Compromising Android Applications with Intent Manipulation
June 09, 2020 | Therese Mendoza
As a mobile app tester, I have encountered numerous varied vulnerabilities. ...
System Takeover Through New SAP ASE Vulnerabilities
June 03, 2020 | Martin Rakhmanov
For the last several years there have been relatively few security patches for ...
Securing SSH: What To Do and What Not To Do
May 22, 2020 | Ed Williams
An Uptick in Activity Over the last week we've seen the compromise of a number ...
Phishing in a Bucket: Utilizing Google Firebase Storage
May 21, 2020 | Dr. Fahim Abbasi
Credential phishing is a real threat that's targeting organizations globally. ...
Vaccine for COVID-19 and Other Scams on the Dark Web
May 19, 2020 | SpiderLabs Researcher
Our attempts to investigate the underground and document some of what’s going ...
Azure Web App Service For Offensive Operations
May 14, 2020 | Stephan Borosh
In this blog, I will be covering how to use Azure App Services for offensive ...
Exploring Solidity’s Model Checker
May 13, 2020 | Eric Rafaloff
This blog post aims to be an exploration of how Solidity’s model checker works, ...
Patch Tuesday, May 2020
May 13, 2020 | Karl Sigler
May's Patch Tuesday includes patches for 111 unique CVEs. Of those CVEs 17 are ...
Work From Home: The New New and What To Do
May 11, 2020 | Ed Williams
Here at SpiderLabs, we take the security of all our clients extremely ...
A HIPAA Compliance Checklist
May 11, 2020 | Tawnya Lancaster
Five steps to ensuring the protection of patient data and ongoing risk ...
Attacking SCADA: Vulnerabilities in Schneider Electric SoMachine and M221 PLC (CVE-2017-6034 and CVE-2020-7489)
May 07, 2020 | Seok Min Lim
Introduction SCADA/OT security has been a growing concern for quite some time. ...
Combatting Social Engineering Is Not Just A Compliance Requirement
May 01, 2020 | Carl Sue
Having a well designed and tested social engineering training program for an ...
Red Team Case Study: Bypassing CloudFlare WAF for Successful OGNL Injection
April 17, 2020 | Faisal Tameesh
Bypassing CloudFlare's WAF to exploit an OGNL injection vulnerability in a red ...
Excel Malspam: Password Protected … Not!
April 17, 2020 | Diana Lopera
Early March of this year, we blogged about multiple malspam campaigns utilizing ...
COVID-19 Themed BEC Scams
April 15, 2020 | Dr. Fahim Abbasi
Business email compromise (BEC) also known as CEO fraud has undoubtedly become ...
Patch Tuesday, April 2020
April 14, 2020 | Karl Sigler
April's Patch Tuesday is here and Microsoft is patching 113 CVEs this month. ...
Slack phishing attacks using webhooks
April 14, 2020 | Ashley Graves
Background Slack is a cloud-based messaging platform that is commonly used in ...
An In-depth Look at MailTo Ransomware, Part Three of Three
April 10, 2020 | Joshua Deacon, Lloyd Macrohon
Overview In Part One of this series, we discussed how MailTo ransomware ...
An In-depth Look at MailTo Ransomware, Part Two of Three
April 08, 2020 | Joshua Deacon, Lloyd Macrohon
Overview In Part One of this series, we discussed how MailTo ransomware ...
Windows Debugging and Exploiting Part 5 SMBGhost CVE-2020-0796 Technical Review
April 03, 2020 | Bruno Oliveira
Introduction Hi everyone, how are you? I know the times are strange but we ...
The Power of Community to Fight COVID-19 Cyber Threats
April 03, 2020 | Amy Pace
Cybercriminals are taking advantage of the fear and uncertainty surrounding the ...
An In-depth Look at MailTo Ransomware, Part One of Three
March 31, 2020 | Joshua Deacon, Lloyd Macrohon
In February, an Australian transportation company called Toll Group was hit by ...
COVID-19 Malspam Activity Ramps Up
March 31, 2020 | Joshua Deacon, Homer Pacag, Rodel Mendrez, Phil Hay
Back in February, we reported on two Coronavirus-themed phishing emails. But ...
SIEM and security monitoring for Kubernetes explained
March 27, 2020 | Ashley Graves
Photo by chuttersnap on Unsplash
Would You Exchange Your Security for a Gift Card?
March 26, 2020 | Alejandro Baca, Rodel Mendrez
UPDATED March 27, 2020
Sharepoint vulnerability exploited in the wild
March 26, 2020 | Chris Doman
The CVE-2019-0604 (Sharepoint) exploit and what you need to know LevelBlue Labs ...
SMBGhost CVE-2020-0796 a Critical SMBv3 RCE Vulnerability
March 16, 2020 | Karl Sigler
Overview Last week Microsoft announced that there was a buffer overflow ...
Persistent Cross-Site Scripting, the MSSQL Way
March 12, 2020 | Jonathan Yarema
Overview If you save wide Unicode brackets (i.e. <>) into a char or varchar ...