I’ve previously created a couple of blog post’s focused around phishing with Microsoft Access https://medium.com/@rvrsh3ll. This blog post continues down the path of utilizing features in Microsoft Access that an attacker or penetration tester may utilize to gain further access into an organization.

Recently we noticed the Necurs botnet launching a small spam campaign with a HTML redirector as an attachment. The HTML is crafted to perform a DNS query to the spammer’s domain, obtain the DNS TXT Record and execute data within that record. This leads to redirection to unwanted advertisements and scam webpages. This is the first time we have seen this botnet delve into this strategy.

For June's Patch Tuesday, Microsoft is releasing four advisories and patches for a massive 91 CVEs, the largest Patch Tuesday release in well over a year. Twenty-one of those CVEs are rated "Critical," 69 are rated "Important," and one CVE was rated "Moderate."

May's Patch Tuesday is here and brings with it patches for 79 CVEs. Twenty-two of those CVEs are rated "Critical," 56 are rated "Important," and one single CVE was rated "Moderate."

Today we released our 2019 Global Security Report. The report is based on the analysis of billions of logged security and compromise events worldwide, hundreds of hands-on data-breach and forensic investigations, manual penetration tests, network vulnerability scans and internal research over the course of 2018.

Along with "Spring Showers" up here in the Northern Hemisphere, April also brings with it Microsoft's Patch Tuesday. This release includes patches for 75 CVEs and Adobe's Flash Update.

Recently we came across a spam message from our traps that looked truly odd when viewed from our Secure Email Gateway console.

Another round of sextortion scam emails with a pdf attachment were pushed out recently claiming to be from the Central Intelligence Agency (CIA). What's new in this batch of spams is that this is the first time we have seen the scammers use an online web platform in collecting the ransom.

PostgreSQL, commonly known as Postgres is one of the largest and most popular database systems in the world. It is the primary database of Mac OSX but also has Linux and Windows versions available.

Just a short post from me today, bringing you a pretty simple Cross-Site Scripting (XSS) issue.

A few days ago we encountered a breach on a Pakistani government site which was compromised to deliver a dangerous payload- the Scanbox Framework. This compromise is exactly the kind of attack we were concerned about when discussing the danger in a previous compromise that we uncovered just a few weeks ago against another government site, at that time the Bangladesh Embassy in Cairo.

Con men have been exploiting human psychology since the dawn of time. Equipped with the capabilities of the digital age they now have the means to launch voluminous lucrative con schemes at a global scale.

his month's Patch Tuesday brings with it four advisories and patches for 64 CVEs including a patch for a zero-day actively exploited in the wild.

Sextortion is a form of sex-themed exploitation via email where victims are coerced to give money to the scammer. Sextortion campaigns have become a large issue in the last year....

When I first released Sheepl 0.1 in September 2018 as part of a talk, I wanted to showcase a different approach to user emulation, and the initial idea was well received. Security and IT professionals could see the potential and.....

WebSockets allow a single TCP connection to have full duplexing communications.  This type of connection reduces the overhead of HTTP polling, where the client would have to constantly request information from the server in order to get updates.....

In the world of Phishing emails, we often see schemes which involve enticing users to open a malicious document, sometimes disguised as a form of some sort. In the world of web attacks, we see less of these, as it usually takes a lot more to convince a user casually browsing the internet to download and open a document. But what if the user is visiting a government site where forms are generally in abundance? It looks like this time attackers decided to try their luck and find out.

Last week, one of my SpiderLabs colleagues was working on a PCI forensic triage for a website. During his investigation, he asked me to check out some HTTP traffic he captured during an online retail store checkout session.

With today's Patch Tuesday for February, things are back to normal with patches for 76 CVEs and four advisories. Twenty of the CVEs are rated "Critical," 53 are rated "Important," and three are rated "Moderate."

In the first two parts of our investigative series into the cybercriminal underground, we examined its social structure as well as the types of jobs and opportunities that exist for those with ill intent. We have learned that the dark web’s ecosystem is vast and well-coordinated, with a low barrier to entry due to widely available hacking and malware distribution tools for those with limited technical knowledge. But a life of digital crime by its very nature leaves a long trail for investigators – so what happens once a cybercriminal succeeds in their nefarious schemes and turns a profit?