Showing 21 results for: October 2014 ×

Setting HoneyTraps with ModSecurity: Adding Fake Cookies

This blog post continues with the topic of setting "HoneyTraps" within your web applications to catch attackers. Please review the previous posts for more examples: Project Honeypot Integration Unused Web Ports Adding Fake robots.txt Entries Adding Fake HTML Comments Adding...

Reflected File Download - A New Web Attack Vector

PLEASE NOTE: As promised, I've published a full white paper that is now available for download: White paper "Reflected File Download: A New Web Attack Vector" by Oren Hafif. On October 2014 as part of my talk at the Black...

Hacking a Reporter: UK Edition

Over the summer, a U.K. journalist asked the Trustwave SpiderLabs team to target her with an online attack. You might remember that we did the same in 2013 by setting our sites on a U.S.-based reporter. This scenario, however, would...

TrustKeeper Scan Engine Update – October 17, 2014

Summary The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. The update adds a check for a Drupal SQL injection vulnerability (CVE-2014-3704). New Vulnerability...

SpiderLabs Radio: October 22, 2014

In this episode: Google offering Security Key for 2FA New Microsoft OLE vulnerability Ebola Phishing Campaign Here are some of the links discussed in this weeks show: SpiderLabs writeup of CVE-2014-4114 Microsoft advisory for CVE-2014-6352 We'd love to hear what...

SpiderLabs Radio: October 16, 2014

In this episode we'll be talking about the zero days patched by Microsoft's Patch Tuesday as well as all things POODLE. We'd love to hear what you think or what you'd like to hear in future episodes. Please feel free...

TrustKeeper Scan Engine Update – October 15, 2014

Summary The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. A highlight of the update is an additional check for the recently disclosed POODLE...

Jailbreak Detection Methods

This post concludes our three-part series about mobile security. Today's post will outline some options for detecting jailbroken devices, should you choose to do so. Yesterday, we asked whether blocking an app's execution on jailbroken devices was worth it. Earlier...

Executing Apps on Jailbroken Devices

This post is part two of a three-part series about mobile security. Today's post will discuss the execution of apps on jailbroken devices. Yesterday, we described some vulnerabilities in iOS web browsers. Tomorrow, we'll explore detecting jailbroken devices. “App cannot...

TrustKeeper Scan Engine Update – October 9, 2014

Summary The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. A highlight of the update is an additional check for the recently disclosed Shellshock...

Microsoft Patch Tuesday, October 2014

Today is the October Microsoft Patch Tuesday, and it addresses eight separate bulletins. Three bulletins are rated Critical and five are rated Important. Surprising no one, Internet Explorer is back with another Critical bulletin patching fourteen separate vulnerabilities. The spotlight...

Exploring and Exploiting iOS Web Browsers

Today we begin a three-post series about mobile security. We start with a discussion of vulnerabilities in iOS web browsers. Later this week we'll cover apps executing on jailbroken devices and the detection of jailbroken devices. While the release and...

SpiderLabs Radio: October 9, 2014

In this episode: BadUSB iWorm OS X botnet Tyupkin ATM malware Here are some of the links discussed in this week's show: BadAndroid v0.1 Phison BadUSB code We'd love to hear what you think or what you'd like to hear...

TrustKeeper Scan Engine Update – October 1, 2014

Summary The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. A highlight of the update is an additional check for the recently disclosed Shellshock...

Microsoft Advance Notification for October 2014

On Tuesday, October 14, Microsoft will publish their newest security update. This patch Tuesday release has nine bulletins. However, only three of these are rated "Critical", five are rated "Important" and one is rated "Moderate". These bulletins will affect Internet...

SpiderLabs Radio: October 2, 2014

In this episode: All things Shellshock DerbyCon was GREAT, thanks for asking Get well soon, Cap'n Crunch Here are some of the links discussed in this weeks show: Mubix's existing shellshock attack vectors and PoCs SpiderLabs: Shellshock a Week Later:...