Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    February 2015
    S M T W T F S
    « Jan    
    1234567
    891011121314
    15161718192021
    22232425262728
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Exploits’ Category




    Researchers at Qualys have found a vulnerability in the GNU C Library (alternately known as glibc), which can be used to run arbitrary code on systems running various Linux operating systems. The vulnerability (assigned as CVE-2015-0235) has been dubbed GHOST and is the latest vulnerability to receive a "friendly" name, joining others like Heartbleed, Shellshock, and POODLE. However, closer inspection reveals that this particular vulnerability, while serious, is not easy to exploit and has a very limited attack surface. GHOST is ...

    Posted in Exploits, Vulnerabilities |



    Last week a major zero-day vulnerability was found in Adobe Flash Player. Over the weekend, Adobe released an update to fix the vulnerability: users who have enabled auto-update already received the newest version (16.0.0.296). Our analysis has confirmed that the vulnerable code has been modified. The update will be available for manual download later this week. Users of Chrome and newer versions of Internet Explorer will receive updates for their included versions of Flash Player at around the same time. Looking into the samples we acquired, ...




    Since January 20, we have obtained copies of malicious SWF files used by the Angler exploit kit via feedback provided by the Smart Protection Network. These samples were obtained from users in the United States; we believe that one of the samples we obtained is the same zero-day Flash exploit reported by the security researcher Kafeine, but from an infection chain different from the one reported by Kafeine. The Angler exploit kit is believed to have been responsible for distributing this ...

    Posted in Exploits |



    With the New Year celebrations safely behind us, it's time to look forward and plan for 2015. Before we can do that, however, we need to spend a few minutes to remember the vulnerabilities of 2014 and what we can take away from these. Every year there are several zero-days and tons of undisclosed vulnerabilities fixed by software vendors. This year was a little different: The total number of disclosed vulnerabilities per year almost hit 10,000. Because of this, the maintainers of the ...

    Posted in Exploits, Vulnerabilities |



    Security researchers have announced a new "vulnerability" in Linux dubbed "Grinch", which allows for escalation-of-privilege attacks in versions of Linux that use the polkit toolkit for privilege authorization. However, the true threat of this vulnerability is much more limited. The bug was named after the holiday season and the Dr. Seuss character, as some would say that this would have the potential to ruin the season of network administrators. An independent researcher first posted about this vulnerability - which he called PackageKit Privilege Escalation ...

    Posted in Exploits, Vulnerabilities |


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice