Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    March 2013
    S M T W T F S
    « Feb   Apr »
  • Email Subscription

  • About Us

    Archive for March 12th, 2013

    Two weeks ago, I attended RSA 2013 Conference in San Francisco and was impressed by the number of participating security vendors. The addition of the Human Element and Breaking Research in the technical track sessions also provided a refreshing stroke to this year’s presentations.

    Below are some of my experiences and insights on some noteworthy discussions involving security awareness, hacking back, and going offensive legally.

    The 7 Highly Effective Habits of a Security Awareness Program

    Samantha Manke and Ira Winkler of Secure Mentem discussed their views on the difference between security training and security awareness. They highlighted the importance of a security culture in companies in enabling employees to apply best computing practices on a daily basis, resulting to long-term security awareness within the organization.

    They presented the results of their recent study conducted among Fortune 500 companies in the Health, Manufacturing, Food, Financial and Retail sectors. This study focuses on security awareness campaigns that companies implemented and how effective these were. They came up with key findings that lead them to create their 7 Highly Effective Habits of a Security Awareness Program, which are:

    1. Create a Strong Foundation
    2. (Have) Organizational Buy-in
    3. (Encourage) Participative Learning
    4. (Have) More Creative Endeavors
    5. Gather Metrics
    6. Partner with Key Departments
    7. Be the Department of HOW

    My key takeaway for this session is of course the last part.  We, the information security professionals, should be the “Department of HOW” and not the “Department of NO”. We must focus on how to allow users to do what they want safely, not simply saying no to our own customers and further locking down systems.

    While I understand the need to establish dos and don’ts in company security policies, we should raise the bar and let security be a key part of solving business challenges, not an obstacle to it.

    Read the rest of this entry »


    Patch-Tuesday_grayAfter releasing 12 security bulletins resolving a whopping 57 security flaws last month, this month’s Patch Tuesday is relatively light.

    For March, Microsoft unveils seven bulletins, in which four are rated Critical and three Important. Three of the bulletins deemed Critical may allow remote code execution, resulting to attackers installing malware onto unpatched systems. The other critical bulletin may permit possible aggressors to gain admin rights, basically giving them control over vulnerable machines.

    The first of these Critical bulletins addresses flaws found on Internet Explorer versions 6 to 10 for all versions of Windows, including Windows 8. In particular, Microsoft noted CVE-2013-2888 as its exploit code is said to be publicly available, giving possible attackers enough information to create working exploits in the near future.

    The other critical bulletins concern Microsoft Silverlight, Office and Server Software. Two bulletins tagged as Important, both for Microsoft Office, may lead to unwanted exposure of important and personal data. The last Important bulletin addressing vulnerability in Windows may lead to elevation of privileges.

    However, this month’s roster of bulletins does not address the IE 10 vulnerabilities found during the Pwn2Own hacking contest last week, in which researchers were able to pawn MS Surface Pro by way of these IE flaws. More importantly, abusing these zero-day vulnerabilities enabled them to fully compromise Windows 8 with sandbox bypass.

    Read the rest of this entry »

    Posted in Vulnerabilities | Comments Off on Microsoft Unveils 7 Bulletins for March 2013 Patch Tuesday

    neutrinoRobust and stealthier toolkits are predicted to emerge this year. This was first seen when the WhiteHole Exploit Kit appeared in the threat landscape. It took advantage of several vulnerabilities including the infamous CVE-2013-0422.

    Additionally, there have been reports of another new exploit kit called “Neutrino” being sold in the underground. The exploit, which we detect as JAVA_EXPLOYT.NEU takes advantage of the following vulnerabilities:

    Systems with versions Java 7 Update 11 and below are vulnerable. When exploited successfully, it downloads a ransomware variant, or  TROJ_RANSOM.NTW. Ransomware typically lock computers until users pay a certain amount of money or ransom. Our research paper Police Ransomware Update contains more information on the said threat.

    The vulnerabilities covered in CVE-2013-0431 were also exploited in a BlackHole Exploit kit spam run that supposedly came from PayPal. This vulnerability was addressed when Oracle released an out-of-band update, raising issues and concerns. On the other hand, CVE-2012-1723 was also employed by the BlackHole Exploit kit as well as the WhiteHole exploit kit.

    Read the rest of this entry »

    Posted in Exploits, Vulnerabilities | Comments Off on A New Exploit Kit in Neutrino


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice