Showing 317 results for: Security Research ×

Unauthenticated Backdoor Access in Unanet

The default configuration of the Unanet web application has a backdoor that can allow unauthenticated users to login and manipulate the user accounts and the roles they maintain. This vulnerability is due to a code branch that exists within the...

Underground Scams: Cutting the Head Off a Snake

Shortly after publishing our post about Terror EK, "King Cobra" (a Twitter account that we mentioned at the end of that blog post), tweeted a note to us: Figure 1: King Cobra's tweet to Trustwave This, along with other feedback...

Terror Exploit Kit? More like Error Exploit Kit

Q: What does it take to create a simple, yet fully functioning exploit kit? A: Just a little bit of determination. A few weeks ago a website popped up on our radar: www[.]***empowernetwork[.]com This web site, like many others in...

Steganalysis, the Counterpart of Steganography

In my last blog post I discussed the art of embedding secret messages in any file so that only the sender and the receiver know about the presence of that message. This is called steganography. In this post I will...

New Carbanak / Anunak Attack Methodology

In the last month Trustwave was engaged by multiple hospitality businesses for investigations by an unknown attacker or attackers. The modus operandi for all three investigations were very similar and appear to be a new Carbanak gang attack methodology, focused...

Bopup Communications Server Remote Buffer Overflow Vulnerability

Trustwave recently discovered a remotely exploitable issue in all current versions of "B Labs" Bopup Communications Server. The issues were discovered and confirmed to exist in version 4.5.1.12872 as detailed in the recently posted Trustwave advisory. Bopup Communications Server runs...

Sundown EK – Stealing Its Way to the Top

Sundown is one of the newest Exploit Kits on the market these days, and like many up-and-coming exploit kits before it, this means that it is in under constant development. With the recent disappearance of the Angler and Nuclear exploit...

To Obfuscate, or not to Obfuscate

Introduction Malware's goal is to bypass computer defenses, infect a target, and often remain on the system as long as possible. A variety of techniques are used to accomplish these goals. Deciding which of these techniques to use depends on...

SAP ASE file creation vulnerability (CVE-2016-6196)

Recently SAP released a patch for an Adaptive Server Enterprise vulnerability that allows legitimate database users to create files on disk where the server process can write to. This is useful when doing a chained database attack - first create...

Denial of Service: A Survival Guide

From Anonymous style SYN flooding to Application layer denial of service, denial of service is a subject that has been often confused with hacking by the grand public. While your data might not be stolen, the impact both on sales...

Zero Day Auction for the Masses

UPDATE: The seller once again lowered their price on the 6th of June to $85,000USD. This means that the exploit hasn't sold yet and seller may be having problems finding a buyer. Over the years we've seen practically exponential growth...

Angler Takes Malvertising to New Heights

We have just discovered an advertising campaign that has been placing malicious advertisements on very popular websites both in the US and internationally. "answers.com" (Alexa rank 420 Global and 155 in the US), "zerohedge.com" (Ranked 986 in the US) and...

Protecting Your Sites from Apache.Commons Vulnerabilities

A few weeks ago, FoxGlove Security released this important blog post that includes several Proof-of-Concepts for exploiting Java unserialize vulnerabilities. A remote attacker can gain Remote Code Execution by sending specially crafted payload to any endpoint expecting a serialized...

BOM Obfuscation in Spam

Spammers try all sorts of tricks to obfuscate, including trying to obfuscate URLs so they cannot be recognized by various URL blacklisting or other scanning services. We recently came across a trick we hadn't seen before. Here is the original...