Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Zero-Day Alerts

  • Hacking Team Leak

  • Recent Posts

  • Calendar

    July 2015
    S M T W T F S
    « Jun    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • Email Subscription

  • About Us


    Archive for the ‘Exploits’ Category




    We have detected through feedback from the Trend Micro™ Smart Protection Network™ that the Nuclear Exploit Kit has been updated to include the recently fixed Adobe Flash Player vulnerability identified as CVE-2015-0336. We first saw signs of this malicious activity on March 18 this year. This particular vulnerability was only recently fixed as part of Adobe's regular March update for Adobe Flash Player which upgraded the software to version 17.0.0.134. However, our feedback indicates that many users are still running the previous ...

    Posted in Bad Sites, Exploits, Malware | Comments Off on Freshly Patched Flash Exploit Added to Nuclear Exploit Kit



    In the past few weeks we've noticed a problematic pattern developing: the increasing use of exploit kits in malvertising. In particular, zero-day exploits (usually seen first in targeted attacks) are now being deployed in malicious ads right away, instead of first being used in targeted attacks against enterprises or other large organizations. This is a worrying trend, as it means that more users could be affected by these threats before a patch becomes available. Two of the recent Adobe Flash zero-days (CVE-2015-0311 and ...

    Posted in Exploits, Vulnerabilities | Comments Off on Exploit Kits and Malvertising: A Troublesome Combination



    Almost every Patch Tuesday cycle contains one bulletin that (for convenience) rolls up multiple Internet Explorer vulnerabilities into a single bulletin. February's Patch Tuesday cumulative IE bulletin (MS15-009) included a fix for a particularly interesting vulnerability that could be used to bypass one of the key anti-exploit technologies in use today, address space layout randomization (ASLR). This vulnerability was designated CVE-2015-0071. To be used in an attack, this vulnerability must be combined with another one that is capable of actually running ...

    Posted in Exploits, Vulnerabilities | Comments Off on Bypassing ASLR with CVE-2015-0071: An Out-of-Bounds Read Vulnerability



    The Samba team reported CVE-2015-0240 last February 23, 2015. This vulnerability is very difficult to exploit and we are not aware of successful exploitation. However, it is quite interesting from the point for view of detection. There are two important facts: The vulnerability resides in the Netlogon Remote Protocol implementation of Samba which is a very high-level application protocol that can be used over different transports configurations. To execute the vulnerable code the attacker doesn’t need be authenticated and can use many ...

    Posted in Exploits, Vulnerabilities | Comments Off on Samba Remote Code Execution Vulnerability – CVE-2015-0240



    2014 was a year where cybercriminal attacks crippled both likely and unlikely targets. A year rife with destructive attacks, 2014 proved to be a difficult one for individuals and companies who were victimized by these threats. Massive data breach disclosures came one after another in 2014 in much more rapid succession than past years. The Sony Pictures breach in December, along with the other big breaches of the year illustrated the wide spectrum of losses that can hit a company that ...

    Posted in Bad Sites, Botnets, Exploits, Malware, Targeted Attacks, Vulnerabilities | Comments Off on 2014 Annual Security Roundup: Magnified Losses, Amplified Need for Cyber-Attack Preparedness


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice