Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    August 2014
    S M T W T F S
    « Jul    
     12
    3456789
    10111213141516
    17181920212223
    24252627282930
    31  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Author Archive - Bernadette Irinco (Technical Communications)




    Patch-Tuesday_grayMicrosoft has rolled out nine security bulletins for their August Patch Tuesday. Two bulletins are rated as Critical, while the rest are rated as Important. Microsoft Windows, Internet Explorer, Microsoft SQL Server, and Microsoft .NET Framework are some of the affected applications that these bulletins covered.

    One of the most notable bulletins in this month’s cycle is MS14-051, which addresses 26 vulnerabilities found in Internet Explorer. The other Critical bulletin is MS14-043, which resolves problems in Windows Media Center, a component of Microsoft Windows. The vulnerabilities resolved in these bulletins, if exploited, could lead to arbitrary code being run on affected systems. Many of these vulnerabilities are in older versions of Internet Explorer (versions 6-8), which

    The bulletins rated as Important covered a wide variety of applications, including Microsoft SharePoint Server, Microsoft SQL Server, and Microsoft Windows. It’s also worth noting that from this point forward, users of Windows 8.1 and Windows Server 2012 R2 must have installed the April update to these operating systems in order to receive security updates.

    Adobe also follows the same second-Tuesday-of-the-month patching cycle as Microsoft; they released released patches for vulnerabilities affecting Adobe Reader/Acrobat and Adobe Flash Player. These vulnerabilities are covered under the following CVEs:

    • CVE-2014-0538
    • CVE-2014-0540
    • CVE-2014-0541
    • CVE-2014-0542
    • CVE-2014-0543
    • CVE-2014-0544
    • CVE-2014-0545

    Users are highly recommended to update their Adobe Flash Player and Adobe Reader and Acrobat to its latest versions. Trend Micro Deep Security and Office Scan with Intrusion Defense Firewall (IDF) plugin protect user systems from threats that may leverage these vulnerabilities discussed in MS14-051 via the following DPI rules:

    • 1006175 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-2823)
    • 1006176 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-2824)
    • 1006165 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4050)
    • 1006177 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4057)
    • 1006166 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4063)

    We encourage users to immediately apply these patches on their systems. For more information on these security bulletins, visit our Threat Encyclopedia page.

     
    Posted in Vulnerabilities |



    While new threats are emerging that hit new avenues or targets like PoS systems and cryptocurrencies, old threats like phishing remains to be an effective means of gathering user data. A simple spam email that leverages holidays, online shopping, release of anticipated gadgets, and hot/current news items can redirect unsuspecting users to survey scams and phishing pages that ask for their credentials and personal identifiable information (PII). A very recent example of this is the attacks we saw leveraging the interest around the World Cup.

    Phishing pages often mimicked legitimate banks’ websites to trick users into thinking that they’re inputting their information to the real banks or companies. As an example, the research done by Trend Micro experts on the Russian underground has revealed the amount of information gathered by a cybercriminal that “specializes” on stealing such information. On the other hand, spear phishing, a more dangerous variant of phishing, is primarily utilized for targeted attack campaigns. These malicious emails use contextually relevant subjects, and send to employees of various functions in order to penetrate the network.

    To avoid becoming victims of phishing and other nefarious threats that come with it, we created the video below to educate users on how you can spot phishing scams. It specifically looks at a phishing operation in Brazil that leveraged on the recently concluded 2014 World cup and hosted phishing site templates, malware, and victims’ personal documents in an online sharing site.

    This is the first of our Cybercrime Exposed series of videos, which aims to expose the inner workings of the latest threats today to arm users with awareness. Stay tuned for the next episodes to be released within the next few months.

    Update August 8, 2014: Check out the part 2 of our Cybercrime Exposed video series, entitled Cybercrime Exposed Part 2: When Adware Goes Bad – A Closer Look at Adware

     
    Posted in Bad Sites, Malware, Spam |



    Patch-Tuesday_grayInternet Explorer and Microsoft Windows are some of the affected applications addressed in this month’s round of security updates.  For their July patch Tuesday, Microsoft has released six security bulletins, two of which are tagged as ‘critical’.  The three other bulletins are rated as ‘important’ and one bulletin as ‘moderate.’

    MS14-037 resolves about 23 vulnerabilities found existing in Internet Explorer, which may lead to remote code execution when exploited successfully via a specially crafted webpage. These vulnerabilities affect Internet Explorer versions 6 to 11. One of the vulnerabilities covered in this bulletin is Extended Validation (EV) Certificate Security Feature Bypass Vulnerability (CVE-2014-2783), which has been disclosed publicly. However, as of this posting no exploit is seen in the wild abusing this particular vulnerability.

    While Microsoft isn’t saying if the latest IE vulnerabilities affect IE 6 on Windows XP, we can reasonably suppose that it is affected since IE 6 on Windows Server 2003 is vulnerable. Users with Windows XP and have OfficeScan with the Intrusion Defense Firewall running are protected against attacks using these vulnerabilities.

