Showing 16 results for: October 2014 ×

Setting HoneyTraps with ModSecurity: Adding Fake Cookies

This blog post continues with the topic of setting "HoneyTraps" within your web applications to catch attackers. Please review the previous posts for more examples: Project Honeypot Integration Unused Web Ports Adding Fake robots.txt Entries Adding Fake HTML Comments Adding...

Reflected File Download - A New Web Attack Vector

PLEASE NOTE: As promised, I've published a full white paper that is now available for download: White paper "Reflected File Download: A New Web Attack Vector" by Oren Hafif. On October 2014 as part of my talk at the Black...

Hacking a Reporter: UK Edition

Over the summer, a U.K. journalist asked the Trustwave SpiderLabs team to target her with an online attack. You might remember that we did the same in 2013 by setting our sites on a U.S.-based reporter. This scenario, however, would...

SpiderLabs Radio: October 22, 2014

In this episode: Google offering Security Key for 2FA New Microsoft OLE vulnerability Ebola Phishing Campaign Here are some of the links discussed in this weeks show: SpiderLabs writeup of CVE-2014-4114 Microsoft advisory for CVE-2014-6352 We'd love to hear what...

SpiderLabs Radio: October 16, 2014

In this episode we'll be talking about the zero days patched by Microsoft's Patch Tuesday as well as all things POODLE. We'd love to hear what you think or what you'd like to hear in future episodes. Please feel free...

Jailbreak Detection Methods

This post concludes our three-part series about mobile security. Today's post will outline some options for detecting jailbroken devices, should you choose to do so. Yesterday, we asked whether blocking an app's execution on jailbroken devices was worth it. Earlier...

Executing Apps on Jailbroken Devices

This post is part two of a three-part series about mobile security. Today's post will discuss the execution of apps on jailbroken devices. Yesterday, we described some vulnerabilities in iOS web browsers. Tomorrow, we'll explore detecting jailbroken devices. “App cannot...

Microsoft Patch Tuesday, October 2014

Today is the October Microsoft Patch Tuesday, and it addresses eight separate bulletins. Three bulletins are rated Critical and five are rated Important. Surprising no one, Internet Explorer is back with another Critical bulletin patching fourteen separate vulnerabilities. The spotlight...

Exploring and Exploiting iOS Web Browsers

Today we begin a three-post series about mobile security. We start with a discussion of vulnerabilities in iOS web browsers. Later this week we'll cover apps executing on jailbroken devices and the detection of jailbroken devices. While the release and...

SpiderLabs Radio: October 9, 2014

In this episode: BadUSB iWorm OS X botnet Tyupkin ATM malware Here are some of the links discussed in this week's show: BadAndroid v0.1 Phison BadUSB code We'd love to hear what you think or what you'd like to hear...

Microsoft Advance Notification for October 2014

On Tuesday, October 14, Microsoft will publish their newest security update. This patch Tuesday release has nine bulletins. However, only three of these are rated "Critical", five are rated "Important" and one is rated "Moderate". These bulletins will affect Internet...

SpiderLabs Radio: October 2, 2014

In this episode: All things Shellshock DerbyCon was GREAT, thanks for asking Get well soon, Cap'n Crunch Here are some of the links discussed in this weeks show: Mubix's existing shellshock attack vectors and PoCs SpiderLabs: Shellshock a Week Later:...

Shellshock a Week Later: What We Have Seen

Trustwave, like most other information security firms, has been busy investigating the ShellShock vulnerability and subsequent scanning and exploit attempts. The SpiderLabs team at Truswave wanted to give the community some feedback on what we are seeing happening "in the...