SpiderLabs Blog
Explore the latest threats, critical vulnerability disclosures, cutting-edge research, and intelligence from our elite global threat experts.
Adobe Flash Player 0-Day (CVE-2018-5002)
June 12, 2018 | SpiderLabs Researcher
An Adobe advisory regarding a zero-day vulnerability in Adobe Flash Player was ...
Patch Tuesday, June 2018
June 12, 2018 | Karl Sigler
For June's Patch Tuesday Microsoft is patching 50 CVEs and releasing 2 ...
Breaking Randomness In The Ethereum Universe [Part 1]
June 01, 2018 | Elliot Ward
This article focuses on generating random numbers on-chain and what the ...
Breakdown of the EFAIL Email Vulnerabilities
May 24, 2018 | Phil Hay
hullabaloo [huhl-uh-buh-loo], noun, plural hullabaloos.
CVE-2018-8174 and Forcing Internet Explorer Exploits
May 15, 2018 | Karl Sigler
A zero day exploit was discovered targeting trade agencies and other related ...
CVE-2018-1000136 - Electron nodeIntegration Bypass
May 10, 2018 | Brendan Scarvell
A few weeks ago, I came across a vulnerability that affected all current ...
Patch Tuesday, May 2018
May 08, 2018 | Karl Sigler
May's Patch Tuesday is here and it looks like these monthly releases have ...
'Drupalgeddon2' Recent Developments
April 27, 2018 | Victor Hora
Drupal, the popular Content Management System, (might) have seen better days. ...
Jolokia Vulnerabilities – RCE & XSS
April 18, 2018 | Olga Barinova
CVE-2018-1000130, CVE-2018-1000129: Remote Code Execution via JNDI injection ...
All Your Base64 Are Belong To Us – Dynamic vs. Static Analysis of Web Content
April 11, 2018 | Simon Kenin
I recently encountered an interesting phishing scheme when reviewing telemetry ...
Patch Tuesday, April 2018
April 10, 2018 | Karl Sigler
April's Patch Tuesday didn't let up much compared to March. Overall April ...
Crypter-as-a-Service Helps jRAT Fly Under The Radar
March 26, 2018 | Rodel Mendrez
(Contributor: Dr. Fahim Abbasi and Phil Hay)
Patch Tuesday, March 2018
March 13, 2018 | Karl Sigler
March is coming in like a lion with this Patch Tuesday. The release patches 73 ...
Fake ASIC Renewal Spam Delivers Malware to Australian Companies
February 21, 2018 | Dr. Fahim Abbasi
The Australian Securities and Investment Commission (ASIC) is an independent ...
Multi-Stage Email Word Attack Without Macros
February 14, 2018 | Homer Pacag
Malware authors often distribute malware through code macros in Microsoft ...
Advanced Deception with BEC Fraud Attacks
February 14, 2018 | Dr. Fahim Abbasi
Background Business Email Compromise (BEC) email fraud, also known as "CEO ...
Flash Zero Day (CVE-2018-4878)
February 13, 2018 | Karl Sigler
A zero day Flash exploit caught targeting South Korean users was announced by ...
Microsoft Patch Tuesday, February 2018
February 13, 2018
February's Patch Tuesday is here and after the light January, it's back with ...
Mass MikroTik Router Infection – First we cryptojack Brazil, then we take the World?
February 12, 2018 | Simon Kenin
On July 31st , just after getting back to the office from my talk at RSA Asia ...
Multiple Vulnerabilities in NETGEAR Routers
February 07, 2018 | Martin Rakhmanov
Last year I discovered multiple vulnerabilities in NETGEAR products. Now that ...
Multiple Vulnerabilities in WD MyCloud
February 01, 2018 | Martin Rakhmanov
While performing security research on personal storage I found some ...
Inspecting Encrypted Network Traffic with JA3
February 01, 2018 | Bryant Smith
Part of our job as security researchers is keeping up with new tools and ...
ModSecurity - News and Commercial Rules Update
January 23, 2018 | Victor Hora
Over the past few months there has been a lot going on with ModSecurity. There ...
ModSecurity Version 3.0 Announcement
January 10, 2018 | Felipe "Zimmerle" Costa
libModSecurity aka ModSecurity version 3.0 is out there. libModSecurity starts ...
Microsoft Patch Tuesday, January 2018
January 09, 2018
Happy 2018 everyone! January's Patch Tuesday will ease you into the new year ...
BrickerBot mod_plaintext Analysis
December 19, 2017 | Simon Kenin
A week ago, the author of BrickerBot claimed that they retired and published ...
CHM Badness Delivers a Banking Trojan
December 18, 2017 | Rodel Mendrez
Like good old Microsoft Office Macros, Compiled HTML (CHM) Help files have been ...
Sneaky .BAT File Leads to Spoofed Banking Page
December 13, 2017 | Nicholas Ramos
If you thought using BAT files was an old hat, think again. While monitoring ...