    Another critical bulletin, MS14-038 addresses vulnerability in Microsoft Windows. If exploited, attackers can also execute remote code via a specially crafted Journal file. As such, this can compromise the security of user systems. Bulletins which are rated as ‘important’ also affect Microsoft Windows and pose risks since it may lead to elevation of privilege once exploited by remote attackers.

    Adobe has also rolled out its security patches for vulnerabilities found in Adobe Flash Player. When exploited, these vulnerabilities can allow a remote attacker from compromising the system and consequently, taking control of it.  These vulnerabilities are covered under the following CVEs:

    • CVE-2014-0537
    • CVE-2014-0539
    • CVE-2014-4671

    Users are strongly advised to update their Adobe Flash Player to its latest version. Trend Micro Deep Security and Office Scan with Intrusion Defense Firewall (IDF) plugin protect user systems from threats that may leverage these vulnerabilities via the following DPI rules:

    • 1006123 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-1765)
    • 1006124 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-2787)
    • 1006114 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-2795)
    • 1006115 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-2797)
    • 1006116 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-2801)
    • 1006125 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-2804)

    We highly recommend users to apply these patches immediately. For additional information on these security bulletins, visit our Threat Encyclopedia page.

     
    Posted in Vulnerabilities |



    When people discuss the Internet of Everything (IoE), it refers to the introduction of computing power and networking capabilities to previously “dumb” devices like television sets, cars, pedometers, and appliances. Many believe that it is the next big thing in tech, and it offers users a wide array of benefits, allowing them to save time, money, or even improve their lives.  These gadgets range from the merely nice to have, all the way to mission critical tools.

    However, the Internet connectivity and computing power of these devices – the very things that makes them “smart” – introduces security risks as well. For instance, in smart TVs facial and speech recognition features are problematic in terms of privacy. Self-driving cars may be hacked and cause injure to their occupants or passers-by. Pervasive wearable tech, while useful to their owners, may be considered a privacy threat by bystanders.

    We’ve earlier talked about the factors that will influence the proliferation of smart devices in homes. These factors include market pressures, regional availability and cultural acceptance. Smart home devices are being marketed and are readily available, whether in stores or online. In addition, in some markets broadband providers are also selling these devices to their existing customers, adding home automation to existing Internet and cable TV plans.

    Cybercriminals go after the platforms and devices that are popular with users. However, while smart devices may be the “next big thing”, they have not yet been broadly adopted. In our 2014 predictions, we noted that there is no “killer app” that many users will consider a must-have; such an “killer app” would lead to a wide-scale adoption of smart devices.

    However, the numbers of people adopting smart devices will only grow. These early adopters need to be aware of the various security risks of these devices – not only to their personal information and privacy, but also to their safety and well-being.

    For more information on the security risks and how to secure smart devices, visit our Internet of Everything hub which contains our materials that discuss this emerging field.

     
    Posted in Internet of Everything, Social | Comments Off



    Patch-Tuesday_grayTwo out of seven bulletins in today’s Microsoft Patch Tuesday are tagged as critical while the rest are marked as important. The critical bulletins addressed a number of vulnerabilities found existing in Microsoft Office and Internet Explorer, which when exploited could allow remote code execution, thus compromising the security of the systems.

    Perhaps the most interesting bulletin here is MS14-035, which resolves flaws in Internet Explorer versions 6 to 11, can be abused via a specially crafted web page and can possibly lead to attackers gaining more user rights on the affected systems. The bulletin only patches the vulnerability for Server 2003, but the vulnerability almost certainly exists in the now-unsupported Windows XP as well.

    This is the sort of problem what we warned about earlier this year: newly discovered vulnerabilities will now be wide-open for use by attackers. This particular problem will only get worse over time.

    Another critical bulletin, MS14-036, also fixes flaws existing in Microsoft Windows, Microsoft Office, and Microsoft Lync or a platform for video messaging and conference. Any specially crafted webpage or file could possibly compromise the system.

    MS14-032 also addresses vulnerabilities in Microsoft Lync or a platform for video messaging and conference, which can lead to information disclosure when exploited. Another notable bulletin is MS14-031, which also addressed vulnerabilities in Microsoft Windows and can possibly lead to denial of service when exploited by cybercriminals.

    On the other hand, Adobe also rolls out one security bulletin to resolve issues in Adobe Flash Player, covered under the following CVEs. This brings the current version of Adobe Flash Player to 14.0.0.125.

    • CVE-2014-0531
    • CVE-2014-0532
    • CVE-2014-0533
    • CVE-2014-0534
    • CVE-2014-0535
    • CVE-2014-0536

    We highly recommend users to apply these security patches and upgrade their Adobe products to its latest versions. This is to prevent their systems from being infected with threats leveraging vulnerabilities discussed in these security bulletins.

    Users may also visit our Trend Micro Threat Encyclopedia page to know more about the appropriate Deep Security solutions.

     
    Posted in Vulnerabilities | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice