Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Recent Posts

  • Calendar

    May 2015
    S M T W T F S
    « Apr    
     12
    3456789
    10111213141516
    17181920212223
    24252627282930
    31  
  • Email Subscription

  • About Us


    Archive for the ‘Vulnerabilities’ Category




    We’ve discovered a vulnerability in the Apache Cordova app framework that allows attackers to modify the behavior of apps just by clicking a URL. The extent of the modifications can range from causing nuisance for app users to crashing the apps completely. Designated as CVE-2015-1835, this high-severity vulnerability affects all versions of Apache Cordova up to 4.0.1. Apache has released a security bulletin confirming the vulnerability. This means that majority of Cordova-based apps, which accounts for 5.6% of all apps in ...

    Posted in Mobile, Vulnerabilities |



    Our analysis of the win32k.sys vulnerability used in a recent targeted attack reveals that it opens up an easy way to bypass the sandbox, making it a bigger threat than originally thought. As mentioned in Microsoft security bulletin MS15-051, CVE-2015-1701 is an elevation of privilege vulnerability that exists when the Win32k.sys kernel-mode driver improperly handles objects in memory. The vulnerability exists in Win32k.sys, which is a weak security point in Windows. Elevation of privilege vulnerabilities are technically less dangerous since they can't be ...

    Posted in Exploits, Vulnerabilities |


    May20
    6:03 am (UTC-7)   |    by

    Another flaw has been found in the basic encryption algorithms that secure the Internet. This flaw, named the Logjam attack by its discoverers (researchers from various universities and companies), allows an attacker that can carry out man-in-the-middle attacks to weaken the encryption used in secure connections (such as HTTPS, SSH, and VPNs). In theory, this means that an attacker (with sufficient resources) can break the encryption and read the "secure" traffic. In some ways, this attack is similar to the recent FREAK attack. Both attacks ...

    Posted in Vulnerabilities |



    This month's Patch Tuesday release can be considered relatively light with only three Critical bulletins, with the remaining 10 bulletins rated as Important. As is usually the case, the cumulative update for Internet Explorer (MS15-043) is one of those rated as Critical. MS15-044 addresses critical vulnerabilities in Microsoft Font driver, which could allow remote code execution if users open specially crafted documents or visits an untrusted webpage that contains embedded TrueType fonts. Lastly, MS15-045 addresses a critical vulnerability in Microsoft Journal that ...

    Posted in Vulnerabilities |



    MadAdsMedia, a US-based web advertising network, was compromised by cybercriminals to lead the visitors of sites that use their advertising platform to Adobe Flash exploits delivered by the Nuclear Exploit Kit. Up to 12,500 users per day may have been affected by this threat; three countries account for more than half of the hits: Japan, the United States, and Australia. Figure 1. This attack was first seen in April, although at relatively low traffic levels. The number of users at risk grew significantly as May ...

    Posted in Bad Sites, Vulnerabilities |


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice