Showing 19 results for: May 2013 ×

ModSecurity Performance Recommendations

Sometimes we see ModSecurity users asking about performance in the mail-list. During this post I will talk about some important topics to improve ModSecurity performance. 1 – HTTP Caching and Acceleration In a common web environment static contents (ie. Images)...

SpiderLabs Radio May 31, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave's Threat Intelligence Service and covers Liberty Reserve, Syrian Electronic Army pranks SkyNews, Guccifer, Cher and Alec Baldwin lose weight, Drupal, Chinese cyber espionage, You...

SpiderLabs Radio May 24, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave's Threat Intelligence Service and covers Yahoo Japan, Syrian Electronic Army, Finincial Times, 2-factor won't stop stupid, Aura attacks targeted LE database, Scripps hackers, Operation...

Machine Learning Update 1

An update on my Machine Learning project to classify, categorize, and otherwise group like pieces of malware together to better understand and analyze malicious code.

Alina: Following The Shadow Part 1

Last I spoke with you, I went into the details of a family of Point of Sale (POS) malware, named 'Alina'. At the time, I chose to talk about version 4.0, mainly because I felt it gave a good representation...

SpiderLabs Radio May 17, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave's Threat Intelligence Service and covers Topiray, Viral, TFlow, Kayla go to jail, DHS selling 0-days, OSX Malware, SkyNews, Colin was here, OpPetrol, Onity locks...

Analysis of Malicious Document Files Spammed by Cutwail

In our Global Security Report, we highlighted a zero day vulnerability in the Windows Common Controls affecting Microsoft Office (CVE-2012-0158). This was reportedly being used for targeted attacked against NGOs and human rights activist. Over the past week, the Cutwail...

Microsoft Patch Tuesday, May 2013

I keep hoping for an easy relaxing Patch Tuesday of say, only two or three bulletins but so far this year things haven't been so easy. So far this year we have Patch Tuesdays of seven, ten and seven bulletins,...

TWSL2013-002: Multiple XSS Vulnerabilities in The Bug Genie

Trustwave SpiderLabs has published a new security advisory for multiple Cross-Site Scripting (XSS) vulnerabilities in The Bug Genie, an open source issue tracking and project management PHP application. The findings include both reflective and persistent XSS vulnerabilities in input parameters...

Securing Continuous Integration Services

Summary Over the last couple weeks, I've had the distinct privilege to share some of my research surrounding continuous integration security. The presentation was dubbed "Attacking Cloud Services w/ Source Code" and was presented at both SOURCE Boston 2013 and...

Securing Continuous Integration Services

Summary Over the last couple weeks, I've had the distinct privilege to share some of my research surrounding continuous integration security. The presentation was dubbed "Attacking Cloud Services w/ Source Code" and was presented at both SOURCE Boston 2013 and...

5 ways to protect your E-Commerce site

The Trustwave Spiderlabs team frequently responds to E-commerce data breaches. The number of website breaches that we are working continues to rise. There are a handful of reasons for this rise. We are approaching saturation in the "brick and mortar"...

Introducing the Burp Notes Extension

As a Security Analyst I spend a significant amount of time working in tools like Burp Suite. On any given project I need to keep track of a large number of requests, responses, and various scan results. Conveniently, I can...

SpiderLabs Radio May 10, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave's Threat Intelligence Service and covers IE 0-day hits Labour, Syrian Electronic Army hits E! Online and The Onion, Guccifer returns, $40 Million cyber heist,...

Microsoft Advance Notification for May 2013

There will be ten bulletins released by Microsoft next Tuesday and one of those should be for the recent Internet Explorer zero-day discovered earlier this week. Buletin 2 should cover the remote code execution of the IE-8 0day while Bulletin...

Alina: Casting a Shadow on POS

Over the pastfew months, a number of malware families targeting Point of Sale (POS) systems have been discussed. First there was Dexter (Seculert / SpiderLabs), then there was its big brother vSkimmer, and more recently there was Dump Memory Grabber...

Mayday! 0-Day

While many workers around the world were celebrating the May 1st events, the US Department of Labor website got hacked and was used to redirect browsers to a 3rd party site which served a new IE 8 0day exploit, known...

SpiderLabs Radio May 3, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue covers Living Social, Reputation.com, Syrian Electronic Army, CyberBunk/SpamHaus/Cloudfare weirdeness, Google Play Kills AutoUpdate, Al Qassam cyber Fighters, Rogue Admin mines bitcoins, Foie Gra, Levenworth Hospital, Ketchikan Middle School, and Itella...