The last Patch Tuesday of 2018 is here and we are easing into the New Year with only 40 CVEs to address. Nine of these are rated "Critical" with the other 31 rated "Important". The "Critical" list includes the typical Internet Explorer and the scripting engine vulnerabilities, but also include Remote Code Execution (RCE) vulnerabilities in the .NET Framework and the Windows DNS server. Another RCE exists in the Microsoft Text-To-Speech feature in the Windows OS.

This blog post offers insight into Magecart and offers advice on how t protect your systems from this threat using a number of methods including ModSecurity WAF rules.

Scavenger confronts a challenging issue typically faced by Penetration Testing consultants during internal penetration tests; the issue of having too much access to too many systems with limited days for testing.

We are happy to announce ModSecurity version 2.9.3!

During Thanksgiving week, we noticed this quite unusual XML-format MS Office Document file Figure 1: Email Sample Saving a Word document file as XML is a legitimate option but criminals had taken advantage of this file format to circumvent malware...

Sometimes pentesters and security researchers need to modify existing Java application but have no access to its source. For example, it might be necessary to adjust the logic a bit to see how the application works in certain specific conditions....

Hacker's Wish Come True After Infecting Visitors of Make-A-Wish Website With Cryptojacking After coming back from a vacation, the first thing to do is catch up with what happened while you were gone. That is what I did earlier this...

Whilst there is a wealth of information out there about how to build environments that can be used for training, offensive tradecraft development and blue team response detection, a vital part of these environments is hard to emulate. A computer...

Context AJAX stands for Asynchronous JavaScript And XML. It's a set of web development techniques using many web technologies on the client side to create asynchronous web applications. In some cases, XML is not used, but JavaScript is almost always...

The second to last Patch Tuesday of 2018 is here with patches for 55 CVEs. This includes 11 rated "Critical", 42 rated "Important" and one each rated "Moderate" and "Low". The release also contains three advisories including the standard patch...

At precisely 155 commits ahead of the latest version, ModSecurity version 3.0.3 contains a number of improvements and features to enhance the ModSecurity experience. In this blog post, we'll explain some of the new capabilities in the latest release. Better...

Many types of malware send and receive data via HTTP. They may either be sending updates back to their command and control (CnC) centers or they may receive updates. Typically these won't be sent in plain text but rather with...

David Middlehurst of Trustwave SpiderLabs presented at the first ever conference dedicated to the Mitre ATT&CK framework earlier this week, on October 23, 2018.

It has been ten years since the release of MS08-067. Unlike many of the other incidents over the years, this vulnerability has developed a celebrity life of its own (even including pillow shams!). It has a warm place in the...

"Leave your ego at the door every morning, and just do some truly great work. Few things will make you feel better than a job brilliantly done." Robin S. Sharma The last time we visited the cybercriminal underground, we introduced...

October's Patch Tuesday is here and with it come patches for 49 CVEs and a "Defense in Depth" Advisory for Microsoft Office. Among the patches 12 are rated "Critical," 34 are rated "Important," two rated "Moderate," and one rated as.

Using a VPN (Virtual Private Network) can bring many advantages, particularly when you want to access remote resources, or you are using a network you don't fully trust, for example, a coffee shop or an airport. In the recent years,...

Trustwave recently discovered a locally exploitable issue in the macOS version of the Webroot SecureAnywhere solution. The issues root cause is an arbitrary user-supplied pointer being read from and potentially written too. As such, the issue arms an attacker with...

September's Patch Tuesday is here with patches for 61 CVEs and two roll up patches, one for multiple Denial of Service vulnerabilities in Windows and one for the ever present Remote Code Execution (RCE) vulnerabilities in Adobe Flash.

We are seeing more reports from organizations being targeted by what could be called an 'altered invoice scam'. This type of scam is not new but has gained more prominence lately. The basic outline of the scam looks something like.