SpiderLabs Blog
Explore the latest threats, critical vulnerability disclosures, cutting-edge research, and intelligence from our elite global threat experts.
[Honeypot Alert] Wordpress Wp Symposium 14.11 - Unauthenticated Shell Upload Exploit Attempt
December 30, 2014 | Ryan Barnett
Our web honeypots picked up some exploit attempts for the recently released ...
Signed Ruby Gems: A c7decrypt walk-through
December 22, 2014 | Jonathan Claudius
As someone who's responsible for a number of Ruby projects, both open-source ...
Alina POS malware 'sparks' off a new variant
December 18, 2014 | Eric Merritt
Alina is a well-documented family of malware used to scrape Credit Card (CC) ...
Announcing Net::TNS for Ruby – A Gem for Connecting to Oracle Databases
December 18, 2014 | woodbusy
For the security professional, working with Oracle Database can present ...
SpiderLabs Radio for the week of December 8, 2014
December 14, 2014
In this episode:
New Device Module (DM) update for Trustwave SIEM 1.2.1 now available
December 11, 2014 | Jeff Pold
Trustwave's most recent Device Module (DM), DM-22, is now available to ...
Microsoft Patch Tuesday, December 2014
December 09, 2014 | SpiderLabs Researcher
December's Microsoft Patch Tuesday is upon us and, hopefully, marks the last ...
CVE-2014-3797: Reflected XSS Vulnerability in VMware Virtual Center Appliance (vCSA)
December 08, 2014
LevelBlue SpiderLabs published an advisory today in conjunction with VMWare for ...
Magnitude Exploit Kit Backend Infrastructure Insight - Part III
December 08, 2014
This is the fourth post in a four-part series about Magnitude (if you like, ...
SpiderLabs Radio for the week of December 1, 2014
December 07, 2014
In this episode:
Microsoft Advance Notification for December 2014
December 04, 2014 | Robert Foggia
Microsoft will publish the last scheduled security release of the year on ...
SpiderLabs Radio for the week of November 24, 2014
November 28, 2014
SpiderLabs Radio is taking a hiatus this week to celebrate the Thanksgiving ...
ModSecurity Advanced Topic of the Week: Detecting Malware with Fuzzy Hashing
November 26, 2014 | Ryan Barnett
We witnessed a sophisticated phishing campaign on 16th August 2017, targeting ...
Magnitude Exploit Kit Backend Infrastructure Insight - Part II
November 24, 2014 | SpiderLabs Researcher
Welcome back to another edition of "exposing Magnitude exploit-kit internals"! ...
SpiderLabs Radio for the week of November 17, 2014
November 22, 2014
In this episode:
SpiderLabs Radio for the week of November 10, 2014
November 15, 2014
In this episode:
Microsoft Patch Tuesday, November 2014
November 11, 2014
Compared to previous Microsoft Patch Tuesday's, November's is a pretty big one ...
SpiderLabs Radio for the week of November 3, 2014
November 09, 2014
In this episode:
Microsoft Advance Notification for November 2014
November 06, 2014 | Robert Foggia
This coming Tuesday, November 11, Microsoft will publish their next security ...
Smuggler - An interactive 802.11 wireless shell without the need for authentication or association
November 03, 2014
I've always been fascinated by wireless communications. The ability to launch ...
SpiderLabs Radio for the week of October 27, 2014
November 01, 2014
In this episode:
Setting HoneyTraps with ModSecurity: Adding Fake Cookies
October 31, 2014 | Ryan Barnett
This blog post continues with the topic of setting " HoneyTraps" within your ...
Reflected File Download - A New Web Attack Vector
October 30, 2014 | Oren Hafif
PLEASE NOTE: As promised, I've published a full white paper that is now ...
Bitcoin Transaction Malleability Theory in Practice – Ruxcon Australia 2014
October 30, 2014 | Rami Kogan
Two weeks ago we gave a talk at the Ruxcon 10 conference in Melbourne, ...
Hacking a Reporter: UK Edition
October 28, 2014 | SpiderLabs Researcher
Over the summer, a U.K. journalist asked the Trustwave SpiderLabs team to ...
SpiderLabs Radio: October 22, 2014
October 25, 2014
In this episode:
Powerpoint Vulnerability (CVE-2014-4114) used in Malicious Spam
October 23, 2014
Following last week's announcement of a zero-day vulnerability for PowerPoint ...
Spam Campaign Taking Advantage of Ebola Scare May Lead To Malware Infections
October 22, 2014 | Rodel Mendrez
Cybercriminals have inevitably taken advantage of the publicization of the ...