Showing 80 results for: 2017 ×

Helping to Secure your PostgreSQL Database

When big high-tech companies like Apple, Red Hat and Cisco use PostgreSQL in their data infrastructure, you can be certain that PostgreSQL ranks up there with the bigger relational database managers. PostgreSQL is an enterprise-level open source database that has...

Microsoft Patch Tuesday, November 2017

It's that time of the month again for Microsoft updates. November's Patch Tuesday brings with it patches for 53 CVEs as well as rollup security patches for Adobe Flash and Microsoft Office. 19 of those 53 are rated "Critical", 31...

Denial of Service Vulnerability in Brother Printers

A vulnerability in the web front-end of Brother printers (called Debut) allows an attacker to launch a Denial of Service attack. The attack is executed by sending a single malformed HTTP POST request. The attacker will receive a 500 error...

An Easy Introduction to Steganography

Some time ago, a person reached out to Trustwave to get answers regarding some news that he saw about Steganography. After this, I noticed that not many people understand what steganography is and the risks it presents for companies. In...

ModSecurity Web Application Firewall - Commercial Rules Update

We have recently released new commercial rules for ModSecurity Web Application Firewall (WAF) v2.9 and above. These rules' purpose is to protect against new emerging attacks that target vulnerabilities in public software. For this release we are highlighting virtual patches...

"Don't Mine Me" – Coinhive

What's worse than annoying ads on a website? Crypto Miner on a website! Over the last couple of weeks there has been a lot of talk about Coinhive, a service that claims to provide an alternative to advertising for monetizing...

VAT Return with a Vengeance

Authors: Dr. Fahim Abbasi, Gerald Carsula and Rodel Mendrez Scam Overview Her Majesty's Revenue & Customs (HMRC) is the UK department responsible for collecting taxes and other tax related services like VAT returns. On 6th September, 2017, scammers launched a...

Locky Part 2: As the Seasons Change so is Locky

It's that time of year where the seasons are changing. The Northern Hemisphere moves into Autumn, and the Southern Hemisphere moves to Spring. So it is with Locky. As we discussed in our last post, spam campaigns were downloading Locky...

Microsoft Patch Tuesday, October 2017

October is here and brings with it patches for 62 CVEs and a handful of additional advisories. 28 of the vulnerabilities patched are rated "Critical" and 34 are rated "Important". The largest number of vulnerabilities patched (18 total) reside in...

Post-Soviet Bank Heists: A Hybrid Cybercrime Study

Today we are publishing a SpiderLabs Advanced Threat Report that details a major cyberattack targeting banks mainly located in post-Soviet states. All the attacks share a common profile and the finely tuned orchestration of the entire operation shows an innovative...

Emotet lives another day using Fake O2 invoice notifications

Authors: Dr. Fahim Abbasi and Nicholas Ramos We witnessed a widespread phishing campaign targeting O2 customers, that surfaced on 18th August, 2017 and continued intermittently until 21st August, 2017. Telefonica UK Limited, trading as O2, is a major telco provider...