322 matches found
Newly Patched SAP ASE Flaws Could Let Attackers Hack Database Servers
A new set of critical vulnerabilities uncovered in SAP's Sybase database software can grant unprivileged attackers complete control over a targeted database and even the underlying operating system in certain scenarios. The six flaws, disclosed by cybersecurity firm Trustwave today, reside in...
Crooks Tap Google Firebase in Fresh Phishing Tactic
A series of phishing campaigns using Google Firebase storage URLs have surfaced, showing that cybercriminals continue to leverage the reputation of Google’s cloud infrastructure to dupe victims and skate by secure email gateways. Google Firebase is a mobile and web application development platfor...
Spray - A Password Spraying Tool For Active Directory Credentials By Jacob Wilkin(Greenwolf)
A Password Spraying tool for Active Directory Credentials by Jacob WilkinGreenwolf Getting Started These instructions will show you the requirements for and how to use Spray. Prerequisites All requirements come preinstalled on Kali Linux, to run on other flavors or Mac just make sure curlowa & ly...
CVE-2019-19886
Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...
CVE-2019-19886
Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...
CVE-2019-19886
Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...
Code injection
Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...
UBUNTU-CVE-2019-19886
Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...
CVE-2019-19886
Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...
CVE-2019-19886
Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...
CVE-2019-19886
The CVE affects Trustwave ModSecurity v3 (libmodsecurity), specifically versions 3.0.0–3.0.3, where a flaw in Transaction::addRequestHeader in transaction.cc can cause denial of service when crafted requests are sent rapidly in large volumes. Reported impact is server slowdown or unavailability. ...
PT-2020-10284 · Trustwave · Modsecurity
Name of the Vulnerable Software and Affected Versions: Trustwave ModSecurity versions 3.0.0 through 3.0.3 Description: The issue allows an attacker to send crafted requests that may lead to the server becoming slow or unresponsive due to a flaw in Transaction::addRequestHeader in transaction.cc...
Fake 'Windows Update' Installs Cyborg Ransomware
A malicious spam campaign that informs victims it contains a “critical Windows update” instead leads to the installation of Cyborg ransomware, researchers have found. Further, they were able to access its builder, which can be used to create malware variants. The email-based threat, discovered...
Some D-Link and Comba WiFi Routers Leak Their Passwords in Plaintext
What could be worse than your router leaking its administrative login credentials in plaintext? Cybersecurity researchers from Trustwave's SpiderLabs have discovered multiple security vulnerabilities in some router models from two popular manufacturers—D-Link and Comba Telecom—that involve insecu...
Vulnerabilities in D-Link, Comba Routers Can Leak Credentials
Researchers have discovered vulnerabilities in D-Link and Comba Telecom routers that can leak passwords for the devices and have the potential to affect every user on networks that use them for access. Trustwave SpiderLabs Security Researcher Simon Kenin discovered the vulnerabilities—two in a...
Rare Steganography Hack Can Compromise Fully Patched Websites
An unusual steganographic technique that an attacker can use to implant a malicious webshell on unsuspecting websites has been spotted in Latin America. According to research from Trustwave shared exclusively with Threatpost, a forensic investigation showed that an adversary is implanting PHP cod...
Pakistani Govt’s passport application tracking site hacked with Scanbox framework
By Waqas Hackers are after anyone seeking Pakistani passport while there is no response from the website's administrator. Researchers at information security firm Trustwave have made a startling new discovery about data breach on a Pakistani government website involving the Scanbox Framework. It ...
Critical zero-day vulnerabilities hit Lifesize video conferencing products
By Waqas The IT security researchers at TrustWave have discovered critical zero-day vulnerabilities in video conferencing products developed by Lifesize which, if exploited by attackers can cause a great deal of damage. Lifesize is an audio and video telecommunication firm based in the United...
Cryptojacking Attack Targets Make-A-Wish Foundation Website
Hackers have been stealing CPU-cycles from visitors to the Make-A-Wish Foundation’s international website in order to mine for Monero cryptocurrency. Researchers said they found the CoinIMP mining script embedded in the non-profit’s website, and that it was taking advantage of the Drupalgeddon 2...
Windows Gather PureVPN Client Credential Collector
Finds the password stored for the PureVPN Client. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather PureVPN Client Credential Collector', 'Description' = %q Finds the password stor...