SpiderLabs Blog
Explore the latest threats, critical vulnerability disclosures, cutting-edge research, and intelligence from our elite global threat experts.
Joomla 0-Day Exploited In the Wild (CVE-2015-8562)
December 18, 2015 | Assi Barak
A recent new 0-day in Joomla discovered by Sucuri (Sucuri Blog) has drawn a lot ...
Defender for IoT’s Firmware Analysis Tool is Exceptional
December 18, 2015 | David Broggy
One of my "pastimes," if you will, is to check out the features of various ...
Mom Spies a Hack
December 15, 2015 | Jonathan Yarema
Have you ever wondered if all that informal training you do with your friends ...
Microsoft Patch Tuesday, December 2015
December 08, 2015
The December Microsoft Path Tuesday is upon us and it does not bring any happy ...
Another Brick in the FrameworkPoS
December 07, 2015 | Eric Merritt
Introduction FrameworkPoS is a well-documented family of malware that targets ...
New Memory Scraping Technique in Cherry Picker PoS Malware
November 17, 2015 | Eric Merritt
Introduction Working primarily with point of sale malware, we regularly see the ...
Shining the Spotlight on Cherry Picker PoS Malware
November 16, 2015 | Eric Merritt
Introduction For the last five years Trustwave has been monitoring a threat ...
Microsoft Patch Tuesday, November 2015
November 10, 2015
November's Patch Tuesday marks a return to business as usual. Where October was ...
BOM Obfuscation in Spam
November 10, 2015 | Phil Hay
Spammers try all sorts of tricks to obfuscate, including trying to obfuscate ...
SpiderLabs Radio for the Week of November 2, 2015 - Final Episode
November 08, 2015
In this week's episode:
Oracle Database 11.2 SQLi in XML index statistics processing (CVE-2015-4900)
November 06, 2015 | Martin Rakhmanov
In the October 2015 'Critical Patch Update' Oracle fixed a flaw in XML index ...
Exploiting Padding Oracle To Gain Encryption Keys
October 26, 2015 | Georg Chalupar
Practical tricks on exploiting a padding oracle vulnerability.
About Lenovo System Update Vulnerabilities and CVE-2015-6971
October 26, 2015 | Martin Rakhmanov
Over the past seven months, a number of vulnerabilities in Lenovo System Update ...
SpiderLabs Radio for the Week of October 19, 2015
October 25, 2015
Two separate SpiderLabs vulnerabilities released:
Joomla SQL Injection Vulnerability Exploit Results in Full Administrative Access
October 22, 2015 | Asaf Orpani
Trustwave SpiderLabs researcher Asaf Orpani has discovered an SQL injection ...
How To Decrypt Ruby SSL Communications with Wireshark
October 19, 2015
Debugging a program that communicates with a remote endpoint usually involves ...
AppDetectivePRO and DbProtect Knowledgebase Update 4.54
October 13, 2015 | SpiderLabs Researcher
This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now ...
Zero-day in Magmi database client for popular e-commerce platform Magento targeted in the wild
October 13, 2015 | Assi Barak
We've observed HTTP requests associated with an exploit attempt on the Magento ...
Microsoft Patch Tuesday for October 2015
October 13, 2015
October's Patch Tuesday is upon us and with only six bulletins, it's one of ...
SpiderLabs Radio for the Week of September 28, 2015
October 05, 2015
In this week's episode:
Jumping through the hoops: multi-stage malicious PDF spam
September 30, 2015 | Phil Hay
We've recently encountered a number of malicious spam messages with PDFs ...
Quaverse RAT: Remote-Access-as-a-Service
September 23, 2015 | Rodel Mendrez
***UPDATE as of September 28, 2015 - see the bottom of this post for removal ...
HOW TO: Setting up Encrypted Communications Channels in Oracle Database
September 22, 2015 | Martin Rakhmanov
In this article, I will explain how to set up an encrypted communications ...
SpiderLabs Radio for the Week of September 14, 2015
September 21, 2015
In this week's episode:
Microsoft Patch Tuesday, September 2015
September 08, 2015
Today marks Patch Tuesday for September and this month brings with it 12 ...
Lessons in Spam JavaScript Obfuscation Layers
September 08, 2015 | Brian Bebeau
Spammers seem to be adding layers of obfuscation to their malware attachments ...
SpiderLabs Radio for the Week of August 31, 2015
September 06, 2015
In this week's episode:
About Two SAP Adaptive Server Enterprise (ASE) Extended Procedure Subsystem Vulnerabilities
September 03, 2015
Recently SAP patched two important security issues in Adaptive Server ...