Showing 10 results for: November 2012 ×

The Return of SpiderLabs Radio: Now with Space Rogue

The SpiderLabs podcast known as SpiderLabs Radio has gone through many different formats over the years and has been released on a somewhat arbitrary schedule. Starting now we are going to change that and release an episode every week on...

Detecting Successful XSS Testing with JS Overrides

Do you know when an attacker or security researcher successfully finds a Cross-site Scripting (XSS) vulnerability in your web application? This blog post will demonstrate a proof of concept that uses ModSecurity to add defensive Javascript to response pages that...

[Honeypot Alert] User-Agent Field XSS Attacks

Our web honeypots picked up some more XSS attacks today: The highlighted data in the Apache access_log holds the User-Agent field token data from the request. In this case, the attacker has inserted some Javascript code that would use the...

An Analysis of a Fake Vodafone Bill PDF File

We haven't come across many malicious PDF files recently in our spam traps, so when we found this message, ostensibly from Vodafone Deutschland, we naturally took a closer look. In this example, the cyber crooks are targeting Vodafone Deutschland customers...

TrustKeeper Scan Engine Update - November 26, 2012

The team in the US is going through the early stages of post-Thanksgiving turkey and gravy withdrawal, but we're trying not to let that slow us down. We've released a new update to the TrustKeeper scanner that includes tests for...

CVE-2012-4969 and the Unnamed Admin Panel

While CVE-2012-4969 isn't new, we are still curious about the various ways this vulnerability can be exploited. Today we've stumbled upon a new instance of it. Let's have a look. That's a rather simple version of the first half of...

TrustKeeper Scan Engine Update - November 8, 2012

The latest update to the TrustKeeper Scan Engine is now available. This update includes coverage for over 50 vulnerabilities for products such as Cisco IOS, Microsoft Windows, ISC BIND, Oracle Database and MySQL servers, and Samba. We've been busy! As...

CWE the Vote

It's a nice, sunny day in Cleveland, my friends. Tonight, after the votes are counted, including my quadrennial write-in vote for "Lynard Skynard", the signs will start coming down, the bumper stickers will start to fade in the sun, and...