Author Archives: SpiderLabs Blog from Trustwave

Introduction When I teach people about reverse engineering, I often hear the following statement: “I got the right answer, but I cheated to get it”. They are typically talking about using dynamic analysis to get an answer versus statically analyzing…
Continue reading Every Tool in the Tool Box→

We have just discovered an advertising campaign that has been placing malicious advertisements on very popular websites both in the US and internationally. “answers.com” (Alexa rank 420 Global and 155 in the US), “zerohedge.com” (Ranked 986 in the US) … Continue reading Angler Takes Malvertising to New Heights→

In continuation of this post: https://www.trustwave.com/Resources/SpiderLabs-Blog/Debugging-SAP-ASE–NET-Provider-Issues/ Recently we stumbled upon an issue in DevArt dotConnect for Oracle component (8.5.583): supplying an overly long Oracle Database u… Continue reading TWSL2016-005: Memory corruption in a third-party component: how to find what’s wrong→

Trustwave SpiderLabs published an advisory today in conjunction with Magnolia International Ltd. for multiple cross-site scripting vulnerabilities in the Magnolia CMS product. Magnolia CMS is an open source, java based, web content management system. T… Continue reading TWSL2016-004: Multiple Cross-Site Scripting (XSS) Vulnerabilities in Magnolia CMS→

Summary The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy! New Vulnerability Test Highlights Some of the mor… Continue reading TrustKeeper Scan Engine Update for March 09, 2016→

While researching inter-process communication on Mac OS X, I found a small security issue with Sophos Anti-Virus for Mac: any local user can remove arbitrary files on the system via the Update functionality of the product. This specific issue was…
Continue reading TWSL2016-003: Sophos Anti-Virus Mac OS X Version Update File Unlinking Vulnerability→

This month’s update for our AppDetectivePRO and DbProtect Knowledgebase is now available. Knowledgebase version 4.59 includes new checks for MySQL and Oracle, and updated checks for MySQL. New Vulnerability and Configuration Check Highlights MySQL Comm… Continue reading AppDetectivePRO and DbProtect Knowledgebase Update 4.59→

We are currently seeing extraordinary huge volumes of JavaScript attachments being spammed out, which, if clicked on by users, lead to the download of a ransomware. Ransomware encrypts data on a hard drive, and then demands payment from the victim…
Continue reading Massive Volume of Ransomware Downloaders being Spammed→

We are currently seeing extraordinarily huge volumes of JavaScript attachments being spammed out, which, if clicked on by users, lead to the download of a ransomware. Ransomware encrypts data on a hard drive, and then demands payment from the victim… Continue reading Massive Volume of Ransomware Downloaders being Spammed→

Introduction Most gamers have explored every nook and cranny of their favorite game, completing achievements for hours after they finished the main story line. This same completionist attitude drives a lot of forensic investigators to try to solve ever… Continue reading PoSeidon Completionist→