Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Author Archive - Danielle Veluz (Technical Communications)

    This year’s last installment of Patch Tuesday security advisories by Microsoft includes MS14-075, a bug in Microsoft Exchange Server, which had been delayed last November. It was rated important due to an elevation in privilege across several versions of Exchange, from 2007 (SP3), 2010 (SP3), and 2013 (Cumulative Update 6). Last month, Microsoft originally listed the patch date for MS14-075 as “Release date to be determined”.

    Microsoft Rates 3 Bulletins as ‘Critical’, 4 as ‘Important’

    A total of three critical bulletings were listed, which were MS14-080, MS14-081, and MS14-084. MS14-080 resolved vulnerabilities in Internet Explorer, while MS14-081 patched previously reported bugs in Microsoft Word and Microsoft Office Web Apps. MS14-084 bulletin fixed a remote code execution vulnerability in the VBScript scripting engine in Microsoft Windows.

    As previously discussed, MS14-075 was given an ‘Important’ rating due to an elevation of privileges across various versions of Microsoft Exchange Server. MS14-082 and MS14-083 both addressed remote code execution flaws in Microsoft Office programs, while MS14-085 fixes a bug that “could allow information disclosure if a user browses to a website containing specially crafted JPEG content.”

    It is highly recommended for users and system administrators to immediately patch these system vulnerabilities. Trend Micro Deep Security and Office Scan with the Intrusion Defense Firewall (IDF) plugin protect user systems from threats that may leverage these vulnerabilities following DPI rules:

    • 1000552 – Generic Cross Site Scripting(XSS) Prevention
    • 1000552 – Generic Cross Site Scripting(XSS) Prevention
    • 1006346 – Identified Unvalidated Redirect And Forward Over HTTP
    • 1006373 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6327)
    • 1006376 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6329)
    • 1006378 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6330)
    • 1006383 – Microsoft Internet Explorer VBScript Memory Corruption Vulnerability (CVE-2014-6363)
    • 1006374 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6366)
    • 1006396 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6369)
    • 1006379 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6373)
    • 1006387 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6375)
    • 1006371 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6376)
    • 1006381 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-8966)
    • 1006393 – Microsoft Word Index Remote Code Execution Vulnerability (CVE-2014-6356)
    • 1006370 – Microsoft Word Use After Free Remote Code Execution Vulnerability (CVE-2014-6357)
    • 1006394 – Microsoft Office Component Use After Free Vulnerability (CVE-2014-6364)
    • 1006385 – Microsoft Excel Global Free Remote Code Execution Vulnerability (CVE-2014-6360)
    • 1006382 – Microsoft Excel Invalid Pointer Remote Code Execution Vulnerability (CVE-2014-6361)
    • 1006383 – Microsoft Internet Explorer VBScript Memory Corruption Vulnerability (CVE-2014-6363)
    • 1006380 – Microsoft Graphics Component Information Disclosure Vulnerability (CVE-2014-6355)

    More information about these bulletins and their corresponding Trend Micro solutions are posted at our Threat Encyclopedia Page: December 2014 – Microsoft Releases 7 Security Advisories.

    Posted in Vulnerabilities | Comments Off on December 2014 Patch Tuesday Releases 7 Fixes, Addresses Microsoft Exchange Bug

    Over time, attackers continuously update their tactics to respond to security experts’ countermeasures. In a constant game of cat and mouse, attackers shifted tactics using several notable tools and techniques alongside the usual. The security roundup for the second quarter presents key highlights and developing trends in the security landscape.

    Trend Micro research in the second quarter shows that attackers carefully selected their targets albeit sticking to time-tested tactics and going after the same end goals. The bad guys moved away from launching large-scale attacks and instead focused on more specific and somewhat “personal” targets.

    The security roundup brings to light various threats Trend Micro encountered in the second quarter. Using more advanced tools like automatic transfer systems (ATSs)—the latest addition to widely used cybercrime toolkits—attackers streamlined their list of targets to only online banking customers in countries like Germany, the United Kingdom, and Italy.

    Carefully choosing targets was also evidenced by Trend Micro research findings on advanced persistent threat (APT) campaigns like IXESHE. Trend Micro also protected small and medium-sized businesses (SMBs) against more than 142 million threats in the first half of 2012 alone. Android malware like fake spying tool apps continue to increase in number due most likely to the continued rise in the OS’s popularity for more than 400 million active Android-based devices. Lastly, true to the quarter’s theme, Pinterest took the spotlight as its users were lured to take part in several survey scams due to its steady rise in popularity.

    To take a closer look at the security landscape in the second quarter, read our comprehensive report, “It’s Big Business… and It’s Getting Personal.”

    Posted in Bad Sites, Malware | Comments Off on Attacks Get Personal in Q2

    The massively popular and entertaining pastime of online gaming is done by millions all around the world but little realize its not-so-entertaining drawbacks. People tend to create another self in the world of online gaming. It’s easy to assume that that there is nothing harmful with losing yourself in that other world. But as mentioned in our e-guide, online gaming also has a dark side that opens up possibilities of financial theft and hacked or stolen accounts. In fact, we’ve been seeing more and more in-game phishing activity in the massively multiplayer online role-playing game (MMORPG) World of Warcraft.

    That said, online gaming today clearly isn’t just about fun and games, no matter what type of gamer you are. Our new infographic illustrates some quick stats on casual and hardcore gamers as well as the risks they may encounter. Can you guess how many times the Angry Birds games were downloaded? How about the estimated population of console gamers? To know the answers to these and more, check out our latest infographic “What Type of Gamer Are You?

    Posted in Bad Sites | Comments Off on What Type of Gamer Are You?

    Last month, we published an infographic Know Your Enemies, which illustrated the different cybercrooks users may “meet” firsthand in the virtual neighborhood. Interestingly, a question was raised to us about the differences between the prices of user information.

    There are indeed discrepancies between the prices of credit cards between regions. The question, however, is why. We’ve come up with two explanations for this: it’s both a foreign exchange and simple economics.

    Foreign Exchanges And Economics Go Hand in Hand

    One reason why prices are different can be attributed to currency valuations and the exchange rate. Some of it is regional based, for example German credit cards having a 7 day claw-back option. For example, a US and European credit card with both a standard limit of 3,000 in their native country yields different values when converted to a third currency. In Russian Rubles, the EU one is worth 1.3 times the US one. So if US cards are worth $3, the EU equivalent should be around $4-5.

    Cybercrime is also like any typical business, with economics playing a significant part in determining prices. Case in point, it has been observed that more U.S. credit card numbers are up for sale compared to other regions. Hence, simple economics dictates the low prices. The more U.S. credit card numbers there are on the market, the easier they are to exploit. In general, U.S. credit cards are easier to exploit due to their security mechanisms which are lower than European ones. This is part of the reason why U.S. card issuers have started implementing region locks on cards so that these trigger behavioral fraud mechanisms.

    Your Identity For A Price

    The fact is that the discrepancies are due to all these factors working together to create the value of the stolen information. We must also consider the ease of exploitation of the cards being stolen, as well as the mechanics of supply and demand affecting the pricing of the aforementioned cards. These scammers, however, are just a tip of the iceberg… the underground is more vast and tangled that what we know; prices may also vary because of this.

    With this in mind, people must always remember that their information is a commodity. We should exert effort in protecting personal information at all times. We may know our enemies at face value, but it is also important to dig deeper to understand how the business of cybercrime works. To know more about this, you may refer to our latest infographic below. It illustrates how a simple case of Fake AV purchase benefit other players. Specifically, it is an overview on how each player is paid and how lucrative a FAKEAV infection can be to its proponents.

    On the other hand, users can trust that we, at Trend Micro will continuously ensure that people can engage with other users through the Internet, and be protected from online threats at the same time.

    Posted in Malware | Comments Off on [INFOGRAPHIC] Follow the Money Trail

    Six is a rather small number for this month’s round of Microsoft bulletins, but one stands out as a very critical update: MS12-020, aka, the “Remote Desktop Could Allow Remote Code Execution” vulnerability. Microsoft warned IT admin about this flaw in their MSRC (Microsoft Security Response Center) blog entry. From the MSRC blog: “We recommend that customers focus on MS12-020, our sole critical-class bulletin, as the March deployment priority.”

    Based on the Microsoft posting, the critical flaw applies to a fairly specific subset of systems – those running RDP – and is “less problematic for those systems with Network Level Authentication (NLA) enabled”. This could allow would-be attackers to achieve remote code execution on a machine running RDP (Remote Desktop Protocol). RDP allows remote access to systems for admins to manage them remotely. An exploit for such remote access does not require network credentials, however, systems that do not have RDP enabled are not at risk.

    Other issues covered in this month’s Patch Tuesday include one moderate and four important security bulletins. IT administrators are advised to abide by the patch operating procedures for these fixes.

    Trend Micro Deep Security has just released an update which addresses the critical RDP vulnerability under the rule name 1004949 – Remote Desktop Protocol Vulnerability (CVE-2012-0002). Our page on the Threat Encyclopedia also contains respective Trend Micro solutions that cover the rest of this month’s patches.

    Update as of March 15, 2012, 6:12 p.m. (PST)

    The update for MS12-020 is now available for Intrusion Defense Firewall (IDF), too. Deep Security currently has coverage with Deep Security Update DSRU12-006 and IDF with update 12007. Deep Security provides coverage for four vulnerabilities, while IDF provides coverage for three.

    Posted in Exploits, Vulnerabilities | Comments Off on March 2012 Patch Tuesday Includes Fix for Critical RDP Vulnerability


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice