Showing 14 results for: 2017 ×

Unauthenticated Backdoor Access in Unanet

The default configuration of the Unanet web application has a backdoor that can allow unauthenticated users to login and manipulate the user accounts and the roles they maintain. This vulnerability is due to a code branch that exists within the...

Database Security Knowledgebase Update 5.11

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.11 includes new checks for MySQL, SQL Server and Oracle as well as updated checks for SQL Server and MySQL. New Vulnerability and Configuration Check Highlights MySQL Critical...

Underground Scams: Cutting the Head Off a Snake

Shortly after publishing our post about Terror EK, "King Cobra" (a Twitter account that we mentioned at the end of that blog post), tweeted a note to us: Figure 1: King Cobra's tweet to Trustwave This, along with other feedback...

SVG Files Are Not As Benign As It May Seem

Bad guys are getting quite creative trying to evade spam filters and antivirus scanners. Last week, we have observed an influx of spam campaign targeting a Japanese audience. Translated to English: Subject: Photo We always appreciate your regards. (This is...

Is ModSecurity's SecRules Turing Complete?

Have you ever seen a rule for ModSecurity? They may look similar to the following: SecRule REQUEST_URI "@endswith example.com/index.html" "id:1,log,deny,redirect:http://modsecurity.org" This rule may look complicated, but it is extremely basic. It says, if you find a URL ending with example.com/index.html...

Microsoft Patch Tuesday, January 2017

It's everyone's favorite Patch Tuesday, January's Patch Tuesday. Historically January has always been a light month for bulletins and this January is the lightest in years. With only four bulletins and three CVEs, Admins should have a relatively easy time...

Terror Exploit Kit? More like Error Exploit Kit

Q: What does it take to create a simple, yet fully functioning exploit kit? A: Just a little bit of determination. A few weeks ago a website popped up on our radar: www[.]***empowernetwork[.]com This web site, like many others in...