Author Archives: SpiderLabs Blog from Trustwave

Trustwave SpiderLabs researcher Asaf Orpani has discovered an SQL injection vulnerability in versions 3.2 through 3.4.4 of Joomla, a popular open-source Content Management System (CMS). Combining that vulnerability with other security weaknesses, our T… Continue reading Joomla SQL Injection Vulnerability Exploit Results in Full Administrative Access→

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy! New Vulnerability Test Highlights Some of the more intere… Continue reading TrustKeeper Scan Engine Update for October 21, 2015→

Debugging a program that communicates with a remote endpoint usually involves analyzing the network communications. A common method is capturing the traffic using a packet analyzer tool such as tcpdump or Wireshark. However, this process can be tricky … Continue reading How To Decrypt Ruby SSL Communications with Wireshark→

October’s Patch Tuesday is upon us and with only six bulletins, it’s one of lightest releases we’ve seen. The six bulletins are split down the center with three rated as Critical and three rated as Important. This release addresses a…
Continue reading Microsoft Patch Tuesday for October 2015→

Magento is the most popular e-commerce platform owned by eBay since 2011. We illustrate how a severe security flaw can be introduced into a Magneto based e-commerce system, when installing a commonly used vulnerable version of the open-source Magmi uti… Continue reading Zero-day in Magmi database client for popular e-commerce platform Magento targeted in the wild→

This month’s update for our AppDetectivePRO and DbProtect Knowledgebase is now available. Knowledgebase version 4.54 includes new support for SAP (Sybase) Adaptive Server Enterprise (ASE) version 16.0, a new check for Oracle Database encryption, update… Continue reading AppDetectivePRO and DbProtect Knowledgebase Update 4.54→

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. New Vulnerability Test Highlights Some of the more interesting v… Continue reading TrustKeeper Scan Engine Update for October 07 2015→

In this week’s episode: SpiderLab’s Rodel Mendrez dissects the Quaverse RAT Current state of medical device security from DerbyCon 2015 Links mentioned in the show: Rodel Mendrez – Quaverse RAT: Remote-Access-as-a-Service DerbyCon 2015 videos Listen to… Continue reading SpiderLabs Radio for the Week of September 28, 2015→

We’ve just released a new version (4.38) of Corsigs for users of Trustwave Web Application Firewall (WAF) version 7.0. These new rules help protect users’ web applications against malicious traffic targeting the vulnerabilities listed below. Release Su… Continue reading Trustwave Web Application Firewall Signature Update 4.38 Now Available→

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. New Vulnerability Test Highlights Some of the more interesting v… Continue reading TrustKeeper Scan Engine Update for October 01 2015→