Showing 18 results for: February 2015 ×

SpiderLabs Radio for the Week of February 23, 2015

In this week's episode: Superfish and HTTPS MITM attacks SpiderLabs Honeypots and DDoS Malware SpiderLabs teardown of the RIG EK Links mentioned in this podcast: [Honeypot Alert] FHS Null Byte Attack (CVE-2014-6287) Attempts to Install DDoS Malware (Iptablex) RIG Exploit...

RIG Exploit Kit – Diving Deeper into the Infrastructure

Following our previous blog post about the leaking of the RIG exploit kit's source code, we dug deeper into the architecture that facilitates the massive infections using RIG. The screen shot below diagrams RIG's infrastructure. RIG Exploit Kit Infrastructure Most...

AppDetectivePRO and DbProtect Knowledgebase Update 4.46

This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available. Knowledgebase version 4.46 includes new checks for vulnerabilities and configuration issues in MySQL and Oracle data stores. New Vulnerability and Configuration Check Highlights MySQL Critical Patch Update -...

TrustKeeper Scan Engine Update – February 16, 2015

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. This week we've included 19 new vulnerability checks. We also included a check for the...

SpiderLabs Radio for the Week of February 9, 2015

In this week's episode: Microsoft Patch Tuesday and Zero Days Ten Million Passwords Publicly Released New Anti-Forensic Technique: HARES Listen to this and archived episodes on Trustwave SpiderLabs Radio or in iTunes. Or you can download the MP3 file directly...

Announcing ModSecurity v2.9.0 Stable Release

The SpiderLabs Research - ModSecurity Team is proud to announce the stable release of version 2.9.0 which contains bug fixes reported during the Release Candidate (RC) phase. The most important change from v2.9.0-RC2 to v2.9.0: Fix apr_crypto.h include, now checking...

Microsoft Patch Tuesday, February 2015

Today marks Microsoft's February Patch Tuesday release and it's a pretty big one. This month's release has nine bulletins, including three rated Critical and seven rated Important. In all the release patches a total of 56 vulnerabilities. Although Internet Explorer...

SpiderLabs Radio for the Week of February 2, 2015

In this week's episode: 2015 Changes to the Google Bug Bounty CTB-Locker ransomware Yet Another Flash Zero Day Links mentioned in this podcast: Kafiene's Breakdown of CTB-Locker: http://malware.dontneedcoffee.com/2014/07/ctb-locker.html A New Zero-Day of Adobe Flash CVE-2015-0313 Exploited in the Wild: https://www.trustwave.com/Resources/SpiderLabs-Blog/A-New-Zero-Day-of-Adobe-Flash-CVE-2015-0313-Exploited-in-the-Wild/...

Stealing RubyGems API Keys during Post Exploitation

Between April and May of 2013, I presented at SOURCE Boston and THOTCON and blogged about some of my research involving the exploitation of continuous integration/delivery (CI/CD) services using malicious unit-tests as a remote code execution (RCE) attack vector. During...

TrustKeeper Scan Engine Update – February 4, 2015

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. This week we've included 18 new vulnerability checks, one of which includes a check for...

SpiderLabs Radio for the Week of January 26, 2015

In this week's episode: Critical Vulnerability Discovered in BlackPhone Google Zero Days hit OS X Facebook Magnet Malware The GHOST Vulnerability Links mentioned in this podcast: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235): Trustwave SpiderLabs Radio or in iTunes. Or...