https://www.trustwave.com/en-us/ SpiderLabs is Trustwave’s elite team of ethical hackers, forensic investigators and security researchers. Fri, 07 Dec 2018 19:02:41 +0000 Fri, 07 Dec 2018 19:02:41 +0000 en-us https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v303-what-to-expect/ At precisely 155 commits ahead of the latest version, ModSecurity version 3.0.3 contains a number of improvements and features to enhance the ModSecurity experience. In this blog post, we'll explain some of the new capabilities in the latest release. Better... Mon, 12 Nov 2018 00:00:00 GMT Trustwave-21011 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-version-30-announcement/ libModSecurity aka ModSecurity version 3.0 is out there. libModSecurity starts a new era in terms of ModSecurity extensibility. The modular architecture provides flexibility to extend ModSecurity core with scripting languages and from scripting languages. Facilitating work such as: UI integration,... Wed, 10 Jan 2018 00:00:00 GMT Trustwave-15753 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-web-application-firewall-commercial-rules-update-4/ We have recently released new commercial rules for ModSecurity Web Application Firewall (WAF) v2.9 and above. These rules' purpose is to protect against new emerging attacks that target vulnerabilities in public software. For this release we are highlighting virtual patches... Wed, 18 Oct 2017 00:00:00 GMT Trustwave-15773 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-web-application-firewall-commercial-rules-update-3/ We have released new commercial rules for ModSecurity Web Application Firewall (WAF) v2.9 and above. These rules' purpose is to protect against new emerging attacks that target vulnerabilities in public software. For this release we would like to highlight the... Thu, 14 Sep 2017 00:00:00 GMT Trustwave-15783 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-version-300-first-release-candidate/ Recently we announced the first release candidate for libModSecurity (also as known as ModSecurity version 3). The goal was to turn ModSecurity into a mature library that could be used seamlessly regardless of web server or platform. The motivations for... Wed, 30 Aug 2017 00:00:00 GMT Trustwave-15785 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-web-application-firewall-commercial-rules-update-2/ We have released new commercial rules for ModSecurity Web Application Firewall (WAF) v2.9 and above. These rules' purpose is to protect against new emerging attacks that target vulnerabilities in public software. For this release we are highlighting virtual patches for... Tue, 22 Aug 2017 00:00:00 GMT Trustwave-15789 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/announcing-modsecurity-version-292/ We recently released ModSecurity version 2.9.2. The release contains a number of bug fixes, including two security issues: Allan Boll reported an uninitialized variable that may lead to a crash on Windows platform. Brian Adeloye reported an infinite loop on... Wed, 09 Aug 2017 00:00:00 GMT Trustwave-15790 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-web-application-firewall-commercial-rules-update-1/ We have released new commercial rules for ModSecurity Web Application Firewall (WAF) v2.9 and above. These rules' purpose is to protect against new emerging attacks that target vulnerabilities in public software. For this release we would like to highlight the... Wed, 12 Jul 2017 00:00:00 GMT Trustwave-15795 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-version-3-fuzzing-as-part-of-the-qa/ The stability of any given project is often tracked by its maturity, which is generally measured by how old the code is. Even though this may be true a lot of the time, here at Trustwave SpiderLabs we wanted to... Wed, 21 Jun 2017 00:00:00 GMT Trustwave-15803 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-web-application-firewall-commercial-rules-update/ We have just released new commercial rules for ModSecurity Web Application Firewall (WAF) v2.9 and above. These rules' purpose is to protect against new emerging attacks that target vulnerabilities in public software. For this release we would like to highlight... Fri, 16 Jun 2017 00:00:00 GMT Trustwave-15805 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/creating-the-modsecurity-v3-ids-connector-as-part-of-google-summer-of-code/ A note from the Trustwave Spiderlabs ModSecurity team: The following blog was written at the culmination of the Google Summer Of Code (GSOC) program by Akhil Koul. The ModSecurity team mentored Akhil to help enhance the open source ModSecurity project... Fri, 27 Jan 2017 00:00:00 GMT Trustwave-15835 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/is-modsecurity-s-secrules-turing-complete/ Have you ever seen a rule for ModSecurity? They may look similar to the following: SecRule REQUEST_URI "@endswith example.com/index.html" "id:1,log,deny,redirect:http://modsecurity.org" This rule may look complicated, but it is extremely basic. It says, if you find a URL ending with example.com/index.html... Fri, 20 Jan 2017 00:00:00 GMT Trustwave-15837 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/owasp-core-rule-set-300-final-release/ The OWASP Core Rule Set (CRS) team is excited to announce the immediate availability of the OWASP Core Rule Set Version 3.0.0 stable release. This release represents over two and a half years of effort with nearly 1000 commits and... Fri, 11 Nov 2016 00:00:00 GMT Trustwave-15846 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/owasp-modsecurity-crs-version-30-rc2-released/ The OWASP Core Rule Set (CRS) is an Open Source project run by the Open Web Application Security Project (OWASP) and is frequently paired with the Open Source ModSecurity project. As part of Trustwave's commitment to ModSecurity, the Spiderlabs Web... Wed, 19 Oct 2016 00:00:00 GMT Trustwave-15850 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/owasp-modsecurity-crs-version-30-rc1-released/ Trustwave has been dedicated to supporting ModSecurity and the associated community for the better part of a decade. Over this time, ModSecurity and the associated OWASP Core Rule Set (CRS) have seen major advances and are currently positioned as leading... Mon, 15 Aug 2016 00:00:00 GMT Trustwave-15859 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/sending-modsecurity-logs-to-mysql/ Previous Work As part of our positions at SpiderLabs Research we each get time to undertake various research tasks. Typically on the Web Server Security team we spend this time improving ModSecurity and Trustwave WAF, analyzing the latest web threats,... Tue, 02 Feb 2016 00:00:00 GMT Trustwave-15902 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/an-overview-of-the-upcoming-libmodsecurity/ libModSecurity is a major rewrite of ModSecurity. It preserves the rich syntax and feature set of ModSecurity while delivering improved performance, stability, and a new experience in easy integration on different. libModSecurity - Motivations While ModSecurity version 2.9.0 is available... Mon, 28 Dec 2015 00:00:00 GMT Trustwave-15908 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/protecting-your-sites-from-apachecommons-vulnerabilities/ A few weeks ago, FoxGlove Security released this important blog post that includes several Proof-of-Concepts for exploiting Java unserialize vulnerabilities. A remote attacker can gain Remote Code Execution by sending specially crafted payload to any endpoint expecting a serialized... Mon, 21 Dec 2015 00:00:00 GMT Trustwave-15910 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/joomla-0-day-exploited-in-the-wild-cve-2015-8562/ A recent new 0-day in Joomla discovered by Sucuri (Sucuri Blog) has drawn a lot of attention from the Joomla community, as well as attackers. Using knowledge gained from our recent research on Joomla (CVE-2015-7857, SpiderLabs Blog Post) and information... Fri, 18 Dec 2015 00:00:00 GMT Trustwave-15911 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/joomla-sql-injection-vulnerability-exploit-results-in-full-administrative-access/ Trustwave SpiderLabs researcher Asaf Orpani has discovered an SQL injection vulnerability in versions 3.2 through 3.4.4 of Joomla, a popular open-source Content Management System (CMS). Combining that vulnerability with other security weaknesses, our Trustwave SpiderLabs researchers are able to gain... Thu, 22 Oct 2015 00:00:00 GMT Trustwave-15922 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/zero-day-in-magmi-database-client-for-popular-e-commerce-platform-magento-targeted-in-the-wild/ Magento is the most popular e-commerce platform owned by eBay since 2011. We illustrate how a severe security flaw can be introduced into a Magneto based e-commerce system, when installing a commonly used vulnerable version of the open-source Magmi utility and failing to change the default security configuration. The appearance of HTTP requests attempting to exploit this vulnerability in the wild indicates that some bad actors are onto this method as well. Once successful, the attacker gains the Magento site credentials and the encryption key for the Magento database. Tue, 13 Oct 2015 00:00:00 GMT Trustwave-15929 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/honeypot-alert-fritz-box-remote-command-execution-exploit-attempt/ Our web honeypots picked up some exploit attempts for a remote command execution vulnerability in FRITZ!Box, a series of routers produced by AVM. This exploit targets router firmware issues, and we're seeing an increase in this type of activity. Here... Tue, 26 May 2015 00:00:00 GMT Trustwave-15972 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/owaspwasc-distributed-web-honeypots-project-re-launch-seeking-participants/ The SpiderLabs Research Team is proud to announce that we are officially re-launching the Distributed Web Honeypots Project under the new joint OWASP/WASC project home! For those SpiderLabs Blog readers who follow our "Honeypot Alert" series, you may be interested... Tue, 31 Mar 2015 00:00:00 GMT Trustwave-15992 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/honeypot-alert-fhs-null-byte-attack-cve-2014-6287-attempts-to-install-ddos-malware-iptablex/ Our web honeypots picked up some exploit attempts for CVE-2014-6287 which is a command execution vulnerability in the Rejetto HTTP File Server (aks HFS or HttpFileServer) product. Here is PoC vulnerability details from PacketStorm: Honeypot Attack Example One of our... Wed, 25 Feb 2015 00:00:00 GMT Trustwave-16007 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/announcing-modsecurity-v290-stable-release/ The SpiderLabs Research - ModSecurity Team is proud to announce the stable release of version 2.9.0 which contains bug fixes reported during the Release Candidate (RC) phase. The most important change from v2.9.0-RC2 to v2.9.0: Fix apr_crypto.h include, now checking... Thu, 12 Feb 2015 00:00:00 GMT Trustwave-16013