Articles about Trustwave

Researcher pops locks on keylogger, finds admin's email inbox

Trustwave researcher Rodel Mendrez has gained access to the inbox of the criminal behind a commercial keylogger used to attack industries including finance, cloud services, logistics, foreign trade, and government. Mendrez's reverse engineering effort found credentials buried within the Hawkeye keylogger that lead through …
Darren Pauli, 05 Jul 2016
Undrey http://www.shutterstock.com/gallery-950635p1.html

Lenovo Solution Center portal patched to shutter hacker god mode hole

Lenovo has patched a dangerous hole in its rebuilt Solution Center that could allow attackers to gain god mode access on hacked machines and to kill running processes including anti-virus. The pre-installed OEM software helps users update Lenovo tools and manage features like firewalls. Attackers with existing but …
Darren Pauli, 27 Jun 2016
Image composite: Microsoft and StudioLondon http://www.shutterstock.com/gallery-893620p1.html

Windows 10 zero day selling for $90,000

A Windows zero day vulnerability granting hackers deeper access to compromised machines is being sold for US$90,000 (£62,167, A$124,348). The local privilege escalation vulnerability is being sold on crime forum exploit.in and promises to help attackers who already have access to hacked machines. Seller BuggiCorp claims in a …
Darren Pauli, 01 Jun 2016
Lenovo

Sneaky Lenovo patches hole

Lenovo has quietly patched a hole in the software it bundles with its laptops and desktop PCs that can be exploited by malicious code to hijack the hardware. The Lenovo Solution Center can elevate malware and other nasties on machines a leg up to system-level privileges. It has been fixed in version 3.3.002, according to this …
Team Register, 06 May 2016

Zen Cart admins: Don't skip version 1.5.5

If you missed the March 17-issued patch for shopping cart application Zen Cart, get busy, because among other things it fixed serious cross-site scripting (XSS) vulnerabilities. Trustwave, which turned up the bug last September, made it public last Friday. Zen Cart reckons the vulnerability was closed before it was exploited …

Quadsys Five enter 'not guilty' pleas to Crown court charges

The fraud case against five men from security reseller Quadsys will go to trial in September after they pleaded not guilty to allegations of hacking into a rival’s database to plunder customer and pricing data. The individuals charged include MD Paul Cox, owner Paul Streeter, director Alistair Barnard, account manager Steve …
Paul Kunert, 18 Mar 2016

Millions menaced as ransomware-smuggling ads pollute top websites

Top-flight US online publishers are serving up adverts that attempt to install ransomware and other malware on victims' PCs. Websites visited by millions of people daily – msn.com, nytimes.com, aol.com, nfl.com, theweathernetwork.com, thehill.com, zerohedge.com and more – are accidentally pushing out booby-trapped adverts via …
John Leyden, 15 Mar 2016

Trustwave failed to spot casino hackers right under its nose – lawsuit

IT security biz Trustwave is being sued by a Las Vegas casino operator for allegedly bungling a hacking investigation. Trustwave denies any wrongdoing. The outcome of the lawsuit could have staggering consequences for infosec outfits hired to analyze and cleanup computer network intrusions, in terms of potential liabilities …
Chris Williams, 16 Jan 2016
Hello Barbie teardown by Somerset Recon

Hello Barbie controversy re-ignited with insecurity claims

Back in February, The Register queried the security and privacy implications of Mattel's “Hello Barbie”, and now the doll has hit the shelves, a prominent security researcher has turned up the first security problems with the toy. After an initial flurry of concern, the issue went quiet, but last Friday Matt Jakubowski ( …

Criminal are mostly hacking-by-numbers with exploit kits

Exploit kits are dominating the criminal hacking industry, but even though code fiends prefer colour-by-numbers cracking kits that isn't stopping them from assembling a vast command and control army domain name servers linked to popular kits are up 75 percent in the third quarter compared to 2014, according to a report. It …
Darren Pauli, 19 Nov 2015

More POS malware, just in time for Christmas

Threat researchers are warning of two pieces of point of sales malware that have gone largely undetected during years of retail wrecking and now appear likely to earn VXers a haul over the coming festive break. The Cherry Picker and AbaddonPOS malware, exposed in the last week, are the latest evolution in stealthy and capable …
Darren Pauli, 16 Nov 2015
Two upended shopping trolleys in an alleyway. Photo by Cyron, licensecd under CC 2.0

Joomla patches critical core shop-pwning flaw

Popular content management system (CMS) Joomla has pushed three patches, including a critical fix for SQL injection vulnerabilities that allow attackers to become admins on most customer websites. The team issued fix 3.4.5 addressing the SQLi vulnerabilities (CVE-2015-7297, CVE-2015-7857, CVE-2015-7858) which exist in version …
Darren Pauli, 23 Oct 2015

Dixons Carphone still has 7.5k Windows XP EPOS systems

Dixons Carphone is still using thousands of EPOS tills running on Windows XP more than a year after Microsoft’s extended support expired, The Register has learned. This is not the Embedded flavour of the OS (though even these would present a heightened risk of attack, say security experts) but 7,000-plus bog standard XP …
Paul Kunert, 18 Aug 2015

Quadsys Five charged with fraud over data-slurping allegations

The boys in blue have charged Paul Cox, MD at Oxfordshire-based security outfit Quadsys, with fraud after he and others at the firm allegedly hacked into a rival security reseller to take data, including pricing info. Cox was among five bods arrested in March by Thames Valley Police (TVP) in conjunction with the National Crime …
Paul Kunert, 14 Aug 2015

RIG exploit kit scum pop 27,000 machines a day

The authors of the RIG exploit kit have bounced back after a source code leak and are now again happily infecting computers at the rate of around 27,000 machines a day. The exploit kit, widely available at underground cybercrime markets, had its source code leaked in February. Trustwave Spiderlabs researchers say that since …
Darren Pauli, 04 Aug 2015

Ransomware slinging exploit kit targets Flash remote code execution

Attackers have added a recent dangerous Adobe vulnerability to the Magnitude exploit kit, according to respected independent malware researcher "Kafeine". The remote code execution vulnerability (CVE-2015-3113) revealed last week allows attackers to hijack un-patched machines targeting Internet Explorer on Windows 7 and XP. Web …
Darren Pauli, 29 Jun 2015

RubyGems slings patch at nasty redirect trojan holes

Get patching: new vulns in the RubyGems developer distribution platform could expose millions of users to malicious redirects. The hole (CVE-2015-3900) since patched means clients could be pushed to Gem severs hosting malicious content even if HTTPS is employed. Attackers further benefited since RubyGems Gems Server Discovery …
Darren Pauli, 24 Jun 2015
Register Roundtable at the Soho hotel

CISOs' newest fear? Criminals with a big data strategy

CIO Manifesto We again gathered an eclectic mix of IT execs including some CISOs, CTOs etc, in a secret bunker to discuss whether we’re winning the security battle. OK, the “bunker” was a meeting room under the Soho Hotel, but not only are we not winning, it is not even clear what winning actually means. On Target Our IT execs happily …
Dominic Connor, 19 Jun 2015

Trustwave: Here's how to earn $84,000 A MONTH as a blackhat

Exploit kit traders and ransomware slingers are in one of the most profitable industries in the world, landing a whopping 1,425 percent profit margin for raiding legitimate trade. Figures from infosec firm Trustwave show the blackhats who are enjoying what appears to be a current boom can score outrageous amounts of money by …
Darren Pauli, 10 Jun 2015
Open-mouthed Burmese python

Oracle releases antidote for VENOM vulnerability

Oracle has released patches for its virtualisation software to crimp the VENOM vulnerability that allows attackers to break out of virtual machines to attack hosts. The company follows a host of others including KVM and Xen which have patched the buffer overflow bug. VMware, Microsoft, and Bochs are immune to the problem. …
Darren Pauli, 19 May 2015
Venomous snake

VENOM virtual vuln proves less poisonous than first feared

Analysis A newly discovered vulnerability in many popular virtual machine platforms is serious, but nowhere near as bad as last year’s Heartbleed vulnerability, according to security experts. Dubbed VENOM (Virtualized Environment Neglected Operations Manipulation), the zero-day flaw takes advantage of the “virtual floppy disk controller …
John Leyden, 14 May 2015

'Hiding our wristjobs from Apple stores ain't easy' – iThing retail boss

QuoTW This week, Moore's Law turned 50, Microsoft lost a pile of cash and Comcast gave up on its dream of buying Time Warner Cable. Here are some of the better quotes uttered over the past seven days: Google got caught having a piddle party on poor Apple, but the Chocolate Factory was quick to heap the blame on its users. When asked …
Team Register, 26 Apr 2015

Cash register maker used same password – 166816 – non-stop since 1990

RSA 2015 Fraud fighters David Byrne and Charles Henderson say one of the world's largest Point of Sale (PoS) systems vendors has been slapping the same default passwords – 166816 – on its kit since 1990. Worse still: about 90 per cent of customers are still using the password. The enraged pair badged the PoS vendor by its other acronym, …
Darren Pauli, 23 Apr 2015
Two upended shopping trolleys in an alleyway. Photo by Cyron, licensecd under CC 2.0

Bank-card-sniffing shop menace Punkey pinned down in US Secret Service investigation

Security researchers have identified a new strain of point-of-sale (POS) malware during an investigation led by the US Secret Service. Stolen payment card information and the IP addresses of more than 75 infected sales tills were found by security researchers at Trustwave during the probe. It's unclear how many victims the so- …
John Leyden, 16 Apr 2015

Trustwave's off to Singapore as Singtel slurps security company

Singapore's dominant telco and aspiring services player, Singtel, has acquired Trustwave for about US$810m. Trustwave offers managed security services and the SpiderLabs ethical hacking research outfit, plus a range of network, content and endpoint security products. The company operates in 26 nations and has 1,200 people on the …
Simon Sharwood, 08 Apr 2015
management governance3

E-commerce enterprises gently told to update those protocols ... or else

A revamp in payment card industry regulations due out later this month will penalise e-commerce enterprises that rely on outdated crypto protocols. The PCI Security Standards Council updated standard – PCI DSS 3.1 – mandates that businesses move away from SSL onto more modern TLS protocols. The council is introducing the …
John Leyden, 07 Apr 2015
HMRC

Security vendor's blog post pinched to make HMRC phish look legit

Netcraft has found that security firm TrustWave inadvertently gave phishers a helping hand. The situation starts in this December 2010 blog post by Gavin Neale of M86 Security Labs, a company since acquired by TrustWave. Until Wednesday, that post included an image of a faked email from UK taxation agency HM Revenue and Customs …
Simon Sharwood, 13 Mar 2015

Can't stop Home Depot-style card pwning, but suppliers will feel PCI regulation pain

Third-party providers will face more stringent regulations as part of a revamp in payment card industry regulations due to go into full effect in the new year. The new Payment Card Industry Data Security Standard 3.0 (PCI 3.0) will be mandatory for all businesses that store, process or transmit payment card information beginning …
John Leyden, 17 Dec 2014
Malware

Twitter 'news' spreads faster than Ebola #FakeCures #Malware

Updated Social media has become a conduit for the spread of fake cures and treatments for Ebola. As if that weren't bad enough, confusion about the epidemic is also being harnessed to push malware and other cybercrime scams, security watchers warn. The hoaxes began in the Twittersphere with the spread of false ways to treat Ebola. Late …
John Leyden, 20 Oct 2014
IE8 patch

Internet Explorer stars in monster October Patch Tuesday

October is stacking up to be a bumper Patch Tuesday update with nine bulletins lined up for delivery — three rated critical. Cloud security firm Qualys estimates two of the lesser "important" bulletins are just as bad however, as they would also allow malicious code injection onto vulnerable systems. Top of the critical list is …
John Leyden, 10 Oct 2014
Spam image

spɹɐʍʞɔɐB writing is spammers' new mail filter avoidance trick

Spammers are writing emails backwards in an attempt to sneak past spam filters, security researcher Brian Bebeau has found. The pests were using left-to-right override code intended to facilitate the use of bi-direction text, such as a document that included English and Hebrew. The Trustwave researcher said the tactic had a …
Darren Pauli, 12 Sep 2014
IE8 patch

Back-to-school Patch Tuesday: Critical updates for Internet Explorer, Adobe Reader

Microsoft is planning a light edition of Patch Tuesday for September with just four bulletins, only one of which covers critical vulnerabilities. But an upcoming Adobe critical update for its Reader software around the same time means sysadmins are still likely to have their hands full next Tuesday. The sole critical update for …
John Leyden, 05 Sep 2014
Infosec

Who needs hackers? 'Password1' opens a third of all biz doors

Hundreds of thousands of hashed corporate passwords have been cracked within minutes by penetration testers using graphics processing units. The 626,718 passwords were harvested during penetration tests over the last two years conducted across corporate America by Trustwave infosec geeks. The firm's threat intelligence …
Darren Pauli, 15 Aug 2014
bug on keyboard

Remember Anna Kournikova? Come with us on a tour of bug-squishing history

Brain. No, it’s not some Skynet AI drone, nor is it the blob that was always out to get the Teenage Mutant Hero Turtles. It is the name of the first PC virus, dating back to 1986. The two Pakistani brothers, Basit and Amjad Farooq Alvi, who wrote it did not have malicious intentions: they simply wanted to scare people running …
Tom Brewster, 03 Jun 2014
management strategy2

Insight Enterprises grabs Trustwave EMEA marketing director

Insight Enterprises has raided Trustwave's reservation and made off with EMEA marketing director Jill Murray, El Chan can reveal. She is not a direct replacement for Ashley Gatehouse, who ran Insight's marketing activities across mainland Europe and the UK until last year, as her remit will cover only Blighty. Sources told us …
Paul Kunert, 14 May 2014
Windows XP BSOD

Final Windows XP Patch Tuesday will plug Word RTF vuln

The final Patch Tuesday for Windows XP will bring four bulletins, including a critical fix for a zero-day Word vulnerability uncovered last week. The critical 0-day vulnerability - already the object of targeted attacks - opens the door to remote code execution nasties if a user opens a RTF file in Word 2010 or in Outlook while …
John Leyden, 04 Apr 2014

Banks lob sueball at Trustwave, Target over breach

A group of banks has filed a class action lawsuit against Target over its recent data breach, and has named security company Trustwave as a co-defendant. The late-2013 security breach resulted in at least 40 million customers' credit cards being compromised, after a Maryland contractor's systems provided a bridge into the retail …

iOS 7: Even if you don't jailbreak your iPhone, bugs STILL CREEP IN

The comforting notion that unmodified iOS phones are more or less immune to security threats has been shaken to the core with the release of new research that shows mobile monitoring applications can bypass Apple’s app review process and successfully exploit non-jailbroken iOS 7 kit. Background monitoring mobile (AKA snooping) …
John Leyden, 25 Feb 2014
Bitcoin bloodbath

Pony up: Botnet succesfully targets Bitcoin

Another $US200,000-plus worth of Bitcoins has been lifted, according to Trustwave, which has identified a new Pony botnet targeting crypto-currencies. News of the heist comes hard on the heels of Mt Gox withdrawing from the Bitcoin foundation and killing off its social media accounts. Pony isn't a horse of a completely …
Iphone_hard_case

Put down that iPad! Snoopware RECORDS your EVERY gesture, TAP on iOS, Android

A security researcher has developed a proof-of-concept malware capable of capturing the actions of users on touchscreen devices. Senior security consultant Neal Hindocha and his colleagues at Trustwave were able to brew up similar strains of prototype malicious code for both rooted Android and jailbroken iOS devices. The line of …
John Leyden, 05 Feb 2014
Printed key

French gov used fake Google certificate to read its workers' traffic

A French government agency has been caught signing SSL certificates and impersonating Google. The bogus certificates were endorsed by the certificate authority of the French Treasury, DG Trésor. And the Treasury's own authorisation certificate was, in turn, vouched for by IGC/A (Infrastructure de Gestion de la Confiance de l' …
John Leyden, 10 Dec 2013

Two million TERRIBLE PASSWORDS stolen by malware attackers

Researchers have uncovered a massive cache of stolen account credentials which could impact some two million users. Security firm Trustwave said that its SpiderLabs reconnaissance team has detected a malware operation which has been able to pilfer account credentials on infected machines and build an archive of lifted passwords …
Shaun Nichols, 04 Dec 2013

Trustwave gobbles up Application Security, gorges itself on tech

Data security biz Trustwave has acquired fellow data security provider Application Security, a startup that specialises in automated database security scanning technologies. Financial terms of the deal, announced on Monday, were undisclosed. Privately-held Application Security develops security software for relational databases …
John Leyden, 12 Nov 2013

Easily picked CD-ROM drive locks let Mexican banditos nick ATM cash

Lax security at Mexican banks has allowed cybercriminals to put their own malware-ridden CDs into ATM machines in order to gain control of the easily-compromised cash machines. The Ploutus malware was installed after "criminals acquired access to the ATM’s CD-ROM drive and inserted a new boot CD into it". The ruse was possible …
John Leyden, 11 Oct 2013

Happy 10th b-day, Patch Tuesday: TWO critical IE 0-day bugs, did you say?

Microsoft delivered no fewer than eight bulletins to mark the tenth anniversary of Patch Tuesday, including a fix covering two zero-day vulnerabilities in Internet Explorer. A critical patch for all supported versions of IE covers a well-anticipated fix for the CVE-2013-3893 vulnerability, which has been associated with cyber …
John Leyden, 09 Oct 2013
The Register breaking news

Clear next Tues: Incoming Outlook, IE, Windows critical security patches

Microsoft will squash 14 sets of security vulnerabilities - four of which are deemed critical - in the next edition of its monthly batch of Patch Tuesday updates, due next week. Those four critical patches will address flaws in the Sharepoint server software, the Outlook component of Microsoft Office 2007 and 2010, Internet …
John Leyden, 06 Sep 2013
exchange_coffee

Microsoft pulls faulty Exchange 2013 patch HOURS after release

Microsoft has pulled a security update for Exchange 2013 after problems emerged with the latest patch to the email server software just hours after its release. The critical MS13-061 security update for Exchange Server 2013 broke the message index service, preventing Exchange 2013 email users from searching their mailboxes. …
John Leyden, 15 Aug 2013
toilet

Posh potty owners flushed by dodgy Bluetooth password

A high-tech toilet that takes care of everything except wiping its owner has been left wide open to attackers thanks to a basic security flaw. toilet Bluetooth blunder leaves bollocks prone to blasting The Satis toilet, a $5,686 (£3,821) appliance built by Japanese (of course) manufacturer Lixil, is designed to open itself …
Iain Thomson, 05 Aug 2013
The Register breaking news

Firefox 'death sentence' threat to TeliaSonera over gov spy claims

Firefox-maker Mozilla could issue a "death sentence" to TeliaSonera's SSL business over allegations the telecoms giant sold Orwellian surveillance tech to dictators. The punishment would be an embarrassing blow to the company: it would effectively cut off HTTPS-encrypted websites verified by TeliaSonera from Firefox users, who …
Gavin Clarke, 16 Apr 2013
The Register breaking news

Microsoft to slap 9 patches on Windows junkies on Tuesday

Microsoft is lining up nine patches - two critical - as part of the April edition of its regular Patch Tuesday update cycle. The nine bulletins due on 9 April affect all versions of Windows, some Office and Server components as well as Windows Defender on Windows 8 and RT. The first of the two critical updates covers all …
John Leyden, 05 Apr 2013