Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Exploits’ Category




    Security researchers have announced a new "vulnerability" in Linux dubbed "Grinch", which allows for escalation-of-privilege attacks in versions of Linux that use the polkit toolkit for privilege authorization. However, the true threat of this vulnerability is much more limited. The bug was named after the holiday season and the Dr. Seuss character, as some would say that this would have the potential to ruin the season of network administrators. An independent researcher first posted about this vulnerability - which he called PackageKit Privilege Escalation ...

    Posted in Exploits, Vulnerabilities |



    Around this time in 2013, the most commonly used exploit kit - the Blackhole Exploit Kit - was shut down after its creator, Paunch, was arrested by law enforcement. Since then, a variety of exploit kits has emerged and have been used by cybercriminals. The emergence of so many replacements has also meant that there are now some key technical differences between these various exploit kits. In this post, we shall go over some of these differences. Exploits used Exploits targeting Internet Explorer, ...

    Posted in Exploits |



    We recently found a new banking Trojan which targeted several banks in South Korea. This isn’t the first, though: in June last year, we saw that several online banking threats widened their range and targeted South Korean banks using various techniques. Throughout the course of monitoring similar threats, we noticed a new wave of banking Trojans targeting South Korean banks that show unusual behavior, including the use of Pinterest as their command and control (C&C) channel. Infection Via Malicious Iframe Injection This threat is currently affecting users in South Korea via compromised ...

    Posted in Bad Sites, Exploits, Malware |



    Applications that have been frequently targeted by exploits frequently add sandboxes to their features in order to harden their defenses against these attacks. To carry out a successful exploit, an attacker will have to breach these sandboxes to run malicious code. As a result, researchers will pay particular attention to exploits that are able to escape sandboxes. In both October and November Patch Tuesday cycles, Microsoft addressed several vulnerabilities that were used by attackers to escape the Internet Explorer sandbox. One of ...

    Posted in Exploits, Vulnerabilities |



    Our report on the threats seen in 3Q 2014 shows us that once again, software vulnerabilities are the most favored cybercriminal targets. Following the second quarter's infamous Heartbleed vulnerability came another serious vulnerability in open-source software: Shellshock. Having gone unnoticed for years, the Shellshock incident suggests that there might be more vulnerabilities in Bash or in applications previously thought safe. Below is a timeline of events that Shellshock unraveled. Figure 1. A timeline of events that illustrate the Shellshock exploitation that took place ...



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice