Showing 16 results for: January 2014 ×

SpiderLabs Radio: January 30, 2014

In this episode we look at a rash of gas pump credit card skimmers, the Syrian Electronic Army keeps itself in the headlines, Guccifer has been arrested and the FBI issues a warning about POS Malware. I also continue my...

Introducing ModSecurity Status Reporting

The Trustwave SpiderLabs Research team is committed to making ModSecurity the best open source WAF possible. To this end, we have deployed Buildbot platforms and revamped regression tests for our different ports to ensure code quality and reliability. But we...

SpiderLabs Radio: January 23, 2014

In this episode I sit down with Grayson Lenik, a forensic expert for Trustwave SpiderLabs. We talk about Point-of-Sale malware, including common attack vectors as well as remediation steps to help protect businesses using POS systems. Listen to SpiderLabs radio...

10,000 Litecoins Worth $230,000 USD Were Stolen!

Newspapers, commentators and bloggers have lately been asking whether digital currencies, such as Bitcoin, are "the new gold". Digital currencies are valuable and so attackers take interest in them just like they do payment card numbers. Just today, we witnessed...

Beware! Bats hide in your jQuery!

Injection of malicious code into JavaScript files is not new; however, we recently observed a steep increase in the use of this method, particularly in jQuery libraries, in order to redirect users to malicious web pages. Why has injecting malicious...

What Dirty Little Secrets You Find on eBay

So I do networking (computers and wifi things) at a number of security conferences (Thotcon & DEF CON). In order to do so, I sometimes need hardware to play with. In December I decided to watch a few auctions on...

Trustwave Analysis of the January 2014 Oracle CPU

It's the second Tuesday in January, so it is Oracle Critical Patch Update (CPU) time. The January 2014 CPU contains 144 fixes across Oracle's Database, Fusion Middleware, E-Business Suite, PeopleSoft, Siebel, Oracle and Sun Systems Product Suite, MySQL, Oracle Linux and Virtualization, Oracle Java and some other less common product lines.

SpiderLabs Radio: January 16, 2014

In this episode: Updates, updates, updates! With Oracle's Quarterly Critical Patch Update coinciding with Patch Tuesday we have updates galore including for Java, Adobe, and Microsoft. In other stories, 7,000 unencrypted patient records were accidentally thrown away, malware was discovered...

Microsoft Patch Tuesday, January 2014

Hopefully January's Patch Tuesday is a sign of things to come for 2014. With only four bulletins, this month's release is the lightest in recent memory. Markedly missing are any bulletins for Internet Explorer and not a single bulletin is...

SpiderLabs Radio: January 10, 2014

In this week's podcast we talk about malware offered up in onlines ads, the return of email hacker Guccifer, the T-Mobile Breach, the final divorce between McAfee the man and McAfee the brand and a proof of concept for the...

SAP Sybase ASE 15.7 security updates

SAP Sybase Adaptive Server Enterprise is a relational database management product used to store financial, statistical, and virtually any other type of data. It is supported on many platforms including Solaris, Linux, and Windows. Recently SAP released security updates to...

Microsoft Advance Notification for January 2014

Microsoft is scheduled to release the next security update for consumers on January 14th with affected Windows platforms, Microsoft Office software, and Microsoft Dynamics AX. This is one of the lightest security releases seen in some time with only four...

DaumGame ActiveX 0day

One might think that vulnerabilities in ActiveX controls are a thing of the past, but we continue to find evidence that they have not. Just this year, dozens of vulnerabilities have been discovered. In some cases an ActiveX exploit is...

SpiderLabs Radio: January 3, 2014

Welcome to the SpiderLabs Radio Reboot! As we bid our old host, Space Rogue, a fond farewell, we welcome our new host, Karl Sigler. In this week's podcast we will revisit some of the biggest security stories of 2013. So...