Throughout 2011, I am sure that you have heard of the compromise of RSA, in which the stolen data regarding RSA’s Secure ID appears to have been used in subsequent attacks and that there were many more victims other than RSA. You've probably also heard of ShadyRAT, which demonstrated the longevity of command and control infrastructure as well as Nitro and Night Dragon which showed that some attackers focus on specific industries.
You've probably also heard of Trend Micro's research of the Lurid attacks ...
Earlier today, we encountered a malware that exploits a recently (and publicly) disclosed vulnerability, the MIDI Remote Code Execution Vulnerability (CVE-2012-0003). (Ed. Note: addressed in MS12-004)
The said vulnerability is triggered when Windows Multimedia Library in Windows Media Player (WMP) fails to handle a specially crafted MIDI file, consequently allowing remote attackers to execute arbitrary code.
In the attack that we found, the infection vector is a malicious HTML which we found hosted on the domain, hxxp://images.{BLOCKED}p.com/mp.html. This HTML, which Trend Micro detects as ...
At a time when the web is flooded with user information and entire platforms are built and run on sharing just about every piece of information about oneself, you have to wonder, "Are we really living in the post-privacy era?"
For 2012, we believe that the new social networking generation will redefine privacy. Our concept of online privacy constantly changes along with various shifts in technology. Providing information has become so convenient that most people no longer know how much information ...
ICS (Industrial Control Systems) Networks have been really big news lately, due to a spate of vulnerabilities, high-publicized breaches, and various other security concerns.
ICS Networks are defined as networks or collections of networks that consist of elements that control and provide telemetry data on electromechanical components. Such components include valves, regulators, switches, and other electromechanical devices that one may find in various industries such as oil and gas production, water processing, environmental control, electrical power generation and distribution, manufacturing, transportation, ...
The IRS officially kicked off the beginning of tax season in the US, and just right in time for it are the cybercriminals who are already taking advantage and using tax-related messages as a social engineering lure.
We've recently spotted samples of spammed messages posing as a notice from Fidelity Investments, a well-known American financial institution.
The email, which is in a newsletter-format, contains the subject "Your statement is ready for your review". It informs recipients that his/her tax statement is attached ...
