SpiderLabs Blog
Explore the latest threats, critical vulnerability disclosures, cutting-edge research, and intelligence from our elite global threat experts.
Microsoft Patch Tuesday, July 2017
July 11, 2017
July's Patch Tuesday brings patches for 54 CVEs, nearly half the number patched ...
A Computational Complexity Attack against Racoon and ISAKMP Fragmentation
July 10, 2017 | Neil Kettle
Trustwave recently reported a remotely exploitable computational complexity ...
Petya Ransomware: A glimpse of the past, the present, and the future
June 29, 2017 | Nicholas Ramos
Ransomware seem to be the trend now and this type of malware will no doubt ...
Elephone P9000 Lock Screen Lockout Bypass
June 29, 2017 | Jacob Wilkin
Brute force attacks against smartphones are not usually a viable attack vector. ...
0-Day Alert: Your Humax WiFi Router Might Be In Danger
June 28, 2017 | SpiderLabs Pen Testing LAC
Over the years WiFi Routers have been notoriously susceptible to simple ...
The Petya/NotPetya Ransomware Campaign
June 27, 2017 | SpiderLabs Researcher
This is an ongoing, emerging story and may be updated after posting.
ModSecurity version 3: Fuzzing as part of the QA
June 21, 2017 | Felipe "Zimmerle" Costa
The stability of any given project is often tracked by its maturity, which is ...
Minimalist Alina PoS Variant Starts Using SSL
June 19, 2017 | Rodel Mendrez
More than four years ago, we published a series of blogs discussing in-depth ...
ModSecurity Web Application Firewall - Commercial Rules Update
June 16, 2017 | SpiderLabs Researcher
We have just released new commercial rules for ModSecurity Web Application ...
KOVTER and CERBER on a One-Two Punch using Fake Delivery Notification
June 14, 2017 | Nicholas Ramos
We previously outlined a spam campaign that delivered FAKEGLOBE and CERBER ...
Microsoft Patch Tuesday, June 2017
June 13, 2017 | SpiderLabs Researcher
For the June 2017 Patch Tuesday Microsoft is releasing 97 CVEs, nearly double ...
The WannaCry Impact on Databases Trustwave Database Security Knowledgebase Special Update 5.15
June 02, 2017 | Lolita Chandra
WannaCry is a network worm that exploits a vulnerability in Microsoft's ...
FakeGlobe and Cerber Ransomware: Sneaking under the radar while WeCry
June 02, 2017 | Nicholas Ramos
Recently, we observed a constant influx of spam that distributes two ransomware ...
Necurs Recurs
May 31, 2017 | Homer Pacag
The Necurs botnet, which was responsible for millions of malicious spam ...
URSNIF is Back Riding a New Wave of Spam
May 19, 2017 | Nicholas Ramos
The infamous data-stealing URSNIF malware has done it again and it's here to ...
Advanced Malware Detection with Suricata Lua Scripting
May 18, 2017 | Bryant Smith
Normal IDPS signatures using either Snort or Suricata have quite a few options ...
TheShadowBrokers Babytalk Translation
May 16, 2017
TheShadowBrokers have just released a blog post (written in a child-like style ...
WannaCry: We Want to Cry
May 15, 2017 | Phil Hay
For the last few days the WannaCry ransomware event created mayhem, where ...
WannaCry: We Want to Cry
May 15, 2017 | Phil Hay
Contributors: Phil Hay, Rodel Mendrez, Gerald Carsula, Nicholas Ramos, Homer ...
The WannaCry Ransomware Campaign
May 13, 2017 | Karl Sigler
By now you have likely heard about the WannaCry (aka WannaCrypt) ransomware ...
Microsoft Patch Tuesday, May 2017
May 09, 2017 | SpiderLabs Researcher
Microsoft is releasing 56 CVEs for the May 2017 Patch Tuesday today. This ...
Airachnid: Web Cache Deception Burp Extender
May 09, 2017 | Johan Snyman
Introduction
Carbanak Continues To Evolve: Quietly Creeping into Remote Hosts
April 28, 2017 | James Antonakos
Introduction
Multiple Vulnerabilities in Avast Antivirus
April 25, 2017 | Martin Rakhmanov
Last year I decided to do some security research on an antivirus product. Avast ...
Microsoft Patch Tuesday, April 2017
April 11, 2017 | SpiderLabs Researcher
April Patch Tuesday is here and, like the change of the seasons, this release ...
Understanding and Discovering Open Redirect Vulnerabilities
April 10, 2017 | SpiderLabs Researcher
One of the most common and largely overlooked vulnerabilities by web developers ...
And Then? Where is the Risk with Steganography?
March 30, 2017 | Jesus Olguin
In the previous posts, Steganography... what is that? and Steganalysis, the ...
Protecting Yourself from MongoDB Ransomware
March 29, 2017 | Christopher Bielinski
In the realm of malware, ransomware has been king for the last few years, ...