Showing 218 results for: 2014 ×

Building my own personal password cracking box

Since 2003, I've spent a majority of my workdays hacking systems. I've collected tons of penetration testing tips and tricks and have shared some of them on this blog. As a part of my work as a penetration tester, cracking...

No Country For Old Vulnerabilities

Finding a common cross-site scripting vulnerability in Cisco's new IOS Software Checker Feature. During my normal day-to-day work I interface with a number of websites while researching the details of recently released vulnerabilities. It was a pleasant surprise when one...

TrustKeeper Scan Engine Update – December 22, 2014

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Highlights of the release include four new checks for remote desktop protocol (RDP) security configurations....

Signed Ruby Gems: A c7decrypt walk-through

As someone who's responsible for a number of Ruby projects, both open-source and commercially developed, I'm always on the look out for new ways to improve how they are secured and delivered to end-users. The most common method for delivering...

Alina POS malware "sparks" off a new variant

Alina is a well-documented family of malware used to scrape Credit Card (CC) data from Point of Sale (POS) software. We published a series of in-depth write-ups on the capabilities Alina possesses as well as the progression of the versions....

TrustKeeper Scan Engine Update – December 15, 2014

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Highlights of the release include two new checks for vulnerabilities and a warning of support...

TrustKeeper Scan Engine Update – December 12, 2014

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Highlights of the release include seven new checks for 16 vulnerabilities and added support for...

SpiderLabs Radio for the week of December 8, 2014

In this episode: Last Patch Tuesday of 2014 New POODLEv2 Malware signed with Sony certificate Happy Holidays and Farewell until 2015 We'd love to hear what you think or what you'd like to hear in future episodes. Please feel free...

Microsoft Patch Tuesday, December 2014

December's Microsoft Patch Tuesday is upon us and, hopefully, marks the last batch of bulletins for 2014. Although not as big as November's release, it still clocks in with three Critical and four Important bulletins. Internet Explorer is back with...

AppDetectivePRO and DbProtect Knowledgebase Update 4.44

This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available. Knowledgebase version 4.44 includes new checks for vulnerabilities and configuration issues in IBM DB2 LUW and Oracle data stores. PLEASE NOTE: the AppDetectivePRO and DbProtect customer support portal...

SpiderLabs Radio for the week of December 1, 2014

In this episode: The Sony Breach Operation Cleaver We'd love to hear what you think or what you'd like to hear in future episodes. Please feel free to leave comments below! Listen to this and archived episodes on Trustwave SpiderLabs...

Microsoft Advance Notification for December 2014

Microsoft will publish the last scheduled security release of the year on Tuesday, December 9th. This patch Tuesday release will include three bulletins rated "Critical" and four bulletins rated as "Important". Internet Explorer, Office, Exchange, and Windows will all be...

TrustKeeper Scan Engine Update – December 1, 2014

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Highlights of the release include new checks for 10 vulnerabilities and extensions of public key-length...