SpiderLabs Blog
Explore the latest threats, critical vulnerability disclosures, cutting-edge research, and intelligence from our elite global threat experts.
CVE-2018-8006: XSS in Apache ActiveMQ
August 24, 2018 | Bruno Oliveira
A cross site scripting (XSS) vulnerability exists in Apache ActiveMQprior to ...
Bank Malspam Revisited
August 22, 2018 | Phil Hay
Last week we wrote about some malicious spam containing Microsoft Publisher ...
Alina: Following The Shadow Part 1
August 18, 2018 | Josh Grunzweig
Last I spoke with you, I went into the details of a family of Point of Sale ...
Malspam Campaign Targets Banks Using Microsoft Publisher
August 17, 2018 | Homer Pacag
It's very unusual for malware authors to utilize publishing software like ...
Patch Tuesday, August 2018
August 14, 2018 | Karl Sigler
Patch Tuesday, August 2018
Mapping Social Media with Facial Recognition: A New Tool for Penetration Testers and Red Teamers
August 08, 2018 | Jacob Wilkin
Performing intelligence gathering is a time-consuming process, it typically ...
CVE-2018-2892 - Kernel Level Privilege Escalation in Oracle Solaris
July 24, 2018 | Neil Kettle
Trustwave recently discovered a locally exploitable issue in all current ...
Malicious SettingContent now Delivered Through PDF
July 23, 2018
Recently, a proof-of-conceptemerged on how the filetype SettingContent can be ...
DanaBot Riding Fake MYOB Invoice Emails
July 16, 2018 | Dr. Fahim Abbasi
Authors: Dr. Fahim Abbasi and Diana Lopera
CUPS Local Privilege Escalation And Sandbox Escapes
July 11, 2018 | Dan Bastone
CVE-2018-4180, CVE-2018-4182, CVE-2018-4183, CVE-2018-6553, CVE-2018-4181: ...
Patch Tuesday, July 2018
July 10, 2018 | Karl Sigler
July's Patch Tuesday is here with patches for 53 CVEs and the standard roll up ...
Web Application Security-ModSecurity Commercial Rules, Update for June 2018
June 30, 2018
Overview for rules released by Trustwave SpiderLabs in November for ModSecurity ...
Adobe Flash Player 0-Day (CVE-2018-5002)
June 12, 2018 | SpiderLabs Researcher
An Adobe advisory regarding a zero-day vulnerability in Adobe Flash Player was ...
Patch Tuesday, June 2018
June 12, 2018 | Karl Sigler
For June's Patch Tuesday Microsoft is patching 50 CVEs and releasing 2 ...
Breaking Randomness In The Ethereum Universe [Part 1]
June 01, 2018 | Elliot Ward
This article focuses on generating random numbers on-chain and what the ...
Breakdown of the EFAIL Email Vulnerabilities
May 24, 2018 | Phil Hay
hullabaloo [huhl-uh-buh-loo], noun, plural hullabaloos.
CVE-2018-8174 and Forcing Internet Explorer Exploits
May 15, 2018 | Karl Sigler
A zero day exploit was discovered targeting trade agencies and other related ...
CVE-2018-1000136 - Electron nodeIntegration Bypass
May 10, 2018 | Brendan Scarvell
A few weeks ago, I came across a vulnerability that affected all current ...
Patch Tuesday, May 2018
May 08, 2018 | Karl Sigler
May's Patch Tuesday is here and it looks like these monthly releases have ...
'Drupalgeddon2' Recent Developments
April 27, 2018 | Victor Hora
Drupal, the popular Content Management System, (might) have seen better days. ...
Jolokia Vulnerabilities – RCE & XSS
April 18, 2018 | Olga Barinova
CVE-2018-1000130, CVE-2018-1000129: Remote Code Execution via JNDI injection ...
All Your Base64 Are Belong To Us – Dynamic vs. Static Analysis of Web Content
April 11, 2018 | Simon Kenin
I recently encountered an interesting phishing scheme when reviewing telemetry ...
Patch Tuesday, April 2018
April 10, 2018 | Karl Sigler
April's Patch Tuesday didn't let up much compared to March. Overall April ...
Crypter-as-a-Service Helps jRAT Fly Under The Radar
March 26, 2018 | Rodel Mendrez
(Contributor: Dr. Fahim Abbasi and Phil Hay)
Patch Tuesday, March 2018
March 13, 2018 | Karl Sigler
March is coming in like a lion with this Patch Tuesday. The release patches 73 ...
Fake ASIC Renewal Spam Delivers Malware to Australian Companies
February 21, 2018 | Dr. Fahim Abbasi
The Australian Securities and Investment Commission (ASIC) is an independent ...
Multi-Stage Email Word Attack Without Macros
February 14, 2018 | Homer Pacag
Malware authors often distribute malware through code macros in Microsoft ...
Advanced Deception with BEC Fraud Attacks
February 14, 2018 | Dr. Fahim Abbasi
Background Business Email Compromise (BEC) email fraud, also known as "CEO ...