Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers – is the security community’s go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Trustwave 2015 Global Security Report Available Now

Today, we reveal our Trustwave 2015 Global Security Report. We've spent months analyzing hundreds of our data breach investigations over the past year, and culling threat intelligence from our industry-leading security research and data collected from technology managed by our...

Drupal Compromise Analysis Including Indicators of Compromise

I would like to thank fellow SpiderLabs Researcher Chaim Sanders and Dennis Wilson, Bryant Smith and Casey Critchfield for their help with gathering data and analyzing this attack. Analysis of a real Drupal compromise In this blog post, we will...

It’s ALIVE: Trustwave Global Security Report Online Now Available

This morning we unveiled our reinvented Trustwave Global Security Report. It's a living report, online and available now. The data contained in the report is collected from forensic investigations that we conduct for businesses around the world, in addition to...

2014 Trustwave Global Security Report Available Now

Today we released our annual 2014 Trustwave Global Security Report, an analysis of compromise and threat statistics that we gathered from 691 data breach investigations conducted across the world, telemetry pulled from our deployed technologies and our 24/7 global security...

Corporate Passwords Part 1

With the vast amount of research and content that was done by SpiderLabs for the Global Security Report, it made it impractical to include all of the content that was written for this year's password study. But instead of letting...

Analysis of Malicious Document Files Spammed by Cutwail

In our Global Security Report, we highlighted a zero day vulnerability in the Windows Common Controls affecting Microsoft Office (CVE-2012-0158). This was reportedly being used for targeted attacked against NGOs and human rights activist. Over the past week, the Cutwail...

Upcoming Webinars: 2013 Trustwave Global Security Report Threat Trends

A few weeks ago we released the 2013 Trustwave Global Security Report. This year, Trustwave analyzed millions of passwords, hundreds of businesses and billions of emails, all in an effort to expose the most critical and emerging security threats to...

New Year, New Data, Same Mistakes: Passwords

Like a late-arriving christmas, one of the gifts of the new year is the release of SpiderLabs' annual white paper, the Global Security Report. As a supplement to this year's report, we're going to share some highlights of the corporate...

Choppy Regulatory Waters ahead for EU SMEs?

There's been a reasonable amount of coverage of the (proposed) data protection legal framework changes for the European Union, which the European Commission summarizes [1] as: The legal framework consists of two legislative proposals: A proposal for a Regulation of...

Hey, I just met you, and this is crazy, but here's my hashes, so hack me maybe?

Those familiar with password cracking know that KoreLogic's rule set for John the Ripper has become the de facto standard for password cracking.However, as with anything technology related, the rules are slightly starting to show their age, specifically with rules designed to take into account years. So, I decided to take on the task of making a few modifications to the rule set, this includes updating them to take into account the current and prior year, but also reworking some of the rules to eliminate some redundancy.

Exploiting Users By Non-technical Means; or, “S Users Do”

Numerous technical articles emerge each day about the latest vulnerabilities, flaws, exploits, and whatnot. That's great and all (who hasn't simultaneously groaned and cheered when they find an MS08-067 exploitable machine on a pentest, 4+ years after the vulnerability was...

Five E-Commerce Security Myths (Part 1)

Compromises of e-commerce websites are increasingly common. In our 2012 Global Security Report we reported that 20% of our incident response investigations related to e-commerce sites. This was up from 9% the year before. In my part of the world...

Five E-Commerce Security Myths (Part 2)

In part 1 of this series I gave an introduction into how most merchants accept payments and how most bad guys steal this data. In this post, I'm going to delve into the misconceptions about e-commerce security that we hear...

Update from Trustwave SpiderLabs EMEA, London

It was a hectic week in London. In case you hadn't heard its was InfoSec europe week, but we were also busy with the SC Awards dinner (where PenTest Manager won the innovation award), Bsides London, 44 café, speaking at...

#TWContest: One in how many organizations use insecure remote access...

On Friday we posted our seventh question of the Trustwave 2012 Global Security Report Twitter Contest. The question was… "One in how many organizations use insecure remote access solutions as seen through vulnerability scans performed by Trustwave?" The answer is......

#TWContest: The two main motivations for web-based attacks are...

On Thursday we posted our sixth question of the Trustwave 2012 Global Security Report Twitter Contest. The question was… "What are the two main motivations for web-based attacks as seen in 2011 by Trustwave SpiderLabs?" The answer is... "Hacking for...

#TWContest: The correct data aggregation technique is...

On Tuesday we posted our fifth question of the Trustwave 2012 Global Security Report Twitter Contest. The question was… "Jeopardy Style: This data aggregation attack technique obtains data while it is being processed or access by a system or application....

#TWContest: The top 'origin' of attack is...

On Monday we posted our fourth question of the Trustwave 2012 Global Security Report Twitter Contest. The question was… "What was the top "origin" of attack as seen through Trustwave SpiderLabs investigations in 2011?" The answer is... "Unknown" or "Unknown...

#TWContest: The 7th most popular password is...

On Friday we posted our third question of the Trustwave 2012 Global Security Report Twitter Contest. The question was… "What was the 7th most popular password found during a Business Password Analysis of over 2M hashes by Trustwave SpiderLabs?" The...

Stay Connected


Subscribe

Sign up to receive the latest security news and trends from Trustwave.

No spam, unsubscribe at any time.


Trending Topics