Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Recent Posts

  • Calendar

    March 2015
    S M T W T F S
    « Feb    
    1234567
    891011121314
    15161718192021
    22232425262728
    293031  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Bad Sites’ Category




    Yahoo recently rolled out a new way for users to access their services without entering a password. Their new system uses a cellphone to authenticate the user. Instead of entering a password, the user receives a verification code via text message on their phone. (The user would have provided their phone number to Yahoo when setting this option up.) Once the user receives this code, they enter it on the Yahoo login page and voilà!, they're logged in. So what's wrong with this? ...




    We have detected through feedback from the Trend Micro™ Smart Protection Network™ that the Nuclear Exploit Kit has been updated to include the recently fixed Adobe Flash Player vulnerability identified as CVE-2015-0336. We first saw signs of this malicious activity on March 18 this year. This particular vulnerability was only recently fixed as part of Adobe's regular March update for Adobe Flash Player which upgraded the software to version 17.0.0.134. However, our feedback indicates that many users are still running the previous ...

    Posted in Bad Sites, Exploits, Malware |



    OpenSSL said last Tuesday, March 17, that they plan to release several code fixes address a number of vulnerabilities, which include those that have been classified as “high” severity. There had been speculation building around these vulnerabilities, as the bug was hinted as "the next Heartbleed" according to reports. The fix was released today, two days after their announcement. Today's security bulletin noted that the following just-released versions are all secure: OpenSSL version 1.0.2a (addresses CVE-2015-0209, CVE-2015-0285, and CVE-2015-0288) OpenSSL version 1.0.1m (addresses CVE-2015-0288) OpenSSL version ...

    Posted in Bad Sites |



    2014 was a year in flux for the Deep Web. We briefly discussed this in our annual security roundup, but this is a topic worth exploring in some detail. In late 2013, the operator of the Silk Road marketplace, Ross Ulbricht (also known as Dread Pirate Roberts) was arrested, and recently he was convicted on various charges by a US federal court. Naturally, because the market abhors a vacuum, replacement marketplaces have shown up. Of course, many of these have led short - and ...

    Posted in Bad Sites |



    The recent Superfish incident has raised more concerns that SSL/TLS connections of users can be intercepted, inspected, and re-encrypted using a private root certificate installed on the user system. In effect, this is a man-in-the-middle (MITM) attack carried out within the user's own system. We believe that site owners adopting extended validation (EV) certificates would help warn users about possible MITM attacks. Here’s how a MITM interception works: Figure 1. Man-in-the-middle attack MITM attacks are justified by their creators as providing benefits to users, ...

    Posted in Bad Sites, Vulnerabilities |


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice