TWSL2012-002: Multiple Vulnerabilities in WordPress
January 24, 2012 | Robert Foggia
Trustwave SpiderLabs has published a new advisory today for multiple ...
On Null Byte Poisoning and XPath Injection
January 23, 2012 | Dan Crowley
Recently I released a tool called XMLmao, a configurable testbed for learning ...
[Honeypot Alert] Simple Page Options Module for Joomla! Local File Inclusion Attack Detected
January 19, 2012 | Ryan Barnett
Our web honeypots generated the following ModSecurity alert today:
Android IRC Bot - This Ain't Your Granny's Android Malware (Or Maybe It Is)
January 18, 2012 | Josh Grunzweig
As I'm sure many of you know, the rise of mobile-based malware has been on the ...
[Honeypot Alert] phpMyAdmin Superglobal Session Manipulation Attack Detected
January 17, 2012 | Ryan Barnett
Our web honeypots have identified attempts to exploit CVE-2011-2505. OSVDB ...
Scripting Metasploit using MSGRPC
January 13, 2012 | Ryan Linn
While there are many aspects of network pen testers that sets the good testers ...
[Honeypot Alert] Is-human Wordpress Plugin Remote Command Execution Attack Detected
January 13, 2012 | Ryan Barnett
Our web honeypot logs picked up an attack aimed at exploiting the Is-human ...
[Honeypot Alert] Extensive 'setup.php' Scanning Detected
January 12, 2012 | Ryan Barnett
The SpiderLabs Research Team has identified an extensive scanning campaign ...
Microsoft Patch Tuesday (January 2012): Media Player and The BEAST
January 10, 2012
The statisticians over at the Patch Tuesday Farmer's Almanac are saying that 7 ...
ModSecurity Mitigations for ASP.NET HashTable DoS Vulnerability (CVE-2011-3414)
January 09, 2012 | Ryan Barnett
ThreatPost had a news story today about PoC code that was released to the full ...
[Honeypot Alert] Multiple Local File Inclusion Attacks
January 09, 2012 | Ryan Barnett
Our web server honeypot log analysis has picked up some targeted local file ...
Analyzing PDF Malware - Part 2
January 06, 2012
Where were we?
ModSecurity Advanced Topic of the Week: Mitigation of 'Slow Read' Denial of Service Attack
January 06, 2012 | Ryan Barnett
Slow-Read DoS Attack Background Another tweak in the ongoing "Slow" DoS attacks ...
Introducing SQLol
January 06, 2012 | Dan Crowley
At the most recent Austin Hackers Association meeting I unveiled a project I've ...
Virtual Patch for ASP.Net Forms Authentication Bypass Vulnerability (CVE-2011-3416)
January 04, 2012 | Ryan Barnett
Last Thursday, Microsoft released an out-of-band security patch (MS11-100) ...
[Honeypot Alert] phpThumb() 'fltr[]' Parameter Command Injection Detected
December 28, 2011 | Ryan Barnett
The SpiderLabs Research Team has identified active scanning for the phpThumb() ...
[Honeypot Alert] Plone and Zope Remote Command Execution Detected
December 27, 2011 | Ryan Barnett
We have identified active scanning for the recent Plone and Zope Remote Command ...
TWSL2011-019: Cross-Site Scripting Vulnerability in phpMyAdmin
December 23, 2011 | Robert Foggia
The Spiderlabs team at Trustwave published a new advisory for a ...
TWSL2011-018: Authentication Bypass Vulnerability in IBM TS3100/TS3200 Web User Interface
December 21, 2011 | Robert Foggia
The Spiderlabs team at Trustwave published a new advisory for a authentication ...
[Honeypot Alert] User Agent Field Arbitrary PHP Code Execution
December 21, 2011 | Ryan Barnett
While reviewing today's web honeypot logs, SpiderLabs Research identified two ...
[Honeypot Alert] phpAlbum PHP Code Execution Attacks
December 19, 2011 | Ryan Barnett
We have seen a number of scans probing for phpAlbum code execution vulns in our ...
Announcing Release of OWASP ModSecurity Core Rule Set v2.2.3
December 19, 2011 | Ryan Barnett
The SpiderLabs Research Team is pleased to announce the ModSecurity OWASP Core ...
BayThreat Follow-up: More About Mobile Devices and Privacy
December 15, 2011 | Luiz Eduardo Dos Santos
We just saw a recent post here on SpiderLabs Anterior about one of mostly used ...
Mobile Device Location Tracking, and Why It Matters
December 14, 2011
Throughout the past decade, there has been a substantial increase in mobile ...
[Honeypot Alert] Awstats Command Injection Scanning Detected
December 13, 2011 | Ryan Barnett
Issue Detected Our daily web honeypot analysis has detected an increase in ...
Microsoft Patch Tuesday, December 2011
December 13, 2011
This Patch Tuesday, there are 3 new Critical and 10 new Important Bulletins. ...
[Honeypot Alert] WordPress/Joomla/Mambo SQL Injection Scanning Detected
December 09, 2011 | Ryan Barnett
Our web honeypot analysis today detected scanning looking for SQL Injection ...
[Honeypot Alert] WordPress/Joomla/Mambo SQL Injection Scanning Detected
December 09, 2011 | Ryan Barnett
Our web honeypot analysis today detected scanning looking for SQL Injection ...