Have you ever seen a rule for ModSecurity? They may look similar to the following: SecRule REQUEST_URI "@endswith example.com/index.html" "id:1,log,deny,redirect:http://modsecurity.org" This rule may look complicated, but it is extremely basic. It says, if you find a URL ending with example.com/index.html...

Trustwave and Osterman Research today released results of a new study on cybersecurity resource limitations that quantifies the challenges businesses face around recruitment of IT security talent, identification of the skills sets they require, the level of control they have over their IT security budgets, and other pertinent matters related to IT security management. The study reveals that corporate security demands still outpace the available talent at alarming rates.

It's everyone's favorite Patch Tuesday, January's Patch Tuesday. Historically January has always been a light month for bulletins and this January is the lightest in years. With only four bulletins and three CVEs, Admins should have a relatively easy time...

Q: What does it take to create a simple, yet fully functioning exploit kit? A: Just a little bit of determination. A few weeks ago a website popped up on our radar: www[.]***empowernetwork[.]com This web site, like many others in...

Trustwave today announced the launch of its transaction laundering detection (TLD) service that helps acquiring banks, payment processors, payment gateways and independent sales organizations (ISOs), monitor and manage merchant risk and offer value added services to customers. The Trustwave TLD service can help these organizations address illegal and undisclosed e-commerce transaction aggregation in which a website for a legitimate business is used to mask a hidden website selling goods or services prohibited by payment card brands.

In my last blog post I discussed the art of embedding secret messages in any file so that only the sender and the receiver know about the presence of that message. This is called steganography. In this post I will...

Introduction A recent investigation into credit card fraud that was enabled by a webshell revealed several interesting methods used by the attacker. These methods are the subject of this blog, as well as providing some suggestions on what E-commerce companies...

Trustwave
Twitter Feed

Follow Us @Trustwave