SpiderLabs Anterior: TrustKeeper Scan Engine

TrustKeeper Scan Engine Update - June 12, 2013

The latest update to the TrustKeeper Scan Engine is now available. It adds coverage for more than a dozen vulnerabilities, including several recent nginx and Cisco ASA vulnerabilities. It expands our vulnerability coverage for Joomla, with 9 new vulnerability tests. It also includes some performance enhancements to the web crawling module to help speed up scan times on slow performing web servers.

Continue reading "TrustKeeper Scan Engine Update - June 12, 2013" »

Posted by claudijd on 12 June 2013 at 08:28 in TrustKeeper Scan Engine | Permalink | Comments (0)

TrustKeeper Scan Engine Update - June 3, 2013

Summary

The latest update to the TrustKeeper Scan Engine is now available. It adds coverage for more than 50 vulnerabilities, including several recent Cisco and Ruby on Rails vulnerabilities. It also continues to greatly expands our vulnerability coverage for Moodle CMS, adding more than 30 new vulnerability tests for it.

Continue reading "TrustKeeper Scan Engine Update - June 3, 2013" »

Posted by woodbusy on 03 June 2013 at 16:56 in TrustKeeper Scan Engine | Permalink | Comments (0)

TrustKeeper Scan Engine Update - May 15, 2013

The latest update to the TrustKeeper Scan Engine is now available. It adds coverage for more than two dozen vulnerabilities, including several recent Ruby on Rails vulnerabilities. It also greatly expands our vulnerability coverage for Moodle CMS, with 20 new vulnerability tests. Additionally, with official support from Microsoft for Windows XP ending in less than a year, we have added an informational notice for detected Windows XP systems, reminding customers that support (and security fixes) will be ending soon.

Continue reading "TrustKeeper Scan Engine Update - May 15, 2013" »

Posted by woodbusy on 15 May 2013 at 16:30 in TrustKeeper Scan Engine | Permalink | Comments (0)

TrustKeeper Scan Engine Update - May 1, 2013

The latest update to the TrustKeeper Scan Engine is now available. It adds coverage for more than a dozen vulnerabilities, including several recent vulnerabilities in Cisco and Oracle products. Newly covered vulnerabilities also include recent vulns in Microsoft Active Directory (including ADAM and AD LDS as well as the usual AD) and MySQL.

Continue reading "TrustKeeper Scan Engine Update - May 1, 2013" »

Posted by woodbusy on 01 May 2013 at 15:36 in TrustKeeper Scan Engine | Permalink | Comments (0)

TrustKeeper Scan Engine Update - April 19, 2013

The latest update to the TrustKeeper Scan Engine is now available. It adds coverage for more than 20 vulnerabilities, including several recent vulnerabilities that are likely to affect many websites running on Ruby on Rails, WordPress, Drupal and/or Moodle. Newly covered vulnerabilities also include recent denial-of-service vulns in Cisco IOS and ISC BIND, likely to affect many administrators as well.

Continue reading "TrustKeeper Scan Engine Update - April 19, 2013" »

Posted by woodbusy on 19 April 2013 at 17:14 in TrustKeeper Scan Engine | Permalink | Comments (0)

TrustKeeper Scan Engine Update - April 3, 2013

The latest and greatest release of the TrustKeeper Scanning Engine is here. This update contains coverage for 23 new vulnerabilities, including tests for Oracle Application Server, Oracle Database Server, Oracle Solaris, PHP, and Wordpress.

Additionally, the scan engine has been updated to detect Webmin UDP Broadcast services.

This update also contains a whole bunch of improvements to current tests and many other improvements to the engine itself.

Continue reading "TrustKeeper Scan Engine Update - April 3, 2013" »

Posted by Jason Leyrer on 03 April 2013 at 10:40 in TrustKeeper Scan Engine | Permalink | Comments (0)

TrustKeeper Scan Engine Update - March 22, 2013

Remember two weeks ago when we said it was almost time for Spring? Well, it's certainly not that time here in Chicago. It's more winter than ever with even more on the horizon. Hopefully someone somewhere is warm.

