Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Recent Posts

  • Calendar

    July 2015
    S M T W T F S
    « Jun    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • Email Subscription

  • About Us


    Archive for the ‘Exploits’ Category




    In the past few weeks we've noticed a problematic pattern developing: the increasing use of exploit kits in malvertising. In particular, zero-day exploits (usually seen first in targeted attacks) are now being deployed in malicious ads right away, instead of first being used in targeted attacks against enterprises or other large organizations. This is a worrying trend, as it means that more users could be affected by these threats before a patch becomes available. Two of the recent Adobe Flash zero-days (CVE-2015-0311 and ...

    Posted in Exploits, Vulnerabilities | Comments Off on Exploit Kits and Malvertising: A Troublesome Combination



    Almost every Patch Tuesday cycle contains one bulletin that (for convenience) rolls up multiple Internet Explorer vulnerabilities into a single bulletin. February's Patch Tuesday cumulative IE bulletin (MS15-009) included a fix for a particularly interesting vulnerability that could be used to bypass one of the key anti-exploit technologies in use today, address space layout randomization (ASLR). This vulnerability was designated CVE-2015-0071. To be used in an attack, this vulnerability must be combined with another one that is capable of actually running ...

    Posted in Exploits, Vulnerabilities | Comments Off on Bypassing ASLR with CVE-2015-0071: An Out-of-Bounds Read Vulnerability



    The Samba team reported CVE-2015-0240 last February 23, 2015. This vulnerability is very difficult to exploit and we are not aware of successful exploitation. However, it is quite interesting from the point for view of detection. There are two important facts: The vulnerability resides in the Netlogon Remote Protocol implementation of Samba which is a very high-level application protocol that can be used over different transports configurations. To execute the vulnerable code the attacker doesn’t need be authenticated and can use many ...

    Posted in Exploits, Vulnerabilities | Comments Off on Samba Remote Code Execution Vulnerability – CVE-2015-0240



    2014 was a year where cybercriminal attacks crippled both likely and unlikely targets. A year rife with destructive attacks, 2014 proved to be a difficult one for individuals and companies who were victimized by these threats. Massive data breach disclosures came one after another in 2014 in much more rapid succession than past years. The Sony Pictures breach in December, along with the other big breaches of the year illustrated the wide spectrum of losses that can hit a company that ...

    Posted in Bad Sites, Botnets, Exploits, Malware, Targeted Attacks, Vulnerabilities | Comments Off on 2014 Annual Security Roundup: Magnified Losses, Amplified Need for Cyber-Attack Preparedness



    Zero-day exploits pose some of the most serious risks to users everywhere. The absence of a patch means that it is up to users (and whatever security products they use) to protect against these attacks. One of the tools that can be used in mitigating these attacks is advanced network detection solutions like Trend Micro Deep Discovery, which contains a sandbox that allows for on-the-fly analysis of various threats entering an organization's network. This allows it to detect even attacks that use zero-day exploits ...

    Posted in Exploits, Vulnerabilities | Comments Off on Deploying a Smart Sandbox for Unknown Threats and Zero-Day Attacks


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice