Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers – is the security community’s go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Microsoft Patch Tuesday, December 2018

The last Patch Tuesday of 2018 is here and we are easing into the New Year with only 40 CVEs to address. Nine of these are rated "Critical" with the other 31 rated "Important". The "Critical" list includes the typical Internet Explorer and the scripting engine vulnerabilities, but also include Remote Code Execution (RCE) vulnerabilities in the .NET Framework and the Windows DNS server. Another RCE exists in the Microsoft Text-To-Speech feature in the Windows OS.

Magecart - An overview and defense mechanisms

This blog post offers insight into Magecart and offers advice on how t protect your systems from this threat using a number of methods including ModSecurity WAF rules.

Scavenger: Post-Exploitation Tool for Collecting Vital Data

Scavenger confronts a challenging issue typically faced by Penetration Testing consultants during internal penetration tests; the issue of having too much access to too many systems with limited days for testing.

Demystifying Obfuscation Used in the Thanksgiving Spam Campaign

During Thanksgiving week, we noticed this quite unusual XML-format MS Office Document file Figure 1: Email Sample Saving a Word document file as XML is a legitimate option but criminals had taken advantage of this file format to circumvent malware...

Exploring and Modifying Android and Java Applications for Security Research

Sometimes pentesters and security researchers need to modify existing Java application but have no access to its source. For example, it might be necessary to adjust the logic a bit to see how the application works in certain specific conditions....

Sheepl : Automating People for Red and Blue Tradecraft

Whilst there is a wealth of information out there about how to build environments that can be used for training, offensive tradecraft development and blue team response detection, a vital part of these environments is hard to emulate. A computer...

Taking Advantage of AJAX for Account Enumeration

Context AJAX stands for Asynchronous JavaScript And XML. It's a set of web development techniques using many web technologies on the client side to create asynchronous web applications. In some cases, XML is not used, but JavaScript is almost always...

Microsoft Patch Tuesday, November 2018

The second to last Patch Tuesday of 2018 is here with patches for 55 CVEs. This includes 11 rated "Critical", 42 rated "Important" and one each rated "Moderate" and "Low". The release also contains three advisories including the standard patch...

ModSecurity v3.0.3: What To Expect

At precisely 155 commits ahead of the latest version, ModSecurity version 3.0.3 contains a number of improvements and features to enhance the ModSecurity experience. In this blog post, we'll explain some of the new capabilities in the latest release. Better...

Decoding Hancitor Malware with Suricata and Lua

Many types of malware send and receive data via HTTP. They may either be sending updates back to their command and control (CnC) centers or they may receive updates. Typically these won't be sent in plain text but rather with...

DOH! DNS Over HTTPS Poses Possible Risks to Enterprises

David Middlehurst of Trustwave SpiderLabs presented at the first ever conference dedicated to the Mitre ATT&CK framework earlier this week, on October 23, 2018.

10 Years On – A Look Back at MS08-067

It has been ten years since the release of MS08-067. Unlike many of the other incidents over the years, this vulnerability has developed a celebrity life of its own (even including pillow shams!). It has a warm place in the...

The Underground Job Market

"Leave your ego at the door every morning, and just do some truly great work. Few things will make you feel better than a job brilliantly done." Robin S. Sharma The last time we visited the cybercriminal underground, we introduced...

Microsoft Patch Tuesday, October 2018

October's Patch Tuesday is here and with it come patches for 49 CVEs and a "Defense in Depth" Advisory for Microsoft Office. Among the patches 12 are rated "Critical," 34 are rated "Important," two rated "Moderate," and one rated as.

Credential Leak Flaws in Windows PureVPN Client

Using a VPN (Virtual Private Network) can bring many advantages, particularly when you want to access remote resources, or you are using a network you don't fully trust, for example, a coffee shop or an airport. In the recent years,...

CVE-2018-16962: Webroot SecureAnywhere macOS Kernel Level Memory Corruption

Trustwave recently discovered a locally exploitable issue in the macOS version of the Webroot SecureAnywhere solution. The issues root cause is an arbitrary user-supplied pointer being read from and potentially written too. As such, the issue arms an attacker with...

Patch Tuesday, September 2018

September's Patch Tuesday is here with patches for 61 CVEs and two roll up patches, one for multiple Denial of Service vulnerabilities in Windows and one for the ever present Remote Code Execution (RCE) vulnerabilities in Adobe Flash.

Stay Connected


Sign up to receive the latest security news and trends from Trustwave.

No spam, unsubscribe at any time.

Trending Topics