Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Zero-Day Alerts

  • Hacking Team Leak

  • Recent Posts

  • Calendar

    July 2015
    S M T W T F S
    « Jun    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • Email Subscription

  • About Us


    Archive for the ‘Exploits’ Category



    Jul30
    2:09 pm (UTC-7)   |    by

    July has been a fairly poor month for Adobe Flash Player security, to say the least. Three separate zero-day vulnerabilities (all courtesy of the Hacking Team dump) have left many people concerned about Flash security, with many (including this blog) calling for it to go away. Some sort of reaction from Adobe to improve Flash security was inevitable. The recent version of Flash, version (18.0.0.209), includes several additional mitigation techniques. These were developed by Adobe, working together with Google's Project Zero. The ...




    A recent campaign compromised Taiwan and Hong Kong sites to deliver Flash exploits related to Hacking Team and eventually download PoisonIvy and other payloads in user systems. This campaign started on July 9, a few days after the Hacking Team announced it was hacked. The actors compromised the sites of a local television network, educational organizations, a religious institute, and a known political party in Taiwan; and a popular news site in Hong Kong. Note that the affected sites have consistent ...




    Another zero-day vulnerability has been found by Trend Micro researchers from the Hacking Team trove of data. We reported this vulnerability to Microsoft, and it has been designated as CVE-2015-2426. It has also been patched in an unusual out-of-band patch. It could be used to carry out a Windows local privilege escalation (LPE).  By exploiting this vulnerability, attackers could infect the victims’ systems with rootkits or bootkits under unexpected system privilege without any notification. The vulnerability can allow attackers remote control over the ...




    Java used to be a favored vulnerability target for cybercriminals. However, in recent years that has not been the case. The now-fixed Java zero-day that was used in the Pawn Storm campaign was, in fact, the first time in nearly two years that a zero-day had been found and reported in Java. This can be attributed, in part, to stepped up security measures for Java. As Oracle notes on the Java home page itself, out of date Java plugins are now disabled by major ...




    Operation Pawn Storm is a campaign known to target military, embassy, and defense contractor personnel from the United States and its allies. The attackers behind Operation Pawn Storm have been active since at least 2007 and they continue to launch new campaigns. Over the past year or so, we have seen numerous techniques and tactics employed by this campaign, such as the use of an iOS espionage app, and the inclusion of new targets like the White House. Through our on-going ...



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice