Showing 14 results for: November 2013 ×

SpiderLabs Responder Updates

Responder is a penetration-testing tool in active development. To continue making it the best tool it can be, we regularly update it in order to add new features and functionality based on user feedback (and we're one of those users)....

[Honeypot Alert] More PHP-CGI Scanning (apache-magika.c)

In the past 24 hours, one of the WASC Distributed Web Honeypot participant's sensors picked up continued scanning for CVE-2012-1823 which is a vulnerability within PHP-CGI. Here is a screenshot taken from the ModSecurity WAF alert data: PHP-CGI Attack The...

Malicious shells; Established != Active

During a recent investigation, SpiderLabs was presented with evidence that appeared to be contradictory. Evidence from firewall logs and remediation actions taken by the client did not tally with the evidence collected from the compromised system. This blog post discusses...

Vulnerability in RiskNet Acquirer (TWSL2013-031)

Last week we released an advisory for a vulnerability discovered in the RiskNet Acquirer application. This software is a fraud management solution developed to protect major financial institutions including banks and payment processors. RiskNet Acquirer is what we often refer...

TrustKeeper Scan Engine Update - November 14, 2013

It's time again for another TrustKeeper Scan Engine update. This release contains over 30 new tests vulnerabilities in Cisco ASA/IOS, JIRA, jQuery, Microsoft Windows, Oracle Database/MySQL, and more. This release also contains default credential checks for both WordPress and Cisco...

SpiderLabs Radio November 15, 2013 w/ Space Rogue

This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave SpiderLabs and features stories about Stuxnet on ISS, Facebook scans for Adobe, MacRumours, SEA hits Vice, bitcash.cz, Cracked gets cracked, Loyaltybuild, No Nukes in...

Microsoft Patch Tuesday, November 2013

Most of us thought this would be an easy month with only eight bulletins to deal with and only three listed as critical. Unfortunately, there is evidence of one vulnerability mentioned in those bulletins being actively exploited in the wild...

SpiderLabs Radio November 8, 2013 w/ Space Rogue

This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave SpiderLabs and features stories about MS 0-day, Millions in bitcoins lost via inputs.io, CorporateCarOnline, Bug Bounties for everyone, Add five to the Cyber Most...

Microsoft Advance Notification for November 2013

Microsoft will release eight bulletins for Patch Tuesday in November. Four of them will result in Remote Code Execution and three of those are rated as critical. In addition, there is one elevation of privilege, two information disclosures and a...

SpiderLabs Radio November 1, 2013 w/ Space Rogue

This week's episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave SpiderLabs and features stories about Israeli Tunnels attacked or not? Lauri Love, SEA and Barack, Russia infects G20, claims that China puts 'Spy Chips'...