Official Blog of Trustwave's SpiderLabs - SpiderLabs is an elite team of ethical hackers, investigators and researchers at Trustwave advancing the security capabilities of leading businesses and organizations throughout the world.
The next update to the Knowledgebase for AppDetectivePRO and DbProtect is now available.
Knowledgebase version 4.35 includes checks for new vulnerabilities and configuration issues in Microsoft SQL Server and Hadoop.
This update also includes improvements to existing checks to determine whether you’re correctly patching your Sybase installations in accordance with your organization’s security policy. Read on for more highlights from this release.
The latest update to the TrustKeeper Scan Engine is now available. This release was created solely to add detection for the recently disclosed “HeartBleed” vulnerability affecting OpenSSL libraries.
The HeartBleed vulnerability was disclosed earlier this week, on April 7, 2014 and has been assigned CVE-2014-0160. This vulnerability could affect any service that uses OpenSSL to make secure connections such as: web servers, email services, VPN software and more.
In this episode I bid a fond farewell to Windows XP; Microsoft patches that RTF 0-day vulnerability, Some Ransomware authors get a lesson in crypto, A new do-nothing security app that literally did nothing, and the vulnerability giving everyone heartburn, Heartbleed.
As Karl noted in his Patch Tuesday post, yesterday was the last day of support for Windows XP.
We flipped the switch at midnight last night to make detection of XP a failing condition for TrustKeeper vulnerability scans. Those relatively few TrustKeeper scanning customers with XP machines will now see their warnings replaced by findings noting that they're running an unsupported OS.
In this third installment of Detecting A Surveillance State blog series I will move away from hardware devices as discussed in parts one and two and talk instead about something harder to detect--persistent compromises made possible by BIOS or firmware modifications.
Again, the source used on how these devices worked was restricted to the public knowledge about them found on Wikipedia, and what was publically disclosed at 30c3.
In the leaks links above, they describe utilities used by some state actor spy agencies that would allow for persistent compromises on devices utilizing their own firmware or BIOS to prevent removal during an OS reinstall or similar. These attacks can affect computers, network routers and even some hard drives.
The documents describing the programs I’m covering today do not explain how the infections would take place. The most common methods to infect a firmware or BIOS would be to access an already exploited system or intercept the device before the owners of the devices receive them (e.g.. supply chain attack) and install the infected BIOS or firmware. Since this portion of the attack is not known at this time, I will not cover specifics about how to prevent supply chain attacks or on the fly firmware/BIOS modifications.
Apart from our typical application penetration testing engagements, clients sometimes come to us looking to test the resiliancy of various security mechanisms they want to apply to their applications. This was the case a few weeks ago when one of our larger clients approached us and asked us to test a copy protection, DRM solution for one of their Android applications.
Attacking copy protection is usually a combination of both static and dynamic analysis. This includes looking at the reverse-engineered source code to figure out how the copy protection worked and to find any encryption keys, as well as, watching the application transform into the unencrypted version.
Our first step was to reverse engineer the target .apk file using dex2jar and JD-GUI to see the obfuscation.
April’s Microsoft Patch Tuesday is on par with the prior releases this year. There are only four bulletins being released, two rated “Critical” and two rated “Important”. Of course the long coming, but somehow still apocalyptic news that Windows XP is dead has overshadowed these bulletins.
So this is it. We’ve been warned. And warned and warned. Today marks the last day that Microsoft will issue public patches for Windows XP, even though XP still represents almost 30% of all desktop installations and anywhere from 80-95% of the world’s ATMs.
In this episode I talk about GMail making HTTPS mandatory, a move some people don't like; Microsoft announces a 0-day exploit targeting the RTF parser in Word and Outlook; and Ploutus, ATM malware that's making the news. I also interview Trustwave SpiderLabs own Mike Park about ATM hacking techniques and in-the-wild exploitation.
We'd love to hear what you think or what you'd like to hear in future episodes. Please feel free to leave comments below!
The latest update to the TrustKeeper Scan Engine is now available. It adds detection for a dozen vulnerabilities, including several affecting Cisco ASA and IOS devices. We also added detection for more than a dozen common web backdoors. These are often installed by attackers after compromising a website, and they allow the attacker to more easily gain further access to the server they are installed on.