In any case, today is the time for the release of the most recent update to the TrustKeeper scan engine. We've included 7 new vulnerability tests that include tests for Apache, PHP and Cisco. This update also contains a whole bunch of improvements to current tests and many other improvements to the engine itself. Enjoy!

Continue reading "TrustKeeper Scan Engine Update - March 22, 2013" »

Posted by Donovan Lampa on 22 March 2013 at 15:51 in TrustKeeper Scan Engine | Permalink | Comments (0)

TrustKeeper Scan Engine Update - March 7, 2013

Summary

Today's a big day. We're now in the final days of winter, here in Chicago. Two weeks from today spring will begin, all the snow will melt, and we'll all run outside to jump and play in the bright, warm sunshine.

More importantly, though, today marks the release of our latest update to the TrustKeeper scan engine. We've included coverage for more than 20 vulnerabilities, including several from Microsoft and several others for PHP. As usual, the update also includes several refinements to existing vulnerability tests.

Continue reading "TrustKeeper Scan Engine Update - March 7, 2013" »

Posted by woodbusy on 07 March 2013 at 10:09 in TrustKeeper Scan Engine | Permalink | Comments (0)

TrustKeeper Scan Engine Update - February 20, 2013

The latest update to the TrustKeeper Scan Engine is now available. It includes coverage for over 20 vulnerabilities for products such as Cisco IOS/ASA, Oracle Database, PHP, ISC BIND, Samba and OpenSSL, among others.

As always, this update also includes improvements to existing tests and better evidence reporting.

Continue reading "TrustKeeper Scan Engine Update - February 20, 2013" »

Posted by Jason Leyrer on 20 February 2013 at 11:48 in TrustKeeper Scan Engine | Permalink | Comments (0)

TrustKeeper Scan Engine Update - February 6, 2013

The latest update to the TrustKeeper Scan Engine is now available. It includes coverage for over 30 vulnerabilities for products such as Apache, Cisco IOS, Oracle Database and MySQL Servers, PHP, Samba and Ruby on Rails.

Of the vulnerabilities in the update, the most popular (at least according to twitter), are the recent XML and JSON parsing vulnerabilities in Ruby on Rails (CVE-2013-0156 and CVE-2013-0333). These vulnerabilities could allow an unauthenticated attacker remote code execution on a vulnerable web application. If you are using the Ruby on Rails, we highly recommending that you upgrade to the latest stable release.

If you're interested in reading more about these Ruby on Rails vulnerabilities and our perspective, we recommend checking out Ryan Barnett's recent posts (here and here), which provide ModSecurity mitigations for Ruby on Rails and some information about what types of scanning for these vulnerabilities we've seen in the wild.

As always, this update also includes improvements to existing tests and better evidence reporting.

Continue reading "TrustKeeper Scan Engine Update - February 6, 2013" »

Posted by claudijd on 06 February 2013 at 14:08 in TrustKeeper Scan Engine | Permalink | Comments (0)

SpiderLabs Anterior

Official Blog of Trustwave's SpiderLabs - SpiderLabs is an elite team of ethical hackers, investigators and researchers at Trustwave advancing the security capabilities of leading businesses and organizations throughout the world.

Search

Categories

Security Advisories

Trustwave Press Releases

TrustKeeper Scan Engine

12 June 2013

TrustKeeper Scan Engine Update - June 12, 2013

03 June 2013

TrustKeeper Scan Engine Update - June 3, 2013

15 May 2013

TrustKeeper Scan Engine Update - May 15, 2013

01 May 2013

TrustKeeper Scan Engine Update - May 1, 2013

19 April 2013

TrustKeeper Scan Engine Update - April 19, 2013

03 April 2013

TrustKeeper Scan Engine Update - April 3, 2013

22 March 2013

TrustKeeper Scan Engine Update - March 22, 2013

07 March 2013

TrustKeeper Scan Engine Update - March 7, 2013

20 February 2013

TrustKeeper Scan Engine Update - February 20, 2013

06 February 2013

TrustKeeper Scan Engine Update - February 6, 2013