Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Author Archive - Bernadette Irinco (Technical Communications)




    While new threats are emerging that hit new avenues or targets like PoS systems and cryptocurrencies, old threats like phishing remains to be an effective means of gathering user data. A simple spam email that leverages holidays, online shopping, release of anticipated gadgets, and hot/current news items can redirect unsuspecting users to survey scams and phishing pages that ask for their credentials and personal identifiable information (PII). A very recent example of this is the attacks we saw leveraging the interest around the World Cup.

    Phishing pages often mimicked legitimate banks’ websites to trick users into thinking that they’re inputting their information to the real banks or companies. As an example, the research done by Trend Micro experts on the Russian underground has revealed the amount of information gathered by a cybercriminal that “specializes” on stealing such information. On the other hand, spear phishing, a more dangerous variant of phishing, is primarily utilized for targeted attack campaigns. These malicious emails use contextually relevant subjects, and send to employees of various functions in order to penetrate the network.

    To avoid becoming victims of phishing and other nefarious threats that come with it, we created the video below to educate users on how you can spot phishing scams. It specifically looks at a phishing operation in Brazil that leveraged on the recently concluded 2014 World cup and hosted phishing site templates, malware, and victims’ personal documents in an online sharing site.

    This is the first of our Cybercrime Exposed series of videos, which aims to expose the inner workings of the latest threats today to arm users with awareness. Stay tuned for the next episodes to be released within the next few months.

     
    Posted in Bad Sites, Malware, Spam |



    Patch-Tuesday_grayInternet Explorer and Microsoft Windows are some of the affected applications addressed in this month’s round of security updates.  For their July patch Tuesday, Microsoft has released six security bulletins, two of which are tagged as ‘critical’.  The three other bulletins are rated as ‘important’ and one bulletin as ‘moderate.’

    MS14-037 resolves about 23 vulnerabilities found existing in Internet Explorer, which may lead to remote code execution when exploited successfully via a specially crafted webpage. These vulnerabilities affect Internet Explorer versions 6 to 11. One of the vulnerabilities covered in this bulletin is Extended Validation (EV) Certificate Security Feature Bypass Vulnerability (CVE-2014-2783), which has been disclosed publicly. However, as of this posting no exploit is seen in the wild abusing this particular vulnerability.

    While Microsoft isn’t saying if the latest IE vulnerabilities affect IE 6 on Windows XP, we can reasonably suppose that it is affected since IE 6 on Windows Server 2003 is vulnerable. Users with Windows XP and have OfficeScan with the Intrusion Defense Firewall running are protected against attacks using these vulnerabilities.

    Another critical bulletin, MS14-038 addresses vulnerability in Microsoft Windows. If exploited, attackers can also execute remote code via a specially crafted Journal file. As such, this can compromise the security of user systems. Bulletins which are rated as ‘important’ also affect Microsoft Windows and pose risks since it may lead to elevation of privilege once exploited by remote attackers.

    Adobe has also rolled out its security patches for vulnerabilities found in Adobe Flash Player. When exploited, these vulnerabilities can allow a remote attacker from compromising the system and consequently, taking control of it.  These vulnerabilities are covered under the following CVEs:

    • CVE-2014-0537
    • CVE-2014-0539
    • CVE-2014-4671

    Users are strongly advised to update their Adobe Flash Player to its latest version. Trend Micro Deep Security and Office Scan with Intrusion Defense Firewall (IDF) plugin protect user systems from threats that may leverage these vulnerabilities via the following DPI rules:

    • 1006123 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-1765)
    • 1006124 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-2787)
    • 1006114 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-2795)
    • 1006115 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-2797)
    • 1006116 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-2801)
    • 1006125 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-2804)

    We highly recommend users to apply these patches immediately. For additional information on these security bulletins, visit our Threat Encyclopedia page.

     
    Posted in Vulnerabilities |



    When people discuss the Internet of Everything (IoE), it refers to the introduction of computing power and networking capabilities to previously “dumb” devices like television sets, cars, pedometers, and appliances. Many believe that it is the next big thing in tech, and it offers users a wide array of benefits, allowing them to save time, money, or even improve their lives.  These gadgets range from the merely nice to have, all the way to mission critical tools.

    However, the Internet connectivity and computing power of these devices – the very things that makes them “smart” – introduces security risks as well. For instance, in smart TVs facial and speech recognition features are problematic in terms of privacy. Self-driving cars may be hacked and cause injure to their occupants or passers-by. Pervasive wearable tech, while useful to their owners, may be considered a privacy threat by bystanders.

    We’ve earlier talked about the factors that will influence the proliferation of smart devices in homes. These factors include market pressures, regional availability and cultural acceptance. Smart home devices are being marketed and are readily available, whether in stores or online. In addition, in some markets broadband providers are also selling these devices to their existing customers, adding home automation to existing Internet and cable TV plans.

    Cybercriminals go after the platforms and devices that are popular with users. However, while smart devices may be the “next big thing”, they have not yet been broadly adopted. In our 2014 predictions, we noted that there is no “killer app” that many users will consider a must-have; such an “killer app” would lead to a wide-scale adoption of smart devices.

    However, the numbers of people adopting smart devices will only grow. These early adopters need to be aware of the various security risks of these devices – not only to their personal information and privacy, but also to their safety and well-being.

    For more information on the security risks and how to secure smart devices, visit our Internet of Everything hub which contains our materials that discuss this emerging field.

     
    Posted in Data, Social |



    Patch-Tuesday_grayTwo out of seven bulletins in today’s Microsoft Patch Tuesday are tagged as critical while the rest are marked as important. The critical bulletins addressed a number of vulnerabilities found existing in Microsoft Office and Internet Explorer, which when exploited could allow remote code execution, thus compromising the security of the systems.

    Perhaps the most interesting bulletin here is MS14-035, which resolves flaws in Internet Explorer versions 6 to 11, can be abused via a specially crafted web page and can possibly lead to attackers gaining more user rights on the affected systems. The bulletin only patches the vulnerability for Server 2003, but the vulnerability almost certainly exists in the now-unsupported Windows XP as well.

    This is the sort of problem what we warned about earlier this year: newly discovered vulnerabilities will now be wide-open for use by attackers. This particular problem will only get worse over time.

    Another critical bulletin, MS14-036, also fixes flaws existing in Microsoft Windows, Microsoft Office, and Microsoft Lync or a platform for video messaging and conference. Any specially crafted webpage or file could possibly compromise the system.

    MS14-032 also addresses vulnerabilities in Microsoft Lync or a platform for video messaging and conference, which can lead to information disclosure when exploited. Another notable bulletin is MS14-031, which also addressed vulnerabilities in Microsoft Windows and can possibly lead to denial of service when exploited by cybercriminals.

    On the other hand, Adobe also rolls out one security bulletin to resolve issues in Adobe Flash Player, covered under the following CVEs. This brings the current version of Adobe Flash Player to 14.0.0.125.

    • CVE-2014-0531
    • CVE-2014-0532
    • CVE-2014-0533
    • CVE-2014-0534
    • CVE-2014-0535
    • CVE-2014-0536

    We highly recommend users to apply these security patches and upgrade their Adobe products to its latest versions. This is to prevent their systems from being infected with threats leveraging vulnerabilities discussed in these security bulletins.

    Users may also visit our Trend Micro Threat Encyclopedia page to know more about the appropriate Deep Security solutions.

     
    Posted in Vulnerabilities |



    OpenSSL has recently released six security updates addressing vulnerabilities found in OpenSSL. As of this writing, there is no reported exploit leveraging these vulnerabilities in the wild. The security patches cover the following vulnerabilities:

    • SSL/TLS MITM vulnerability (CVE-2014-0224)
    • DTLS recursion flaw (CVE-2014-0221)
    • DTLS invalid fragment vulnerability (CVE-2014-0195)
    • SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)
    • SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)
    • Anonymous ECDH denial of service (CVE-2014-3470)

    When SSL/TLS MITM vulnerability is exploited via man-in-the-middle attacks, it can allow remote attacker to change traffic from any vulnerable client and server. Note that both client and server have to be vulnerable for this vulnerability to be exploited successfully, making this less serious than the Heartbleed vulnerability. Another notable bulletin is DTLS invalid fragment vulnerability, which can execute arbitrary code if exploited, thus compromising the security of the system. In addition, the DTLS recursion flaw (CVE-2014-0221) can be abused by remote attackers to cause denial-of-service (DoS) attacks.

    Accordingly, servers with OpenSSL 1.0.1 and 1.0.2-beta1 are vulnerable. OpenSSL servers earlier than 1.0.1 are also encouraged to upgrade to the following versions:

    • OpenSSL 0.9.8 SSL/TLS users should upgrade to 0.9.8za
    • OpenSSL 1.0.0 SSL/TLS users should upgrade to 1.0.0m
    • OpenSSL 1.0.1 SSL/TLS users should upgrade to 1.0.1h

    While these OpenSSL vulnerabilities are different from the Heartbleed bug which affected a number of websites and mobile applications, they also pose security risks to users. As such, web administrators are strongly advised  to patch their systems with the latest security updates from OpenSSL to mitigate the risks of possible threats leveraging these vulnerabilities.

    We will update this entry for any developments on the OpenSSL vulnerabilities.

    Update as of 12:14 PM, June 6, 2014

    Trend Micro Deep Security protects users from these vulnerabilities via the following DPI rules:

    • 1006088 – OpenSSL SSL/TLS Man In The Middle Security Bypass Vulnerability
    • 1006090 – Detected Fragmented DTLS Request
    • 1006084 – GnuTLS “read_server_hello()” Memory Corruption Vulnerability

    Update as of 5:17 PM, June 6, 2014

    Note that the following DPI rule protects against SSL/TLS MITM vulnerability (CVE-2014-0224):

    • 1006088 – OpenSSL SSL/TLS Man In The Middle Security Bypass Vulnerability

    On the other hand, DPI rule “1006091 – Detected Fragmented DTLS Message”  addresses the  following vulnerabilities:

    • DTLS invalid fragment vulnerability (CVE-2014-0195)
    • DTLS recursion flaw (CVE-2014-0221)

    Users are also protected from vulnerability covered under CVE-2014-3466, which can allow denial of service or execution of arbitrary code when exploited via this DPI rule:

    • 1006084 – GnuTLS “read_server_hello()” Memory Corruption Vulnerability
     
    Posted in Vulnerabilities |


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice