Showing 9 results for: October 2015 ×

SpiderLabs Radio for the Week of October 19, 2015

Two separate SpiderLabs vulnerabilities released: Assi Barak Discovers Magmi Zero Day Asaf Orpani Discovers Critical Joomla SQL injection Also A New IoT Vulnerability In Your Connected Tea Kettle Links mentioned in the show: Assi Barak - Zero-day in Magmi database...

How To Decrypt Ruby SSL Communications with Wireshark

Debugging a program that communicates with a remote endpoint usually involves analyzing the network communications. A common method is capturing the traffic using a packet analyzer tool such as tcpdump or Wireshark. However, this process can be tricky when the...

AppDetectivePRO and DbProtect Knowledgebase Update 4.54

This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available. Knowledgebase version 4.54 includes new support for SAP (Sybase) Adaptive Server Enterprise (ASE) version 16.0, a new check for Oracle Database encryption, updated checks for SAP (Sybase) ASE...

Zero-day in Magmi database client for popular e-commerce platform Magento targeted in the wild

Magento is the most popular e-commerce platform owned by eBay since 2011. We illustrate how a severe security flaw can be introduced into a Magneto based e-commerce system, when installing a commonly used vulnerable version of the open-source Magmi utility and failing to change the default security configuration. The appearance of HTTP requests attempting to exploit this vulnerability in the wild indicates that some bad actors are onto this method as well. Once successful, the attacker gains the Magento site credentials and the encryption key for the Magento database.

Microsoft Patch Tuesday for October 2015

October's Patch Tuesday is upon us and with only six bulletins, it's one of lightest releases we've seen. The six bulletins are split down the center with three rated as Critical and three rated as Important. This release addresses a...

SpiderLabs Radio for the Week of September 28, 2015

In this week's episode: SpiderLab's Rodel Mendrez dissects the Quaverse RAT Current state of medical device security from DerbyCon 2015 Links mentioned in the show: Rodel Mendrez - Quaverse RAT: Remote-Access-as-a-Service DerbyCon 2015 videos Listen to this and archived episodes...