup Communications Server Remote Buffer Overflow Vulnerability

Trustwave recently discovered a remotely exploitable issue in all current versions of "B Labs" Bopup Communications Server. The issues were discovered and confirmed to exist in version 4.5.1.12872 as detailed in the recently posted Trustwave advisory. Bopup Communications Server runs...

Sundown EK – Stealing Its Way to the Top

Sundown is one of the newest Exploit Kits on the market these days, and like many up-and-coming exploit kits before it, this means that it is in under constant development. With the recent disappearance of the Angler and Nuclear exploit...