Showing 36 results for: Secure Web Gateway ×

Angler Takes Malvertising to New Heights

We have just discovered an advertising campaign that has been placing malicious advertisements on very popular websites both in the US and internationally. "answers.com" (Alexa rank 420 Global and 155 in the US), "zerohedge.com" (Ranked 986 in the US) and...

Endless Evasion Racing Game

In the past year we have been exploring the Magnitude Exploit Kit - one of the major actors in the cybercriminal scene. Like most of the modern exploit kits Magnitude is comprised of several layers in order to decrease the...

A Flash Exploit (CVE-2015-5119) From the Hacking Team Leak

***Update July 12, 2015--It was recently discovered that Hacking Team possessed an additional zero-day exploit for Adobe Flash--CVE-2015-5122. CVE-2015-5122 was patched by Adobe on July 8, 2015. While a different exploit than CVE-2015-5119 discussed below, Trustwave SWG customers are also...

Malvertisement – A Nuclear EK Tale

Over the past couple of years delivering malware via advertisements, or "malvertisement," has become one of the most popular methods of distribution for exploit kits. Like most trends in the world of Internet security, the longer it endures - the...

RIG Exploit Kit – Diving Deeper into the Infrastructure

Following our previous blog post about the leaking of the RIG exploit kit's source code, we dug deeper into the architecture that facilitates the massive infections using RIG. The screen shot below diagrams RIG's infrastructure. RIG Exploit Kit Infrastructure Most...

Hacking a Reporter: UK Edition

Over the summer, a U.K. journalist asked the Trustwave SpiderLabs team to target her with an online attack. You might remember that we did the same in 2013 by setting our sites on a U.S.-based reporter. This scenario, however, would...

CVE-2014-0515 Goes to Brazil for World Cup 2014

The FIFA World Cup 2014 begings June 12 and enthusiasm about the event has shown itself in increased traffic to different sport websites around the world. With more people visiting certain websites, you can bet that malicious individuals will look...

Microsoft Internet Explorer 0-Day (CVE-2014-1776)

A zero-day vulnerability in Microsoft Internet Explorer, CVE-2014-1776, was recently discovered when it was used as part of a targeted attack. Despite being an exploit for Internet Explorer, the attack used a Flash file to deliver the malicious code and...

Microsoft Word RTF 0-Day (CVE-2014-1761)

A zero-day vulnerability in Microsoft Word involving the handling of the RTF file format was published last week in the form of a Microsoft advisory. In its advisory, Microsoft states that it is aware of “limited, targeted attacks” exploiting this...

Deep Analysis of CVE-2014-0502 – A Double Free Story

A lot has already been said about CVE-2014-0502, the Adobe Flash Player zero-day that was part of a targeted attack that infected several nonprofit organizations’ websites. Several interesting aspects of the exploit were covered in various blog posts; including its...

Beware! Bats hide in your jQuery!

Injection of malicious code into JavaScript files is not new; however, we recently observed a steep increase in the use of this method, particularly in jQuery libraries, in order to redirect users to malicious web pages. Why has injecting malicious...

DaumGame ActiveX 0day

One might think that vulnerabilities in ActiveX controls are a thing of the past, but we continue to find evidence that they have not. Just this year, dozens of vulnerabilities have been discovered. In some cases an ActiveX exploit is...

Look What I Found: It's a Pony!

Every once in a while we get to peek into the lion's den, this time we'll be checking out a fairly large instance of the Pony botnet controller, containing a large amount of stolen credentials and other goodies. Pony, for...