SpiderLabs Blog
Explore the latest threats, critical vulnerability disclosures, cutting-edge research, and intelligence from our elite global threat experts.
SpiderLabs Radio: February 27, 2014
February 27, 2014
In this episode we talk about the Apple "gotofail" SSL vulnerability, SEA is ...
Look What I Found: Pony is After Your Coins!
February 24, 2014
In our previous episode of "Look What I Found" we detailed our discovery of a ...
SpiderLabs Radio: February 20, 2014
February 21, 2014
In this episode we look at the new Linksys worm dubbed TheMoon, two new ...
Internet Explorer Zero Day: CVE-2014-0322
February 19, 2014 | Rami Kogan
Recently, several security vendors reported about a new IE 0day which affects ...
ModSecurity Advanced Topic of the Week: Detecting Browser Fingerprint Changes During Sessions
February 19, 2014 | Ryan Barnett
This blog post will discuss a section from Recipe 8-5: Detecting Browser ...
Responder 2.0 - Owning Windows Networks part 3
February 18, 2014
The power and flexibility of Responder has grown significantly over the past ...
FAQ: Pony Malware Payload Discovery
February 18, 2014
Our team's discovery of the spoils of yet another instance of Pony 1.9 has kept ...
Wait a minute... that’s not a real JPG!
February 17, 2014 | Richard Wells
When attackers compromise a website and want to harvest credit cards, they need ...
SpiderLabs Radio: February 13, 2014
February 14, 2014
In this episode we look at Facebook's open-sourcing of the Android crypto API ...
“Reversing” Non-Proxy Aware HTTPS Thick Clients w/ Burp
February 14, 2014 | Jonathan Claudius
A little over a month ago, I published a Metasploit auxiliary module for ...
HTTP NTLM Information Disclosure
February 12, 2014 | Justin Cacak
Nmap script that anonymously enumerates remote NetBIOS, DNS, and OS details ...
Microsoft Patch Tuesday, February 2014
February 11, 2014
February's Patch Tuesday is back to business as usual after the light January ...
JackPOS – The House Always Wins
February 11, 2014 | Josh Grunzweig
A new point of sale (POS) malware family could be a jackpot for credit card ...
CVE-2014-0050: Exploit with Boundaries, Loops without Boundaries
February 11, 2014 | Oren Hafif
In this article I will discuss CVE-2014-0050: Apache Commons FileUpload and ...
The Keystone Rocks - Foundation Chips of Pentesting Tips Part 1
February 11, 2014 | Martin Murfitt
The knowledgebase of a penetration tester can be broadly split into two ...
SpiderLabs Radio: February 7, 2014
February 07, 2014
In this episode I talk about a new Adobe zero day in Flash Player, the ...
Microsoft Advance Notification for February 2014
February 06, 2014
***Update as of Monday, February 10, 2014***
Spammers Are Taking Advantage of Your Whitelists by Spoofing Legitimate Brands
February 05, 2014
***EDITOR'S NOTE: The content of this article does not make or imply any claims ...
SpiderLabs Radio: January 30, 2014
January 30, 2014
In this episode we look at a rash of gas pump credit card skimmers, the Syrian ...
Introducing ModSecurity Status Reporting
January 28, 2014 | Felipe "Zimmerle" Costa
The Trustwave SpiderLabs Research team is committed to making ModSecurity the ...
ModSecurity Advanced Topic of the Week: HMAC Token Protection
January 24, 2014 | Ryan Barnett
This blog post presents a powerful feature of ModSecurity v2.7 that has been ...
SpiderLabs Radio: January 23, 2014
January 23, 2014
In this episode I sit down with Grayson Lenik, a forensic expert for Trustwave ...
10,000 Litecoins Worth $230,000 USD Were Stolen!
January 22, 2014 | Ben Hayak
Newspapers, commentators and bloggers have lately been asking whether digital ...
Beware! Bats hide in your jQuery!
January 20, 2014
Injection of malicious code into JavaScript files is not new; however, we ...
What Dirty Little Secrets You Find on eBay
January 17, 2014 | Videoman
So I do networking (computers and wifi things) at a number of security ...
Trustwave Analysis of the January 2014 Oracle CPU
January 16, 2014
It's the second Tuesday in January, so it is Oracle Critical Patch Update (CPU) ...
SpiderLabs Radio: January 16, 2014
January 16, 2014
In this episode:
Microsoft Patch Tuesday, January 2014
January 14, 2014
Hopefully January's Patch Tuesday is a sign of things to come for 2014. With ...