Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2014
    S M T W T F S
    « Sep    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Author Archive - Gelo Abendan (Technical Communications)




    Patch-Tuesday_grayToday will be a busy day for IT administrators and certain users, as Microsoft releases their monthly roster of software updates. For this month’s Patch Tuesday, Microsoft is bringing out seven bulletins, six of them rated as “Critical” and with only one receiving an “Important” rating.

    Though this month does not have the most security fixes, users must apply these as soon as possible. These critical bulletins all lead to remote code execution, which means that a successful exploitation may allow an attacker to execute a malware onto vulnerable systems. Affected software includes Windows, Silverlight, Office, and Internet Explorer.

    The sole “Important” bulletin addresses issues found in Windows Defender that may allow an attacker to gain elevated privileges to an outdated system or server.

    This month’s bulletins also include the zero-day flaw reported by Google researcher Tavis Ormandy, which was first reported last May. The said vulnerability stems from Windows Kernel and may lead to malware execution.

    This issue of disclosure was also a hot topic these past days, right after Google’s announcement of its new policy regarding zero-day bugs and exposure. The software company suggested that vulnerability information disclosure must occur no more than seven-days after the vendors were notified. However, as our own CTO Raimund Genes argues, that this seven-day timeline is okay, though expecting a security patch within that time frame is unreasonable. The bigger issue that should be addressed is how these information are reported.

    Users are advised to apply these security updates ASAP. For Trend Micro users, Deep Security provides solutions for certain vulnerabilities cited in MS13-055.

     
    Posted in Vulnerabilities | Comments Off



    Patch-Tuesday_grayMicrosoft releases five security bulletins for June 2013, which is relatively light compared to previous ones. Despite this, users must update their systems immediately, to avoid possible web threats leveraging software vulnerabilities.

    This roster of security fixes include updates for vulnerabilities found in Windows and Internet Explorer, which were rated Critical. This means that IT administrators and users should prioritize and apply the solutions immediately to avoid greatest risk. By exploiting these vulnerabilities, an attacker can execute a malware onto the vulnerable systems, which can lead to information theft and security compromise among others.

    Other security bulletins for this month are rated Important, providing resolution to vulnerabilities in Windows and MS Office. If these fixes are not applied immediately, users systems can be vulnerable to threats such as unwanted data disclosure, malware execution, and denial-of-service (DoS) attack.

    For its part, Adobe releases their fix for vulnerabilities found in certain Adobe Flash Player versions. Users are advised to apply this too, as a successful exploitation may lead to a vulnerable system being infected with a malware.

    Some users may take this few bulletins lightly and delay updating their systems with these fixes. However, now is not the right time to be lax security-wise (there’s actually no ‘right’ time to be lax when it comes to security). Anonymous has recently announced their #OpPetrol cyber attack campaign, which is reportedly targeting oil companies in a dozen of countries (which include the United States, United Kingdom, Canada among others). Such attacks usually exploit vulnerabilities to penetrate their targets’ networks, usually to get more information which they can use to further harm their victims.

    Every little vulnerability can be taken against you, thus it is important to guard your systems from attacks. Users are advised to implement these bulletins as soon as possible. For more details about how Trend Micro can protect users, you may refer to this Threat Encyclopedia page.

    Update as of June 13, 12:16 PDT

    Microsoft has noted an ongoing attack against specific targets that exploits CVE-2013-1331, which is one of the vulnerabilities resolved for this month. Trend Micro Deep Security already protects users from this threat via DPI rule 1005546 – Microsoft Office Buffer Overflow Vulnerability (CVE-2013-1331).

     
    Posted in Vulnerabilities | Comments Off



    The World Cancer Research Fund has recently released its statement about a story being circulated in social media and blogs concerning processed meat and cancer. The said piece was so widespread that they had to step in and make their official statement. But what is striking is how users get their information these days.

    It is no surprise that social media is now considered a formidable news source, with most people sharing, tweeting, pinning stories and news items on their accounts. None has this in spades more than Facebook, which has an estimated billion active users per month and 4.7 million content items shared by its users everyday.

    Because of the impressive online presence (like in social media), cybercriminals see this as a potential moneymaker. More users equal more possible victims. And just this May, we’ve seen several noteworthy threats that prove that the bad guys are not slowing down:

    • Early in May, we reported about several fake Iron Man 3 streaming sites sprouting across the web employing social media – in this case, Tumblr and Facebook – to spread their baits. Such social engineering tactics continue to work because these summer flicks appeal to users.
    • Because of their increasing popularity, it’s not a surprise to see scams for mobile platform. Just this month, we noted the fake free Instagram followers ruse, which in the end leads users to download a malware that gathers and sells the data stolen from the infected device.
    • As majority of financial transactions these days are done over the Internet (e.g. online banking, shopping etc.), banking and e-commerce sites are natural cybercrime targets. Just a few weeks ago, we saw how online banking users in Brazil were targeted by cybercriminals using fake homemade browser. From this incident, we uncovered the use of effective social engineering tactics that lured users to unintentionally disclose their Banco do Brasil login credentials.
    • We also saw how mobile ads in Android apps led to scam sites aimed at defrauding users and stealing their money. Although the incident was limited to Chinese users, it’s highly plausible similar attacks could occur in other parts of the world.

    But the immediate question that comes to mind is how big web threats are. In our infographic, Are You Safe Online?, we provide an overview of the current threat landscape vis-à-vis the boom in contemporary online engagement. Based on this, we noticed a direct correlation between the two: the more we do things online, the more threats are likely to materialize.

    The upside to all this is that we see more software vendors, social media sites and organizations offering added and improved security measures. But as commendable as these developments are, users must also do their share.

    As June is declared as the National Internet Safety Month by the National Cyber Security Alliance, Internet users are reminded of simple steps that they can do to stay safe. Other practices like bookmarking reputable sites and regular system updating can go a long way. Treat your mobile devices like your PC that can be open to online threats.

    To check out the full infographic, please click the thumbnail below:

     
    Posted in Malware, Social, Spam | Comments Off



    Last January, we talked about a critical vulnerability in Ruby on Rails (CVE-2013-0156). At the time, we pointed out that there was no known attack, but because its code had been released as part of the Metasploit exploit framework and that this would increase risks of an attack moving forward. It was only a matter of time before this can be used in an attack in the wild. We strongly urged server administrators to patch their Ruby on Rails software to the latest, patched versions.

    At the time, we noted that Trend Micro Deep Security has protected users from the said vulnerability via the following DPI rules:

    • 1005331 Ruby On Rails XML Processor YAML Deserialization DoS
    • 1005328 Ruby On Rails XML Processor YAML Deserialization Code Execution Vulnerability

    These rules allow Deep Security to block network traffic that is related to this vulnerability, preventing any exploitation of the security flaw.

    Fast forward to May 28 this year: an exploit in-the-wild was found targeting the said vulnerability. The vulnerability was used to gain access to the affected systems and make them part of an IRC botnet. (The malicious payload is detected as ELF_MANUST.A.)

    Despite the vulnerability being several months old, it was still exploited very heavily in the past week. The answer is simple: not everyone patches regularly for various reasons. Security administrators have to consider several aspects, such as business continuity. Other factors may include making sure that patches actually work, and delays due to unexpected system behaviors that may occur once updates are implemented. To know more about this, you may read our report Monitoring Vulnerabilities: Are Your Servers Exploit-Proof?.

    This case, however, illustrates the downside of not patching: systems are put at increased risk, particularly if vulnerability shielding solutions are not integrated into existing systems. We will continue to monitor this threat and release updates as needed.

     
    Posted in Exploits | Comments Off



    Patch-Tuesday_grayIT administrators and the likes are expected to have a long day today, as Microsoft releases its security bulletin for May that resolves 33 vulnerabilities. Though this is not Microsoft’s biggest release (April 2011′s 17 bulletins 64 vulnerabilities come to mind), it is crucial for users to apply these security updates, which include a resolution to the zero-day incident involving the US Department of Labor webpage.

    This roster of updates include two Critical bulletins addressing Internet Explorer (IE). The first one resolves around a vulnerability found on IE versions 6 to 10 on all Windows OSs, from Windows XP to Windows 8. It also addresses the vulnerability in IE 10 uncovered during the Pwn2Own contest last March.

    The other critical IE bulletin deals with a vulnerability limited to IE 8, which made the headlines recently because of a related zero-day exploit found in a US Department of Labor webpage. Based on our own investigation, users visiting this compromised site are lead to a series of redirections until their systems are infected with a BKDR_POISON variant.

    Even before this month’s release, Trend Micro Deep Security has been protecting users from this vulnerability via rule 1005491 – Microsoft Internet Explorer Use-After-Free Remote Code Execution Vulnerability (CVE-2013-1347).

    The rest of the bulletins were tagged as Important, which includes a security flaw in Windows that may lead to a denial of service (DoS) attack.

    Just like last month, Adobe also released their security bulletins today, which include fixes for Adobe Reader and Acrobat, Flash Player. The software vendor also issued a “security hotfix” for a ColdFusion vulnerability, which is reportedly being exploited in the wild.

    Users are advised to implement these bulletins as soon as possible to avoid exploits similar to the US DoL incident. For more details about how Trend Micro can protect users, you may refer to this Threat Encyclopedia page.

    We’re trying to make the Security Intelligence Blog better. Please take this survey to tell us how.

     
    Posted in Vulnerabilities | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice