SpiderLabs Blog
Explore the latest threats, critical vulnerability disclosures, cutting-edge research, and intelligence from our elite global threat experts.
[Honeypot Alert] Joomla com_s5clanroster Local File Inclusion Attacks
April 16, 2012 | Ryan Barnett
Our web honeypots picked up some increased scanning for the following ...
Australian Apple Store Customers Targeted by Phishers
April 13, 2012 | Rodel Mendrez
Recently, we came across a phishing attack targeting Australian Apple Store ...
Smart Meter Attacks: Old Vectors Die Hard
April 12, 2012 | Barry O’Connell
Much has been made of the recent attacks against a Puerto Rican utility's smart ...
TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow sFlow Analyzer
April 12, 2012
Trustwave SpiderLabs has published a new advisory yesterday for multiple ...
Microsoft Patch Tuesday: IE, Common Control, and Digitized Chuck Yeager
April 11, 2012
For those of you that remember Microsoft Works, today's update will be special ...
[Honeypot Alert] Zeroboard now_connect() Remote Code Execution Attacks
April 11, 2012 | Ryan Barnett
Our web honeypots recently identified attacks for CVE-2009-4834 which is a ...
RCE root in all current Samba versions
April 10, 2012 | Space Rogue
While perusing the change log for the release of SAMBA that was pushed out ...
PenTest Manager: Now with Secure File Transfer
March 29, 2012
PenTest Manager, the cutting-edge reporting tool created by Trustwave ...
Hack Your Own Code: Advanced training for Developers
March 28, 2012 | nosteve
Mike Park and Marc Bown recently locked themselves in a conference room, ...
ModSecurity Advanced Topic of the Week: Automated Virtual Patching using OWASP Zed Attack Proxy
March 27, 2012 | Ryan Barnett
Automated Virtual Patching using OWASP Zed Attack Proxy The SpiderLabs Research ...
SpiderLabs Radio Podcast: March 2012
March 25, 2012
We have just released the SpiderLabs Radio March Edition. This show is packed ...
Upcoming SpiderLabs Speaking Events - March / April 2012
March 23, 2012
At LevelBlue SpiderLabs we encourage our team members to frequently perform ...
TWSL2012-005: Cross-Site Scripting Vulnerability in osCommerce Platform
March 23, 2012 | Robert Foggia
Trustwave SpiderLabs has published a new advisory today for a Cross-Site ...
[Honeypot Alert] Large Scale LFI Attack From Brazillian Domains
March 22, 2012 | Ryan Barnett
Our web sensors picked up a big uptick in Local File Inclusion (LFI) attacks ...
A New Neighbor in Town: The Nuclear Pack v2.0 Exploit Kit
March 22, 2012
In the past few years, cybercriminals have been increasingly using exploit kits ...
Dirty RAT Eats Nate's Banana
March 21, 2012 | Josh Grunzweig
I've got a real treat for everyone today, as I received approval to blog about ...
LIKE, omg!
March 15, 2012 | Dan Crowley
If you read this blog, you might have seen my earlier post regarding my ...
The Race for MS12-020
March 15, 2012 | Space Rogue
So if you missed our previous blog post on the MS Patch Tuesday earlier this ...
[Honeypot Alert] Zen Cart 'admin/sqlpatch.php' SQL Injection Attacks
March 14, 2012 | Ryan Barnett
SpiderLabs T-Shirt Designs 2006-2011
March 14, 2012 | SpiderLabs Anterior
Microsoft Patch Tuesday, March 2012: Beware the RDP's of March
March 13, 2012
[Honeypot Alert] Status Report for February 2012
March 12, 2012 | Ryan Barnett
Monthly Web Honeypot Status Report We have received a tremendous amount of ...
[Honeypot Alert] More WordPress is_human Plugin Remote Command Injection Attack Detected
March 12, 2012 | Ryan Barnett
As we first noted in a previous Honeypot Alert Blog post, our web honeypots ...
[Honeypot Alert] Status Report for February 2012
March 12, 2012 | Ryan Barnett
Monthly Web Honeypot Status Report We have received a tremendous amount of ...
OWASP Virtual Patching Survey Results
March 09, 2012 | SpiderLabs Researcher
In a previous blog post, we issued a call for assistance to help OWASP with a ...
Detecting Brazilian Banking Trojans with Snort http_inspect
March 08, 2012
If you take a look at malware samples down here in Brazil, probably in most of ...
Virtual Patch for Movable Types XSS (CVE 2012-1262)
March 01, 2012 | Ryan Barnett
My SpiderLabs Research colleague Jonathan Claudius recently identified an XSS ...
PIG - Finding Your Target Without Saying a Word
February 27, 2012 | Ryan Linn
You see blogs, talks, presentations, and tutorials on how to break into boxes ...